From 633616047ec5c8de0ec489a0edb3cb8c8112db28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sun, 3 Nov 2024 09:52:57 +0100 Subject: [PATCH 01/36] Pull HACL* HMAC. HACL* is at revision fc2e38f4d899ba28665c5b91caedaf35b3b37452. --- Modules/_hacl/Hacl_HMAC.c | 1609 +++++++++++++++++++++ Modules/_hacl/Hacl_HMAC.h | 231 +++ Modules/_hacl/Hacl_Hash_Blake2b.c | 3 +- Modules/_hacl/Hacl_Hash_Blake2b_Simd256.c | 3 +- Modules/_hacl/Hacl_Hash_Blake2s.c | 3 +- Modules/_hacl/Hacl_Hash_Blake2s_Simd128.c | 3 +- Modules/_hacl/Hacl_Hash_SHA2.c | 6 +- Modules/_hacl/Hacl_Hash_SHA3.c | 3 +- Modules/_hacl/internal/Hacl_HMAC.h | 59 + Modules/_hacl/internal/Hacl_Hash_SHA2.h | 2 + Modules/_hacl/python_hacl_namespaces.h | 7 + Modules/_hacl/refresh.sh | 16 +- 12 files changed, 1935 insertions(+), 10 deletions(-) create mode 100644 Modules/_hacl/Hacl_HMAC.c create mode 100644 Modules/_hacl/Hacl_HMAC.h create mode 100644 Modules/_hacl/internal/Hacl_HMAC.h diff --git a/Modules/_hacl/Hacl_HMAC.c b/Modules/_hacl/Hacl_HMAC.c new file mode 100644 index 00000000000000..93002d2ba3e42b --- /dev/null +++ b/Modules/_hacl/Hacl_HMAC.c @@ -0,0 +1,1609 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#include "internal/Hacl_HMAC.h" + + +#include "internal/Hacl_Hash_SHA3.h" +#include "internal/Hacl_Hash_SHA2.h" +#include "internal/Hacl_Hash_SHA1.h" +#include "internal/Hacl_Hash_MD5.h" +#include "internal/Hacl_Hash_Blake2s.h" +#include "internal/Hacl_Hash_Blake2b.h" + +/** +Write the HMAC-MD5 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 byte. +`dst` must point to 16 bytes of memory. +*/ +void +Hacl_HMAC_compute_md5( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 64U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 64U) + { + ite = key_len; + } + else + { + ite = 16U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 64U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_MD5_hash_oneshot(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint32_t s[4U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U }; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_MD5_update_last(s, 0ULL, ipad, 64U); + } + else + { + uint32_t block_len = 64U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_MD5_update_multi(s, ipad, 1U); + Hacl_Hash_MD5_update_multi(s, full_blocks, n_blocks); + Hacl_Hash_MD5_update_last(s, (uint64_t)64U + (uint64_t)full_blocks_len, rem, rem_len); + } + Hacl_Hash_MD5_finish(s, dst1); + uint8_t *hash1 = ipad; + Hacl_Hash_MD5_init(s); + uint32_t block_len = 64U; + uint32_t n_blocks0 = 16U / block_len; + uint32_t rem0 = 16U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 16U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_MD5_update_multi(s, opad, 1U); + Hacl_Hash_MD5_update_multi(s, full_blocks, n_blocks); + Hacl_Hash_MD5_update_last(s, (uint64_t)64U + (uint64_t)full_blocks_len, rem, rem_len); + Hacl_Hash_MD5_finish(s, dst); +} + +/** +Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 byte. +`dst` must point to 20 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha1( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 64U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 64U) + { + ite = key_len; + } + else + { + ite = 20U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 64U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA1_hash_oneshot(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint32_t s[5U] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U, 0xc3d2e1f0U }; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA1_update_last(s, 0ULL, ipad, 64U); + } + else + { + uint32_t block_len = 64U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA1_update_multi(s, ipad, 1U); + Hacl_Hash_SHA1_update_multi(s, full_blocks, n_blocks); + Hacl_Hash_SHA1_update_last(s, (uint64_t)64U + (uint64_t)full_blocks_len, rem, rem_len); + } + Hacl_Hash_SHA1_finish(s, dst1); + uint8_t *hash1 = ipad; + Hacl_Hash_SHA1_init(s); + uint32_t block_len = 64U; + uint32_t n_blocks0 = 20U / block_len; + uint32_t rem0 = 20U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 20U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA1_update_multi(s, opad, 1U); + Hacl_Hash_SHA1_update_multi(s, full_blocks, n_blocks); + Hacl_Hash_SHA1_update_last(s, (uint64_t)64U + (uint64_t)full_blocks_len, rem, rem_len); + Hacl_Hash_SHA1_finish(s, dst); +} + +/** +Write the HMAC-SHA-2-224 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes. +`dst` must point to 28 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha2_224( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 64U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 64U) + { + ite = key_len; + } + else + { + ite = 28U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 64U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA2_hash_224(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint32_t st[8U] = { 0U }; + KRML_MAYBE_FOR8(i, + 0U, + 8U, + 1U, + uint32_t *os = st; + uint32_t x = Hacl_Hash_SHA2_h224[i]; + os[i] = x;); + uint32_t *s = st; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA2_sha224_update_last(0ULL + (uint64_t)64U, 64U, ipad, s); + } + else + { + uint32_t block_len = 64U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA2_sha224_update_nblocks(64U, ipad, s); + Hacl_Hash_SHA2_sha224_update_nblocks(n_blocks * 64U, full_blocks, s); + Hacl_Hash_SHA2_sha224_update_last((uint64_t)64U + (uint64_t)full_blocks_len + (uint64_t)rem_len, + rem_len, + rem, + s); + } + Hacl_Hash_SHA2_sha224_finish(s, dst1); + uint8_t *hash1 = ipad; + Hacl_Hash_SHA2_sha224_init(s); + uint32_t block_len = 64U; + uint32_t n_blocks0 = 28U / block_len; + uint32_t rem0 = 28U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 28U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA2_sha224_update_nblocks(64U, opad, s); + Hacl_Hash_SHA2_sha224_update_nblocks(n_blocks * 64U, full_blocks, s); + Hacl_Hash_SHA2_sha224_update_last((uint64_t)64U + (uint64_t)full_blocks_len + (uint64_t)rem_len, + rem_len, + rem, + s); + Hacl_Hash_SHA2_sha224_finish(s, dst); +} + +/** +Write the HMAC-SHA-2-256 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes. +`dst` must point to 32 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha2_256( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 64U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 64U) + { + ite = key_len; + } + else + { + ite = 32U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 64U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA2_hash_256(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint32_t st[8U] = { 0U }; + KRML_MAYBE_FOR8(i, + 0U, + 8U, + 1U, + uint32_t *os = st; + uint32_t x = Hacl_Hash_SHA2_h256[i]; + os[i] = x;); + uint32_t *s = st; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA2_sha256_update_last(0ULL + (uint64_t)64U, 64U, ipad, s); + } + else + { + uint32_t block_len = 64U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA2_sha256_update_nblocks(64U, ipad, s); + Hacl_Hash_SHA2_sha256_update_nblocks(n_blocks * 64U, full_blocks, s); + Hacl_Hash_SHA2_sha256_update_last((uint64_t)64U + (uint64_t)full_blocks_len + (uint64_t)rem_len, + rem_len, + rem, + s); + } + Hacl_Hash_SHA2_sha256_finish(s, dst1); + uint8_t *hash1 = ipad; + Hacl_Hash_SHA2_sha256_init(s); + uint32_t block_len = 64U; + uint32_t n_blocks0 = 32U / block_len; + uint32_t rem0 = 32U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 32U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA2_sha256_update_nblocks(64U, opad, s); + Hacl_Hash_SHA2_sha256_update_nblocks(n_blocks * 64U, full_blocks, s); + Hacl_Hash_SHA2_sha256_update_last((uint64_t)64U + (uint64_t)full_blocks_len + (uint64_t)rem_len, + rem_len, + rem, + s); + Hacl_Hash_SHA2_sha256_finish(s, dst); +} + +/** +Write the HMAC-SHA-2-384 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes. +`dst` must point to 48 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha2_384( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 128U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 128U) + { + ite = key_len; + } + else + { + ite = 48U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 128U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA2_hash_384(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint64_t st[8U] = { 0U }; + KRML_MAYBE_FOR8(i, + 0U, + 8U, + 1U, + uint64_t *os = st; + uint64_t x = Hacl_Hash_SHA2_h384[i]; + os[i] = x;); + uint64_t *s = st; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(0ULL), + FStar_UInt128_uint64_to_uint128((uint64_t)128U)), + 128U, + ipad, + s); + } + else + { + uint32_t block_len = 128U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA2_sha384_update_nblocks(128U, ipad, s); + Hacl_Hash_SHA2_sha384_update_nblocks(n_blocks * 128U, full_blocks, s); + Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U), + FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)), + FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)), + rem_len, + rem, + s); + } + Hacl_Hash_SHA2_sha384_finish(s, dst1); + uint8_t *hash1 = ipad; + Hacl_Hash_SHA2_sha384_init(s); + uint32_t block_len = 128U; + uint32_t n_blocks0 = 48U / block_len; + uint32_t rem0 = 48U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 48U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA2_sha384_update_nblocks(128U, opad, s); + Hacl_Hash_SHA2_sha384_update_nblocks(n_blocks * 128U, full_blocks, s); + Hacl_Hash_SHA2_sha384_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U), + FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)), + FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)), + rem_len, + rem, + s); + Hacl_Hash_SHA2_sha384_finish(s, dst); +} + +/** +Write the HMAC-SHA-2-512 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes. +`dst` must point to 64 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha2_512( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 128U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 128U) + { + ite = key_len; + } + else + { + ite = 64U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 128U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA2_hash_512(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint64_t st[8U] = { 0U }; + KRML_MAYBE_FOR8(i, + 0U, + 8U, + 1U, + uint64_t *os = st; + uint64_t x = Hacl_Hash_SHA2_h512[i]; + os[i] = x;); + uint64_t *s = st; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(0ULL), + FStar_UInt128_uint64_to_uint128((uint64_t)128U)), + 128U, + ipad, + s); + } + else + { + uint32_t block_len = 128U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA2_sha512_update_nblocks(128U, ipad, s); + Hacl_Hash_SHA2_sha512_update_nblocks(n_blocks * 128U, full_blocks, s); + Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U), + FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)), + FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)), + rem_len, + rem, + s); + } + Hacl_Hash_SHA2_sha512_finish(s, dst1); + uint8_t *hash1 = ipad; + Hacl_Hash_SHA2_sha512_init(s); + uint32_t block_len = 128U; + uint32_t n_blocks0 = 64U / block_len; + uint32_t rem0 = 64U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 64U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA2_sha512_update_nblocks(128U, opad, s); + Hacl_Hash_SHA2_sha512_update_nblocks(n_blocks * 128U, full_blocks, s); + Hacl_Hash_SHA2_sha512_update_last(FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U), + FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)), + FStar_UInt128_uint64_to_uint128((uint64_t)rem_len)), + rem_len, + rem, + s); + Hacl_Hash_SHA2_sha512_finish(s, dst); +} + +/** +Write the HMAC-SHA-3-224 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 144 bytes. +`dst` must point to 28 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha3_224( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 144U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 144U) + { + ite = key_len; + } + else + { + ite = 28U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 144U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA3_sha3_224(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint64_t s[25U] = { 0U }; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_224, s, ipad, 144U); + } + else + { + uint32_t block_len = 144U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_224, s, ipad, 1U); + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_224, s, full_blocks, n_blocks); + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_224, s, rem, rem_len); + } + uint32_t remOut = 28U; + uint8_t hbuf0[256U] = { 0U }; + uint64_t ws0[32U] = { 0U }; + memcpy(ws0, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf0 + i * 8U, ws0[i]); + } + memcpy(dst1 + 28U - remOut, hbuf0, remOut * sizeof (uint8_t)); + uint8_t *hash1 = ipad; + memset(s, 0U, 25U * sizeof (uint64_t)); + uint32_t block_len = 144U; + uint32_t n_blocks0 = 28U / block_len; + uint32_t rem0 = 28U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 28U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_224, s, opad, 1U); + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_224, s, full_blocks, n_blocks); + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_224, s, rem, rem_len); + uint32_t remOut0 = 28U; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(dst + 28U - remOut0, hbuf, remOut0 * sizeof (uint8_t)); +} + +/** +Write the HMAC-SHA-3-256 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 136 bytes. +`dst` must point to 32 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha3_256( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 136U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 136U) + { + ite = key_len; + } + else + { + ite = 32U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 136U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA3_sha3_256(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint64_t s[25U] = { 0U }; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_256, s, ipad, 136U); + } + else + { + uint32_t block_len = 136U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_256, s, ipad, 1U); + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_256, s, full_blocks, n_blocks); + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_256, s, rem, rem_len); + } + uint32_t remOut = 32U; + uint8_t hbuf0[256U] = { 0U }; + uint64_t ws0[32U] = { 0U }; + memcpy(ws0, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf0 + i * 8U, ws0[i]); + } + memcpy(dst1 + 32U - remOut, hbuf0, remOut * sizeof (uint8_t)); + uint8_t *hash1 = ipad; + memset(s, 0U, 25U * sizeof (uint64_t)); + uint32_t block_len = 136U; + uint32_t n_blocks0 = 32U / block_len; + uint32_t rem0 = 32U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 32U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_256, s, opad, 1U); + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_256, s, full_blocks, n_blocks); + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_256, s, rem, rem_len); + uint32_t remOut0 = 32U; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(dst + 32U - remOut0, hbuf, remOut0 * sizeof (uint8_t)); +} + +/** +Write the HMAC-SHA-3-384 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 104 bytes. +`dst` must point to 48 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha3_384( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 104U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 104U) + { + ite = key_len; + } + else + { + ite = 48U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 104U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA3_sha3_384(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint64_t s[25U] = { 0U }; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_384, s, ipad, 104U); + } + else + { + uint32_t block_len = 104U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_384, s, ipad, 1U); + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_384, s, full_blocks, n_blocks); + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_384, s, rem, rem_len); + } + uint32_t remOut = 48U; + uint8_t hbuf0[256U] = { 0U }; + uint64_t ws0[32U] = { 0U }; + memcpy(ws0, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf0 + i * 8U, ws0[i]); + } + memcpy(dst1 + 48U - remOut, hbuf0, remOut * sizeof (uint8_t)); + uint8_t *hash1 = ipad; + memset(s, 0U, 25U * sizeof (uint64_t)); + uint32_t block_len = 104U; + uint32_t n_blocks0 = 48U / block_len; + uint32_t rem0 = 48U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 48U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_384, s, opad, 1U); + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_384, s, full_blocks, n_blocks); + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_384, s, rem, rem_len); + uint32_t remOut0 = 48U; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(dst + 48U - remOut0, hbuf, remOut0 * sizeof (uint8_t)); +} + +/** +Write the HMAC-SHA-3-512 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 72 bytes. +`dst` must point to 64 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha3_512( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 72U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 72U) + { + ite = key_len; + } + else + { + ite = 64U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 72U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_SHA3_sha3_512(nkey, key, key_len); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint64_t s[25U] = { 0U }; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_512, s, ipad, 72U); + } + else + { + uint32_t block_len = 72U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_512, s, ipad, 1U); + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_512, s, full_blocks, n_blocks); + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_512, s, rem, rem_len); + } + uint32_t remOut = 64U; + uint8_t hbuf0[256U] = { 0U }; + uint64_t ws0[32U] = { 0U }; + memcpy(ws0, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf0 + i * 8U, ws0[i]); + } + memcpy(dst1 + 64U - remOut, hbuf0, remOut * sizeof (uint8_t)); + uint8_t *hash1 = ipad; + memset(s, 0U, 25U * sizeof (uint64_t)); + uint32_t block_len = 72U; + uint32_t n_blocks0 = 64U / block_len; + uint32_t rem0 = 64U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 64U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_512, s, opad, 1U); + Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_SHA3_512, s, full_blocks, n_blocks); + Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_SHA3_512, s, rem, rem_len); + uint32_t remOut0 = 64U; + uint8_t hbuf[256U] = { 0U }; + uint64_t ws[32U] = { 0U }; + memcpy(ws, s, 25U * sizeof (uint64_t)); + for (uint32_t i = 0U; i < 32U; i++) + { + store64_le(hbuf + i * 8U, ws[i]); + } + memcpy(dst + 64U - remOut0, hbuf, remOut0 * sizeof (uint8_t)); +} + +/** +Write the HMAC-BLAKE2s MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes. +`dst` must point to 32 bytes of memory. +*/ +void +Hacl_HMAC_compute_blake2s_32( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 64U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 64U) + { + ite = key_len; + } + else + { + ite = 32U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 64U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_Blake2s_hash_with_key(nkey, 32U, key, key_len, NULL, 0U); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint32_t s[16U] = { 0U }; + Hacl_Hash_Blake2s_init(s, 0U, 32U); + uint32_t *s0 = s; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + uint32_t wv[16U] = { 0U }; + Hacl_Hash_Blake2s_update_last(64U, wv, s0, false, 0ULL, 64U, ipad); + } + else + { + uint32_t block_len = 64U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + uint32_t wv[16U] = { 0U }; + Hacl_Hash_Blake2s_update_multi(64U, wv, s0, 0ULL, ipad, 1U); + uint32_t wv0[16U] = { 0U }; + Hacl_Hash_Blake2s_update_multi(n_blocks * 64U, + wv0, + s0, + (uint64_t)block_len, + full_blocks, + n_blocks); + uint32_t wv1[16U] = { 0U }; + Hacl_Hash_Blake2s_update_last(rem_len, + wv1, + s0, + false, + (uint64_t)64U + (uint64_t)full_blocks_len, + rem_len, + rem); + } + Hacl_Hash_Blake2s_finish(32U, dst1, s0); + uint8_t *hash1 = ipad; + Hacl_Hash_Blake2s_init(s0, 0U, 32U); + uint32_t block_len = 64U; + uint32_t n_blocks0 = 32U / block_len; + uint32_t rem0 = 32U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 32U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + uint32_t wv[16U] = { 0U }; + Hacl_Hash_Blake2s_update_multi(64U, wv, s0, 0ULL, opad, 1U); + uint32_t wv0[16U] = { 0U }; + Hacl_Hash_Blake2s_update_multi(n_blocks * 64U, + wv0, + s0, + (uint64_t)block_len, + full_blocks, + n_blocks); + uint32_t wv1[16U] = { 0U }; + Hacl_Hash_Blake2s_update_last(rem_len, + wv1, + s0, + false, + (uint64_t)64U + (uint64_t)full_blocks_len, + rem_len, + rem); + Hacl_Hash_Blake2s_finish(32U, dst, s0); +} + +/** +Write the HMAC-BLAKE2b MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes. +`dst` must point to 64 bytes of memory. +*/ +void +Hacl_HMAC_compute_blake2b_32( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +) +{ + uint32_t l = 128U; + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t key_block[l]; + memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t *nkey = key_block; + uint32_t ite; + if (key_len <= 128U) + { + ite = key_len; + } + else + { + ite = 64U; + } + uint8_t *zeroes = key_block + ite; + KRML_MAYBE_UNUSED_VAR(zeroes); + if (key_len <= 128U) + { + memcpy(nkey, key, key_len * sizeof (uint8_t)); + } + else + { + Hacl_Hash_Blake2b_hash_with_key(nkey, 64U, key, key_len, NULL, 0U); + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t ipad[l]; + memset(ipad, 0x36U, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = ipad[i]; + uint8_t yi = key_block[i]; + ipad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + KRML_CHECK_SIZE(sizeof (uint8_t), l); + uint8_t opad[l]; + memset(opad, 0x5cU, l * sizeof (uint8_t)); + for (uint32_t i = 0U; i < l; i++) + { + uint8_t xi = opad[i]; + uint8_t yi = key_block[i]; + opad[i] = (uint32_t)xi ^ (uint32_t)yi; + } + uint64_t s[16U] = { 0U }; + Hacl_Hash_Blake2b_init(s, 0U, 64U); + uint64_t *s0 = s; + uint8_t *dst1 = ipad; + if (data_len == 0U) + { + uint64_t wv[16U] = { 0U }; + Hacl_Hash_Blake2b_update_last(128U, + wv, + s0, + false, + FStar_UInt128_uint64_to_uint128(0ULL), + 128U, + ipad); + } + else + { + uint32_t block_len = 128U; + uint32_t n_blocks0 = data_len / block_len; + uint32_t rem0 = data_len % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = data_len - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = data; + uint8_t *rem = data + full_blocks_len; + uint64_t wv[16U] = { 0U }; + Hacl_Hash_Blake2b_update_multi(128U, wv, s0, FStar_UInt128_uint64_to_uint128(0ULL), ipad, 1U); + uint64_t wv0[16U] = { 0U }; + Hacl_Hash_Blake2b_update_multi(n_blocks * 128U, + wv0, + s0, + FStar_UInt128_uint64_to_uint128((uint64_t)block_len), + full_blocks, + n_blocks); + uint64_t wv1[16U] = { 0U }; + Hacl_Hash_Blake2b_update_last(rem_len, + wv1, + s0, + false, + FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U), + FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)), + rem_len, + rem); + } + Hacl_Hash_Blake2b_finish(64U, dst1, s0); + uint8_t *hash1 = ipad; + Hacl_Hash_Blake2b_init(s0, 0U, 64U); + uint32_t block_len = 128U; + uint32_t n_blocks0 = 64U / block_len; + uint32_t rem0 = 64U % block_len; + K___uint32_t_uint32_t scrut; + if (n_blocks0 > 0U && rem0 == 0U) + { + uint32_t n_blocks_ = n_blocks0 - 1U; + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks_, .snd = 64U - n_blocks_ * block_len }); + } + else + { + scrut = ((K___uint32_t_uint32_t){ .fst = n_blocks0, .snd = rem0 }); + } + uint32_t n_blocks = scrut.fst; + uint32_t rem_len = scrut.snd; + uint32_t full_blocks_len = n_blocks * block_len; + uint8_t *full_blocks = hash1; + uint8_t *rem = hash1 + full_blocks_len; + uint64_t wv[16U] = { 0U }; + Hacl_Hash_Blake2b_update_multi(128U, wv, s0, FStar_UInt128_uint64_to_uint128(0ULL), opad, 1U); + uint64_t wv0[16U] = { 0U }; + Hacl_Hash_Blake2b_update_multi(n_blocks * 128U, + wv0, + s0, + FStar_UInt128_uint64_to_uint128((uint64_t)block_len), + full_blocks, + n_blocks); + uint64_t wv1[16U] = { 0U }; + Hacl_Hash_Blake2b_update_last(rem_len, + wv1, + s0, + false, + FStar_UInt128_add(FStar_UInt128_uint64_to_uint128((uint64_t)128U), + FStar_UInt128_uint64_to_uint128((uint64_t)full_blocks_len)), + rem_len, + rem); + Hacl_Hash_Blake2b_finish(64U, dst, s0); +} + diff --git a/Modules/_hacl/Hacl_HMAC.h b/Modules/_hacl/Hacl_HMAC.h new file mode 100644 index 00000000000000..6feb51a88626c9 --- /dev/null +++ b/Modules/_hacl/Hacl_HMAC.h @@ -0,0 +1,231 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __Hacl_HMAC_H +#define __Hacl_HMAC_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "python_hacl_namespaces.h" +#include "krml/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + +#include "Hacl_Streaming_Types.h" + +#include "Hacl_Hash_SHA3.h" +#include "Hacl_Hash_SHA2.h" +#include "Hacl_Hash_Blake2s.h" +#include "Hacl_Hash_Blake2b.h" + +/** +Write the HMAC-MD5 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 byte. +`dst` must point to 16 bytes of memory. +*/ +void +Hacl_HMAC_compute_md5( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 byte. +`dst` must point to 20 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha1( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-2-224 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes. +`dst` must point to 28 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha2_224( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-2-256 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes. +`dst` must point to 32 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha2_256( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-2-384 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes. +`dst` must point to 48 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha2_384( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-2-512 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes. +`dst` must point to 64 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha2_512( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-3-224 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 144 bytes. +`dst` must point to 28 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha3_224( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-3-256 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 136 bytes. +`dst` must point to 32 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha3_256( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-3-384 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 104 bytes. +`dst` must point to 48 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha3_384( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-SHA-3-512 MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 72 bytes. +`dst` must point to 64 bytes of memory. +*/ +void +Hacl_HMAC_compute_sha3_512( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-BLAKE2s MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes. +`dst` must point to 32 bytes of memory. +*/ +void +Hacl_HMAC_compute_blake2s_32( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +/** +Write the HMAC-BLAKE2b MAC of a message (`data`) by using a key (`key`) into `dst`. + +The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes. +`dst` must point to 64 bytes of memory. +*/ +void +Hacl_HMAC_compute_blake2b_32( + uint8_t *dst, + uint8_t *key, + uint32_t key_len, + uint8_t *data, + uint32_t data_len +); + +#if defined(__cplusplus) +} +#endif + +#define __Hacl_HMAC_H_DEFINED +#endif diff --git a/Modules/_hacl/Hacl_Hash_Blake2b.c b/Modules/_hacl/Hacl_Hash_Blake2b.c index cd3b9777e09f6c..1bab75e6aaf2ab 100644 --- a/Modules/_hacl/Hacl_Hash_Blake2b.c +++ b/Modules/_hacl/Hacl_Hash_Blake2b.c @@ -1029,7 +1029,8 @@ Hacl_Hash_Blake2b_reset_with_key_and_params( uint8_t *k ) { - index_of_state(s); + Hacl_Hash_Blake2b_index i1 = index_of_state(s); + KRML_MAYBE_UNUSED_VAR(i1); reset_raw(s, ((Hacl_Hash_Blake2b_params_and_key){ .fst = p, .snd = k })); } diff --git a/Modules/_hacl/Hacl_Hash_Blake2b_Simd256.c b/Modules/_hacl/Hacl_Hash_Blake2b_Simd256.c index 92b2e8f539041b..19234ab9d7f9b2 100644 --- a/Modules/_hacl/Hacl_Hash_Blake2b_Simd256.c +++ b/Modules/_hacl/Hacl_Hash_Blake2b_Simd256.c @@ -855,7 +855,8 @@ Hacl_Hash_Blake2b_Simd256_reset_with_key_and_params( uint8_t *k ) { - index_of_state(s); + Hacl_Hash_Blake2b_index i1 = index_of_state(s); + KRML_MAYBE_UNUSED_VAR(i1); reset_raw(s, ((Hacl_Hash_Blake2b_params_and_key){ .fst = p, .snd = k })); } diff --git a/Modules/_hacl/Hacl_Hash_Blake2s.c b/Modules/_hacl/Hacl_Hash_Blake2s.c index e5e0ecd0bfde7e..ceb7385072e048 100644 --- a/Modules/_hacl/Hacl_Hash_Blake2s.c +++ b/Modules/_hacl/Hacl_Hash_Blake2s.c @@ -1011,7 +1011,8 @@ Hacl_Hash_Blake2s_reset_with_key_and_params( uint8_t *k ) { - index_of_state(s); + Hacl_Hash_Blake2b_index i1 = index_of_state(s); + KRML_MAYBE_UNUSED_VAR(i1); reset_raw(s, ((Hacl_Hash_Blake2b_params_and_key){ .fst = p, .snd = k })); } diff --git a/Modules/_hacl/Hacl_Hash_Blake2s_Simd128.c b/Modules/_hacl/Hacl_Hash_Blake2s_Simd128.c index f675a7f14f192f..3b68783bfad9b4 100644 --- a/Modules/_hacl/Hacl_Hash_Blake2s_Simd128.c +++ b/Modules/_hacl/Hacl_Hash_Blake2s_Simd128.c @@ -842,7 +842,8 @@ Hacl_Hash_Blake2s_Simd128_reset_with_key_and_params( uint8_t *k ) { - index_of_state(s); + Hacl_Hash_Blake2b_index i1 = index_of_state(s); + KRML_MAYBE_UNUSED_VAR(i1); reset_raw(s, ((Hacl_Hash_Blake2b_params_and_key){ .fst = p, .snd = k })); } diff --git a/Modules/_hacl/Hacl_Hash_SHA2.c b/Modules/_hacl/Hacl_Hash_SHA2.c index 4b6af5fc78c680..cc930bbc89e8ad 100644 --- a/Modules/_hacl/Hacl_Hash_SHA2.c +++ b/Modules/_hacl/Hacl_Hash_SHA2.c @@ -211,7 +211,7 @@ void Hacl_Hash_SHA2_sha224_init(uint32_t *hash) os[i] = x;); } -static inline void sha224_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st) +void Hacl_Hash_SHA2_sha224_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st) { Hacl_Hash_SHA2_sha256_update_nblocks(len, b, st); } @@ -825,7 +825,7 @@ void Hacl_Hash_SHA2_digest_224(Hacl_Streaming_MD_state_32 *state, uint8_t *outpu } uint8_t *buf_last = buf_1 + r - ite; uint8_t *buf_multi = buf_1; - sha224_update_nblocks(0U, buf_multi, tmp_block_state); + Hacl_Hash_SHA2_sha224_update_nblocks(0U, buf_multi, tmp_block_state); uint64_t prev_len_last = total_len - (uint64_t)r; Hacl_Hash_SHA2_sha224_update_last(prev_len_last + (uint64_t)r, r, buf_last, tmp_block_state); Hacl_Hash_SHA2_sha224_finish(tmp_block_state, output); @@ -847,7 +847,7 @@ void Hacl_Hash_SHA2_hash_224(uint8_t *output, uint8_t *input, uint32_t input_len Hacl_Hash_SHA2_sha224_init(st); uint32_t rem = input_len % 64U; uint64_t len_ = (uint64_t)input_len; - sha224_update_nblocks(input_len, ib, st); + Hacl_Hash_SHA2_sha224_update_nblocks(input_len, ib, st); uint32_t rem1 = input_len % 64U; uint8_t *b0 = ib; uint8_t *lb = b0 + input_len - rem1; diff --git a/Modules/_hacl/Hacl_Hash_SHA3.c b/Modules/_hacl/Hacl_Hash_SHA3.c index 9cf5abb330b180..b964e1d9c0aa69 100644 --- a/Modules/_hacl/Hacl_Hash_SHA3.c +++ b/Modules/_hacl/Hacl_Hash_SHA3.c @@ -251,7 +251,8 @@ Hacl_Hash_SHA3_update_multi_sha3( uint8_t *bl0 = b_; uint8_t *uu____0 = b0 + i * block_len(a); memcpy(bl0, uu____0, block_len(a) * sizeof (uint8_t)); - block_len(a); + uint32_t unused = block_len(a); + KRML_MAYBE_UNUSED_VAR(unused); absorb_inner_32(b_, s); } } diff --git a/Modules/_hacl/internal/Hacl_HMAC.h b/Modules/_hacl/internal/Hacl_HMAC.h new file mode 100644 index 00000000000000..5038a6cf224a70 --- /dev/null +++ b/Modules/_hacl/internal/Hacl_HMAC.h @@ -0,0 +1,59 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#ifndef __internal_Hacl_HMAC_H +#define __internal_Hacl_HMAC_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include "krml/types.h" +#include "krml/lowstar_endianness.h" +#include "krml/internal/target.h" + + +#include "internal/Hacl_Hash_SHA3.h" +#include "internal/Hacl_Hash_SHA2.h" +#include "internal/Hacl_Hash_SHA1.h" +#include "internal/Hacl_Hash_MD5.h" +#include "internal/Hacl_Hash_Blake2s.h" +#include "internal/Hacl_Hash_Blake2b.h" +#include "../Hacl_HMAC.h" + +typedef struct K___uint32_t_uint32_t_s +{ + uint32_t fst; + uint32_t snd; +} +K___uint32_t_uint32_t; + +#if defined(__cplusplus) +} +#endif + +#define __internal_Hacl_HMAC_H_DEFINED +#endif diff --git a/Modules/_hacl/internal/Hacl_Hash_SHA2.h b/Modules/_hacl/internal/Hacl_Hash_SHA2.h index 0127f4373fb1a1..cb60f9e9bd4df6 100644 --- a/Modules/_hacl/internal/Hacl_Hash_SHA2.h +++ b/Modules/_hacl/internal/Hacl_Hash_SHA2.h @@ -123,6 +123,8 @@ void Hacl_Hash_SHA2_sha256_finish(uint32_t *st, uint8_t *h); void Hacl_Hash_SHA2_sha224_init(uint32_t *hash); +void Hacl_Hash_SHA2_sha224_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st); + void Hacl_Hash_SHA2_sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *st); diff --git a/Modules/_hacl/python_hacl_namespaces.h b/Modules/_hacl/python_hacl_namespaces.h index 8a1f4aef384d62..052b893112f18f 100644 --- a/Modules/_hacl/python_hacl_namespaces.h +++ b/Modules/_hacl/python_hacl_namespaces.h @@ -209,4 +209,11 @@ #define Hacl_Hash_SHA3_state_free python_hashlib_Hacl_Hash_SHA3_state_free #define Hacl_Hash_SHA3_state_malloc python_hashlib_Hacl_Hash_SHA3_state_malloc +#define Hacl_HMAC_compute_sha1 python_hashlib_Hacl_HMAC_compute_sha1 +#define Hacl_HMAC_compute_sha2_256 python_hashlib_Hacl_HMAC_compute_sha2_256 +#define Hacl_HMAC_compute_sha2_384 python_hashlib_Hacl_HMAC_compute_sha2_384 +#define Hacl_HMAC_compute_sha2_512 python_hashlib_Hacl_HMAC_compute_sha2_512 +#define Hacl_HMAC_compute_blake2s_32 python_hashlib_Hacl_HMAC_compute_blake2s_32 +#define Hacl_HMAC_compute_blake2b_32 python_hashlib_Hacl_HMAC_compute_blake2b_32 + #endif // _PYTHON_HACL_NAMESPACES_H diff --git a/Modules/_hacl/refresh.sh b/Modules/_hacl/refresh.sh index 6234fea9f17bc7..78b9c8acd762e0 100755 --- a/Modules/_hacl/refresh.sh +++ b/Modules/_hacl/refresh.sh @@ -22,7 +22,7 @@ fi # Update this when updating to a new version after verifying that the changes # the update brings in are good. -expected_hacl_star_rev=315a9e491d2bc347b9dae99e0ea506995ea84d9d +expected_hacl_star_rev=fc2e38f4d899ba28665c5b91caedaf35b3b37452 hacl_dir="$(realpath "$1")" cd "$(dirname "$0")" @@ -41,6 +41,7 @@ fi declare -a dist_files dist_files=( Hacl_Streaming_Types.h +# Cryptographic Hash Functions (headers) Hacl_Hash_MD5.h Hacl_Hash_SHA1.h Hacl_Hash_SHA2.h @@ -49,6 +50,9 @@ dist_files=( Hacl_Hash_Blake2s.h Hacl_Hash_Blake2b_Simd256.h Hacl_Hash_Blake2s_Simd128.h +# Cryptographic Primitives (headers) + Hacl_HMAC.h +# Cryptographic Hash Functions (internal headers) internal/Hacl_Hash_MD5.h internal/Hacl_Hash_SHA1.h internal/Hacl_Hash_SHA2.h @@ -58,6 +62,9 @@ dist_files=( internal/Hacl_Hash_Blake2b_Simd256.h internal/Hacl_Hash_Blake2s_Simd128.h internal/Hacl_Impl_Blake2_Constants.h +# Cryptographic Primitives (internal headers) + internal/Hacl_HMAC.h +# Cryptographic Hash Functions (sources) Hacl_Hash_MD5.c Hacl_Hash_SHA1.c Hacl_Hash_SHA2.c @@ -66,6 +73,9 @@ dist_files=( Hacl_Hash_Blake2s.c Hacl_Hash_Blake2b_Simd256.c Hacl_Hash_Blake2s_Simd128.c +# Cryptographic Primitives (sources) + Hacl_HMAC.c +# Miscellaneous libintvector.h lib_memzero0.h Lib_Memzero0.c @@ -143,7 +153,9 @@ $sed -i -z 's!\(extern\|typedef\)[^;]*;\n\n!!g' include/krml/FStar_UInt_8_16_32_ $sed -i 's!#include.*Hacl_Krmllib.h"!!g' "${all_files[@]}" # Use globally unique names for the Hacl_ C APIs to avoid linkage conflicts. -$sed -i -z 's!#include \n!#include \n#include "python_hacl_namespaces.h"\n!' Hacl_Hash_*.h +$sed -i -z 's!#include \n!#include \n#include "python_hacl_namespaces.h"\n!' \ + Hacl_Hash_*.h \ + Hacl_HMAC.h # Finally, we remove a bunch of ifdefs from target.h that are, again, useful in # the general case, but not exercised by the subset of HACL* that we vendor. From 5a410f8f3747576e8e7a45565c34b9e517ddfca0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sun, 3 Nov 2024 14:08:22 +0100 Subject: [PATCH 02/36] Update SBOM files --- Misc/sbom.spdx.json | 97 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 77 insertions(+), 20 deletions(-) diff --git a/Misc/sbom.spdx.json b/Misc/sbom.spdx.json index cc73e93009b43f..36df377910d9d2 100644 --- a/Misc/sbom.spdx.json +++ b/Misc/sbom.spdx.json @@ -295,16 +295,44 @@ ], "fileName": "Modules/expat/xmltok_ns.c" }, + { + "SPDXID": "SPDXRef-FILE-Modules-hacl-Hacl-HMAC.c", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "39845bf2f06d85ba98824f6f4f02f3a2f27d4d1a" + }, + { + "algorithm": "SHA256", + "checksumValue": "0ca9c580923d8e88e09d8b709257462dcf11eb18ea40d9b782e0ffa694141bbd" + } + ], + "fileName": "Modules/_hacl/Hacl_HMAC.c" + }, + { + "SPDXID": "SPDXRef-FILE-Modules-hacl-Hacl-HMAC.h", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "397e27ce27de4f18a209033ed7f576a005a0c8c8" + }, + { + "algorithm": "SHA256", + "checksumValue": "b584dc409211857210c3444973cf84dc5efba7d29ca4ebdbe1305170ac5dfb73" + } + ], + "fileName": "Modules/_hacl/Hacl_HMAC.h" + }, { "SPDXID": "SPDXRef-FILE-Modules-hacl-Hacl-Hash-Blake2b.c", "checksums": [ { "algorithm": "SHA1", - "checksumValue": "a34e821b68ef5334eccf4f729b28bb7bb65b965e" + "checksumValue": "1cd3cda98e0e6882a13a59268b88640c542350fd" }, { "algorithm": "SHA256", - "checksumValue": "4582db9143c0810b98838a5357c577e0b32ae77f3018486159df4e0dfd3fce3c" + "checksumValue": "41a420bc9355e451720e60e9536e66f04dc6e416ca9217c4ab18d827887a2e08" } ], "fileName": "Modules/_hacl/Hacl_Hash_Blake2b.c" @@ -328,11 +356,11 @@ "checksums": [ { "algorithm": "SHA1", - "checksumValue": "0ffe60c6d5eed5dd222515e820d461d319d16b1f" + "checksumValue": "0ceef306590ec12251db03a31fc08ecba697486d" }, { "algorithm": "SHA256", - "checksumValue": "4804cb3ce68bfdcf98853d6f1d77b4a844a3c2796f776b39770ba327e400d402" + "checksumValue": "1575a23b21319e55e670f74194fc2dfd1777eb5a3816cad43750e03da6e44db9" } ], "fileName": "Modules/_hacl/Hacl_Hash_Blake2b_Simd256.c" @@ -370,11 +398,11 @@ "checksums": [ { "algorithm": "SHA1", - "checksumValue": "cf035ffeff875bc74345a47373ce25dc408ea9dc" + "checksumValue": "9616a9f8d795d64487bf86a96719f943729621e2" }, { "algorithm": "SHA256", - "checksumValue": "579059b002c45fab0fed6381e85c3f5eaf1d959400ca64b103542ac6c35bade3" + "checksumValue": "5ecde5ddc8ec073cffe64d60e868535d995f33fb0f87f9b50e68bd2a694b7434" } ], "fileName": "Modules/_hacl/Hacl_Hash_Blake2s.c" @@ -398,11 +426,11 @@ "checksums": [ { "algorithm": "SHA1", - "checksumValue": "9bb53022d158a9c349edb52a8def8aac7d098a4e" + "checksumValue": "5b950ce0a5c8f0c2c56b4ac96e1943b504255d45" }, { "algorithm": "SHA256", - "checksumValue": "2abde0c6b5da0402e91b4bedfe786c24b908fbdc04e08e74651c7624729254d9" + "checksumValue": "5a5f5d8e376dc30d89fd6c6c435157fe9ffa5308030e7abb1256afaee0765536" } ], "fileName": "Modules/_hacl/Hacl_Hash_Blake2s_Simd128.c" @@ -496,11 +524,11 @@ "checksums": [ { "algorithm": "SHA1", - "checksumValue": "f2aa3ed6acce621c162bc3a0592780ce5aa3bc4d" + "checksumValue": "b0aa8810339adb09623ffa429246b4324fac4565" }, { "algorithm": "SHA256", - "checksumValue": "30638efb75c8b185bb09c3df6977e3f3c5d21a1e696218cf7ade6bc4d5201b31" + "checksumValue": "2288f8f860efe80eed4f1e14ef570079b7459aeb41f87e94e691d7cf5e0e7adb" } ], "fileName": "Modules/_hacl/Hacl_Hash_SHA2.c" @@ -524,11 +552,11 @@ "checksums": [ { "algorithm": "SHA1", - "checksumValue": "fc2c3ef83a71bef42eb3f73b78e4ef6642a4634e" + "checksumValue": "ef374b9d0951ebb38006af944dd4b38a6cf3abb2" }, { "algorithm": "SHA256", - "checksumValue": "e4f3ed9d1e8f661482cbd2d04b197e15cc3b698c5ef2ddedf0eb65df320dbbc4" + "checksumValue": "164df19f229143006c5f9a3c0bd771415f152bfbc7efb61c337fa0f903003eb3" } ], "fileName": "Modules/_hacl/Hacl_Hash_SHA3.c" @@ -659,6 +687,20 @@ ], "fileName": "Modules/_hacl/include/krml/types.h" }, + { + "SPDXID": "SPDXRef-FILE-Modules-hacl-internal-Hacl-HMAC.h", + "checksums": [ + { + "algorithm": "SHA1", + "checksumValue": "aef7c96186f1f5b5058b4ddffd3ccdd5d6e33669" + }, + { + "algorithm": "SHA256", + "checksumValue": "4d2ea32f3384513de59df04820bc09c4a3dd9b83aa8cd8e292981b5c19ac55c3" + } + ], + "fileName": "Modules/_hacl/internal/Hacl_HMAC.h" + }, { "SPDXID": "SPDXRef-FILE-Modules-hacl-internal-Hacl-Hash-Blake2b.h", "checksums": [ @@ -748,11 +790,11 @@ "checksums": [ { "algorithm": "SHA1", - "checksumValue": "0018e084339058dd454b4e49d10d236b4f896bf8" + "checksumValue": "2e9ae174142fc491f20567ab8b5c08cef9b07cfe" }, { "algorithm": "SHA256", - "checksumValue": "10e959a92b3288a6165a404c8fae2bbcd7fb00a9abbae2b7809fa55d6fe9068d" + "checksumValue": "07100964adcf4b5f8bd4773e25f475b34cd180b90df8b1c0052e55c008b7cc49" } ], "fileName": "Modules/_hacl/internal/Hacl_Hash_SHA2.h" @@ -818,11 +860,11 @@ "checksums": [ { "algorithm": "SHA1", - "checksumValue": "37e3eb63c5c6f8ae671748bfde642c180b96d2de" + "checksumValue": "d707a40ab54dabab9958205005be3cb91b73a3da" }, { "algorithm": "SHA256", - "checksumValue": "0b5c7892cc25a2b3467936c1f346a6186d9d0a257d1bd5671beda253b66e0f68" + "checksumValue": "775bf3c0303b1228d404a864e20e3e283971a33ddd22c3e4592085b03f5ac460" } ], "fileName": "Modules/_hacl/python_hacl_namespaces.h" @@ -1640,14 +1682,14 @@ "checksums": [ { "algorithm": "SHA256", - "checksumValue": "935ae51d0ff0bf1403f0ecc1ff02b8f685d09053618558c07fbe4bd2abbc5dd1" + "checksumValue": "cbd19d064b3136172cabe88ab1b51fe2ee5264fe8eaf4a586355533ffe97977d" } ], - "downloadLocation": "https://github.com/hacl-star/hacl-star/archive/315a9e491d2bc347b9dae99e0ea506995ea84d9d.zip", + "downloadLocation": "https://github.com/hacl-star/hacl-star/archive/fc2e38f4d899ba28665c5b91caedaf35b3b37452.zip", "externalRefs": [ { "referenceCategory": "SECURITY", - "referenceLocator": "cpe:2.3:a:hacl-star:hacl-star:315a9e491d2bc347b9dae99e0ea506995ea84d9d:*:*:*:*:*:*:*", + "referenceLocator": "cpe:2.3:a:hacl-star:hacl-star:fc2e38f4d899ba28665c5b91caedaf35b3b37452:*:*:*:*:*:*:*", "referenceType": "cpe23Type" } ], @@ -1655,7 +1697,7 @@ "name": "hacl-star", "originator": "Organization: HACL* Developers", "primaryPackagePurpose": "SOURCE", - "versionInfo": "315a9e491d2bc347b9dae99e0ea506995ea84d9d" + "versionInfo": "fc2e38f4d899ba28665c5b91caedaf35b3b37452" }, { "SPDXID": "SPDXRef-PACKAGE-macholib", @@ -1808,6 +1850,16 @@ "relationshipType": "CONTAINS", "spdxElementId": "SPDXRef-PACKAGE-expat" }, + { + "relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-Hacl-HMAC.c", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-PACKAGE-hacl-star" + }, + { + "relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-Hacl-HMAC.h", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-PACKAGE-hacl-star" + }, { "relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-Hacl-Hash-Blake2b.c", "relationshipType": "CONTAINS", @@ -1938,6 +1990,11 @@ "relationshipType": "CONTAINS", "spdxElementId": "SPDXRef-PACKAGE-hacl-star" }, + { + "relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-internal-Hacl-HMAC.h", + "relationshipType": "CONTAINS", + "spdxElementId": "SPDXRef-PACKAGE-hacl-star" + }, { "relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-internal-Hacl-Hash-Blake2b.h", "relationshipType": "CONTAINS", From c1c7c92db7d08aca324ba88f18cfdb88e224a5e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sun, 3 Nov 2024 13:14:32 +0100 Subject: [PATCH 03/36] Update HACL (CPython) namespace --- Modules/_hacl/python_hacl_namespaces.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Modules/_hacl/python_hacl_namespaces.h b/Modules/_hacl/python_hacl_namespaces.h index 052b893112f18f..acb0e34e8963d8 100644 --- a/Modules/_hacl/python_hacl_namespaces.h +++ b/Modules/_hacl/python_hacl_namespaces.h @@ -209,10 +209,21 @@ #define Hacl_Hash_SHA3_state_free python_hashlib_Hacl_Hash_SHA3_state_free #define Hacl_Hash_SHA3_state_malloc python_hashlib_Hacl_Hash_SHA3_state_malloc +// HMAC-MD5 +#define Hacl_HMAC_compute_md5 python_hashlib_Hacl_HMAC_compute_md5 +// HMAC-SHA-1 #define Hacl_HMAC_compute_sha1 python_hashlib_Hacl_HMAC_compute_sha1 +// HMAC-SHA-2 +#define Hacl_HMAC_compute_sha2_224 python_hashlib_Hacl_HMAC_compute_sha2_224 #define Hacl_HMAC_compute_sha2_256 python_hashlib_Hacl_HMAC_compute_sha2_256 #define Hacl_HMAC_compute_sha2_384 python_hashlib_Hacl_HMAC_compute_sha2_384 #define Hacl_HMAC_compute_sha2_512 python_hashlib_Hacl_HMAC_compute_sha2_512 +// HMAC-SHA-3 +#define Hacl_HMAC_compute_sha3_224 python_hashlib_Hacl_HMAC_compute_sha3_224 +#define Hacl_HMAC_compute_sha3_256 python_hashlib_Hacl_HMAC_compute_sha3_256 +#define Hacl_HMAC_compute_sha3_384 python_hashlib_Hacl_HMAC_compute_sha3_384 +#define Hacl_HMAC_compute_sha3_512 python_hashlib_Hacl_HMAC_compute_sha3_512 +// HMAC-BLAKE #define Hacl_HMAC_compute_blake2s_32 python_hashlib_Hacl_HMAC_compute_blake2s_32 #define Hacl_HMAC_compute_blake2b_32 python_hashlib_Hacl_HMAC_compute_blake2b_32 From 2901987980deae93e986bedc5b72f63004f70ffe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sun, 3 Nov 2024 13:14:57 +0100 Subject: [PATCH 04/36] Update HACL (CPython) README --- Modules/_hacl/README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Modules/_hacl/README.md b/Modules/_hacl/README.md index e6a156a54b3cee..0d6454cdd6efb3 100644 --- a/Modules/_hacl/README.md +++ b/Modules/_hacl/README.md @@ -8,10 +8,10 @@ safety, functional correctness, and secret independence. ## Updating HACL* -Use the `refresh.sh` script in this directory to pull in a new upstream code -version. The upstream git hash used for the most recent code pull is recorded -in the script. Modify the script as needed to bring in more if changes are -needed based on upstream code refactoring. +Use the [refresh.sh](refresh.sh) script in this directory to pull in a new +upstream code version. The upstream git hash used for the most recent code +pull is recorded in the script. Modify the script as needed to bring in more +if changes are needed based on upstream code refactoring. Never manually edit HACL\* files. Always add transformation shell code to the `refresh.sh` script to perform any necessary edits. If there are serious code @@ -19,9 +19,9 @@ changes needed, work with the upstream repository. ## Local files -1. `./include/python_hacl_namespaces.h` -1. `./README.md` -1. `./refresh.sh` +* [python_hacl_namespaces.h](python_hacl_namespaces.h) +* [README.md](README.md) +* [refresh.sh](refresh.sh) ## ACKS From 92a1e76f3df370c0dd9b79aef63ef30ac389d1a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sun, 3 Nov 2024 13:20:23 +0100 Subject: [PATCH 05/36] Update `configure` script --- configure | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 13 +++++++++++ 2 files changed, 77 insertions(+) diff --git a/configure b/configure index 1097747e055179..df724b42444090 100755 --- a/configure +++ b/configure @@ -718,6 +718,8 @@ LIBHACL_SIMD256_FLAGS LIBHACL_SIMD128_OBJS LIBHACL_SIMD128_FLAGS LIBHACL_CFLAGS +MODULE__HMAC_FALSE +MODULE__HMAC_TRUE MODULE__BLAKE2_FALSE MODULE__BLAKE2_TRUE MODULE__SHA3_FALSE @@ -1133,6 +1135,7 @@ with_openssl with_openssl_rpath with_ssl_default_suites with_builtin_hashlib_hashes +with_builtin_hashlib_hmac enable_test_modules ' ac_precious_vars='build_alias @@ -1955,6 +1958,9 @@ Optional Packages: --with-builtin-hashlib-hashes=md5,sha1,sha2,sha3,blake2 builtin hash modules, md5, sha1, sha2, sha3 (with shake), blake2 + --with-builtin-hashlib-hmac + use builtin HACL* HMAC when possible [default is + yes] Some influential environment variables: PKG_CONFIG path to pkg-config utility @@ -29084,6 +29090,21 @@ esac done IFS=$as_save_IFS +# builtin HACL* HMAC module +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for --with-builtin-hashlib-hmac=yes,no" >&5 +printf %s "checking for --with-builtin-hashlib-hmac=yes,no... " >&6; } + +# Check whether --with-builtin-hashlib-hmac was given. +if test ${with_builtin_hashlib_hmac+y} +then : + withval=$with_builtin_hashlib_hmac; with_builtin_hashlib_hmac=$with_val +else $as_nop + with_builtin_hashlib_hmac=yes +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_builtin_hashlib_hmac" >&5 +printf "%s\n" "$with_builtin_hashlib_hmac" >&6; } + # Check whether to disable test modules. Once set, setup.py will not build # test extension modules and "make install" will not install test suites. { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for --disable-test-modules" >&5 @@ -30765,6 +30786,45 @@ fi printf "%s\n" "$py_cv_module__blake2" >&6; } + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _hmac" >&5 +printf %s "checking for stdlib extension module _hmac... " >&6; } + if test "$py_cv_module__hmac" != "n/a" +then : + + if test "$with_builtin_hashlib_hmac" = yes +then : + if true +then : + py_cv_module__hmac=yes +else $as_nop + py_cv_module__hmac=missing +fi +else $as_nop + py_cv_module__hmac=disabled +fi + +fi + as_fn_append MODULE_BLOCK "MODULE__HMAC_STATE=$py_cv_module__hmac$as_nl" + if test "x$py_cv_module__hmac" = xyes +then : + + + + +fi + if test "$py_cv_module__hmac" = yes; then + MODULE__HMAC_TRUE= + MODULE__HMAC_FALSE='#' +else + MODULE__HMAC_TRUE='#' + MODULE__HMAC_FALSE= +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $py_cv_module__hmac" >&5 +printf "%s\n" "$py_cv_module__hmac" >&6; } + + LIBHACL_CFLAGS='-I$(srcdir)/Modules/_hacl -I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)' case "$ac_sys_system" in Linux*) @@ -32406,6 +32466,10 @@ if test -z "${MODULE__BLAKE2_TRUE}" && test -z "${MODULE__BLAKE2_FALSE}"; then as_fn_error $? "conditional \"MODULE__BLAKE2\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${MODULE__HMAC_TRUE}" && test -z "${MODULE__HMAC_FALSE}"; then + as_fn_error $? "conditional \"MODULE__HMAC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${MODULE__CTYPES_TRUE}" && test -z "${MODULE__CTYPES_FALSE}"; then as_fn_error $? "conditional \"MODULE__CTYPES\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 diff --git a/configure.ac b/configure.ac index 6d514705e91ce5..d266e01fb62b80 100644 --- a/configure.ac +++ b/configure.ac @@ -7502,6 +7502,15 @@ for builtin_hash in $with_builtin_hashlib_hashes; do done IFS=$as_save_IFS +# builtin HACL* HMAC module +AC_MSG_CHECKING([for --with-builtin-hashlib-hmac=yes,no]) +AC_ARG_WITH([builtin-hashlib-hmac], + [AS_HELP_STRING([--with-builtin-hashlib-hmac], + [use builtin HACL* HMAC when possible @<:@default is yes@:>@])], + [with_builtin_hashlib_hmac=$with_val], + [with_builtin_hashlib_hmac=yes]) +AC_MSG_RESULT([$with_builtin_hashlib_hmac]) + # Check whether to disable test modules. Once set, setup.py will not build # test extension modules and "make install" will not install test suites. AC_MSG_CHECKING([for --disable-test-modules]) @@ -7843,6 +7852,10 @@ PY_STDLIB_MOD([_sha2], [test "$with_builtin_sha2" = yes]) PY_STDLIB_MOD([_sha3], [test "$with_builtin_sha3" = yes]) PY_STDLIB_MOD([_blake2], [test "$with_builtin_blake2" = yes]) +dnl We always build the '_hmac' extension module but falls back +dnl to the Python implementation if needs arise. +PY_STDLIB_MOD([_hmac], [test "$with_builtin_hashlib_hmac" = yes]) + LIBHACL_CFLAGS='-I$(srcdir)/Modules/_hacl -I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)' case "$ac_sys_system" in Linux*) From 027964bf24e86e86a1f5220d0b769b95a4cccc66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sun, 3 Nov 2024 13:20:46 +0100 Subject: [PATCH 06/36] Update Makefile scripts --- Makefile.pre.in | 112 +++++++++++++++++++++++++++++++++------- Modules/Setup | 11 ++-- Modules/Setup.stdlib.in | 13 +++-- 3 files changed, 108 insertions(+), 28 deletions(-) diff --git a/Makefile.pre.in b/Makefile.pre.in index b0263f9f4c21da..8b985cca66e9a2 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in @@ -227,8 +227,12 @@ ENSUREPIP= @ENSUREPIP@ # Internal static libraries LIBMPDEC_A= Modules/_decimal/libmpdec/libmpdec.a LIBEXPAT_A= Modules/expat/libexpat.a +LIBHACL_MD5_A= Modules/_hacl/libHacl_Hash_MD5.a +LIBHACL_SHA1_A= Modules/_hacl/libHacl_Hash_SHA1.a LIBHACL_SHA2_A= Modules/_hacl/libHacl_Hash_SHA2.a +LIBHACL_SHA3_A= Modules/_hacl/libHacl_Hash_SHA3.a LIBHACL_BLAKE2_A= Modules/_hacl/libHacl_Hash_Blake2.a +LIBHACL_HMAC_A= Modules/_hacl/libHacl_HMAC.a LIBHACL_CFLAGS=@LIBHACL_CFLAGS@ LIBHACL_SIMD128_FLAGS=@LIBHACL_SIMD128_FLAGS@ LIBHACL_SIMD256_FLAGS=@LIBHACL_SIMD256_FLAGS@ @@ -657,29 +661,61 @@ LIBEXPAT_HEADERS= \ ########################################################################## # hashlib's HACL* library +LIBHACL_MD5_OBJS= \ + Modules/_hacl/Hacl_Hash_MD5.o + +LIBHACL_SHA1_OBJS= \ + Modules/_hacl/Hacl_Hash_SHA1.o + LIBHACL_SHA2_OBJS= \ - Modules/_hacl/Hacl_Hash_SHA2.o + Modules/_hacl/Hacl_Hash_SHA2.o + +LIBHACL_SHA3_OBJS= \ + Modules/_hacl/Hacl_Hash_SHA3.o LIBHACL_BLAKE2_OBJS= \ - Modules/_hacl/Hacl_Hash_Blake2s.o \ - Modules/_hacl/Hacl_Hash_Blake2b.o \ - Modules/_hacl/Lib_Memzero0.o \ + Modules/_hacl/Hacl_Hash_Blake2s.o \ + Modules/_hacl/Hacl_Hash_Blake2b.o \ + Modules/_hacl/Lib_Memzero0.o \ $(LIBHACL_SIMD128_OBJS) \ $(LIBHACL_SIMD256_OBJS) +LIBHACL_HMAC_OBJS= \ + Modules/_hacl/Hacl_HMAC.o \ + $(LIBHACL_MD5_OBJS) \ + $(LIBHACL_SHA1_OBJS) \ + $(LIBHACL_SHA2_OBJS) \ + $(LIBHACL_SHA3_OBJS) \ + $(LIBHACL_BLAKE2_OBJS) + LIBHACL_HEADERS= \ - Modules/_hacl/include/krml/FStar_UInt128_Verified.h \ - Modules/_hacl/include/krml/FStar_UInt_8_16_32_64.h \ - Modules/_hacl/include/krml/fstar_uint128_struct_endianness.h \ - Modules/_hacl/include/krml/internal/target.h \ - Modules/_hacl/include/krml/lowstar_endianness.h \ - Modules/_hacl/include/krml/types.h \ + Modules/_hacl/include/krml/FStar_UInt128_Verified.h \ + Modules/_hacl/include/krml/FStar_UInt_8_16_32_64.h \ + Modules/_hacl/include/krml/fstar_uint128_struct_endianness.h \ + Modules/_hacl/include/krml/internal/target.h \ + Modules/_hacl/include/krml/lowstar_endianness.h \ + Modules/_hacl/include/krml/types.h \ Modules/_hacl/Hacl_Streaming_Types.h \ - Modules/_hacl/python_hacl_namespaces.h + Modules/_hacl/python_hacl_namespaces.h + +LIBHACL_MD5_HEADERS= \ + Modules/_hacl/Hacl_Hash_MD5.h \ + Modules/_hacl/internal/Hacl_Hash_MD5.h \ + $(LIBHACL_HEADERS) + +LIBHACL_SHA1_HEADERS= \ + Modules/_hacl/Hacl_Hash_SHA1.h \ + Modules/_hacl/internal/Hacl_Hash_SHA1.h \ + $(LIBHACL_HEADERS) LIBHACL_SHA2_HEADERS= \ - Modules/_hacl/Hacl_Hash_SHA2.h \ - Modules/_hacl/internal/Hacl_Hash_SHA2.h \ + Modules/_hacl/Hacl_Hash_SHA2.h \ + Modules/_hacl/internal/Hacl_Hash_SHA2.h \ + $(LIBHACL_HEADERS) + +LIBHACL_SHA3_HEADERS= \ + Modules/_hacl/Hacl_Hash_SHA3.h \ + Modules/_hacl/internal/Hacl_Hash_SHA3.h \ $(LIBHACL_HEADERS) LIBHACL_BLAKE2_HEADERS= \ @@ -694,6 +730,16 @@ LIBHACL_BLAKE2_HEADERS= \ Modules/_hacl/internal/Hacl_Hash_Blake2b_Simd256.h \ $(LIBHACL_HEADERS) +LIBHACL_HMAC_HEADERS= \ + Modules/_hacl/Hacl_HMAC.h \ + Modules/_hacl/internal/Hacl_HMAC.h \ + $(LIBHACL_MD5_HEADERS) \ + $(LIBHACL_SHA1_HEADERS) \ + $(LIBHACL_SHA2_HEADERS) \ + $(LIBHACL_SHA3_HEADERS) \ + $(LIBHACL_BLAKE2_HEADERS) \ + $(LIBHACL_HEADERS) + ######################################################################### # Rules @@ -1377,10 +1423,25 @@ $(LIBEXPAT_A): $(LIBEXPAT_OBJS) $(AR) $(ARFLAGS) $@ $(LIBEXPAT_OBJS) ########################################################################## -# Build HACL* static libraries for hashlib: libHacl_Hash_SHA2.a, and -# libHacl_Blake2.a -- the contents of the latter vary depending on whether we +# Build HACL* static libraries for hashlib and HACL* HMAC. +# +# The contents of libHacl_Blake2.a vary depending on whether we # have the ability to compile vectorized versions +Modules/_hacl/Hacl_Hash_MD5.o: $(srcdir)/Modules/_hacl/Hacl_Hash_MD5.c $(LIBHACL_MD5_HEADERS) + $(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Hash_MD5.c + +$(LIBHACL_MD5_A): $(LIBHACL_MD5_OBJS) + -rm -f $@ + $(AR) $(ARFLAGS) $@ $(LIBHACL_MD5_OBJS) + +Modules/_hacl/Hacl_Hash_SHA1.o: $(srcdir)/Modules/_hacl/Hacl_Hash_SHA1.c $(LIBHACL_SHA1_HEADERS) + $(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Hash_SHA1.c + +$(LIBHACL_SHA1_A): $(LIBHACL_SHA1_OBJS) + -rm -f $@ + $(AR) $(ARFLAGS) $@ $(LIBHACL_SHA1_OBJS) + Modules/_hacl/Hacl_Hash_SHA2.o: $(srcdir)/Modules/_hacl/Hacl_Hash_SHA2.c $(LIBHACL_SHA2_HEADERS) $(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Hash_SHA2.c @@ -1388,6 +1449,13 @@ $(LIBHACL_SHA2_A): $(LIBHACL_SHA2_OBJS) -rm -f $@ $(AR) $(ARFLAGS) $@ $(LIBHACL_SHA2_OBJS) +Modules/_hacl/Hacl_Hash_SHA3.o: $(srcdir)/Modules/_hacl/Hacl_Hash_SHA3.c $(LIBHACL_SHA3_HEADERS) + $(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Hash_SHA3.c + +$(LIBHACL_SHA3_A): $(LIBHACL_SHA3_OBJS) + -rm -f $@ + $(AR) $(ARFLAGS) $@ $(LIBHACL_SHA3_OBJS) + Modules/_hacl/Hacl_Hash_Blake2s.o: $(srcdir)/Modules/_hacl/Hacl_Hash_Blake2s.c $(LIBHACL_BLAKE2_HEADERS) $(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Hash_Blake2s.c @@ -1413,6 +1481,13 @@ $(LIBHACL_BLAKE2_A): $(LIBHACL_BLAKE2_OBJS) -rm -f $@ $(AR) $(ARFLAGS) $@ $(LIBHACL_BLAKE2_OBJS) +Modules/_hacl/Hacl_HMAC.o: $(srcdir)/Modules/_hacl/Hacl_HMAC.c $(LIBHACL_HMAC_HEADERS) + $(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_HMAC.c + +$(LIBHACL_HMAC_A): $(LIBHACL_HMAC_OBJS) + -rm -f $@ + $(AR) $(ARFLAGS) $@ $(LIBHACL_HMAC_OBJS) + # create relative links from build/lib.platform/egg.so to Modules/egg.so # pybuilddir.txt is created too late. We cannot use it in Makefile # targets. ln --relative is not portable. @@ -3198,11 +3273,12 @@ MODULE__DECIMAL_DEPS=$(srcdir)/Modules/_decimal/docstrings.h @LIBMPDEC_INTERNAL@ MODULE__ELEMENTTREE_DEPS=$(srcdir)/Modules/pyexpat.c @LIBEXPAT_INTERNAL@ MODULE__HASHLIB_DEPS=$(srcdir)/Modules/hashlib.h MODULE__IO_DEPS=$(srcdir)/Modules/_io/_iomodule.h -MODULE__MD5_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HEADERS) Modules/_hacl/Hacl_Hash_MD5.h Modules/_hacl/internal/Hacl_Hash_MD5.h Modules/_hacl/Hacl_Hash_MD5.c -MODULE__SHA1_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HEADERS) Modules/_hacl/Hacl_Hash_SHA1.h Modules/_hacl/internal/Hacl_Hash_SHA1.h Modules/_hacl/Hacl_Hash_SHA1.c +MODULE__MD5_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_MD5_HEADERS) $(LIBHACL_MD5_A) +MODULE__SHA1_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_SHA1_HEADERS) $(LIBHACL_SHA1_A) MODULE__SHA2_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_SHA2_HEADERS) $(LIBHACL_SHA2_A) -MODULE__SHA3_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HEADERS) Modules/_hacl/Hacl_Hash_SHA3.h Modules/_hacl/internal/Hacl_Hash_SHA3.h Modules/_hacl/Hacl_Hash_SHA3.c +MODULE__SHA3_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_SHA3_HEADERS) $(LIBHACL_SHA3_A) MODULE__BLAKE2_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_BLAKE2_HEADERS) $(LIBHACL_BLAKE2_A) +MODULE__HMAC_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HMAC_HEADERS) $(LIBHACL_HMAC_A) MODULE__SOCKET_DEPS=$(srcdir)/Modules/socketmodule.h $(srcdir)/Modules/addrinfo.h $(srcdir)/Modules/getaddrinfo.c $(srcdir)/Modules/getnameinfo.c MODULE__SSL_DEPS=$(srcdir)/Modules/_ssl.h $(srcdir)/Modules/_ssl/cert.c $(srcdir)/Modules/_ssl/debughelpers.c $(srcdir)/Modules/_ssl/misc.c $(srcdir)/Modules/_ssl_data_111.h $(srcdir)/Modules/_ssl_data_300.h $(srcdir)/Modules/socketmodule.h MODULE__TESTCAPI_DEPS=$(srcdir)/Modules/_testcapi/parts.h $(srcdir)/Modules/_testcapi/util.h diff --git a/Modules/Setup b/Modules/Setup index ddf39e0b966610..f075571ab94577 100644 --- a/Modules/Setup +++ b/Modules/Setup @@ -165,11 +165,12 @@ PYTHONPATH=$(COREPYTHONPATH) #pyexpat pyexpat.c # hashing builtins -#_blake2 blake2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_Blake2.a -#_md5 md5module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_MD5.c -D_BSD_SOURCE -D_DEFAULT_SOURCE -#_sha1 sha1module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_SHA1.c -D_BSD_SOURCE -D_DEFAULT_SOURCE -#_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA2.a -#_sha3 sha3module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_SHA3.c -D_BSD_SOURCE -D_DEFAULT_SOURCE +#_blake2 blake2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_Blake2.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +#_md5 md5module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_MD5.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +#_sha1 sha1module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA1.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +#_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA2.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +#_sha3 sha3module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA3.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +#_hmac hmacmodule.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_HMAC.a -D_BSD_SOURCE -D_DEFAULT_SOURCE # text encodings and unicode #_codecs_cn cjkcodecs/_codecs_cn.c diff --git a/Modules/Setup.stdlib.in b/Modules/Setup.stdlib.in index 52c0f883d383db..8999bf0f14a4b4 100644 --- a/Modules/Setup.stdlib.in +++ b/Modules/Setup.stdlib.in @@ -78,11 +78,14 @@ @MODULE_READLINE_TRUE@readline readline.c # hashing builtins, can be disabled with --without-builtin-hashlib-hashes -@MODULE__MD5_TRUE@_md5 md5module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_MD5.c -D_BSD_SOURCE -D_DEFAULT_SOURCE -@MODULE__SHA1_TRUE@_sha1 sha1module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_SHA1.c -D_BSD_SOURCE -D_DEFAULT_SOURCE -@MODULE__SHA2_TRUE@_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA2.a -@MODULE__SHA3_TRUE@_sha3 sha3module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_SHA3.c -D_BSD_SOURCE -D_DEFAULT_SOURCE -@MODULE__BLAKE2_TRUE@_blake2 blake2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_Blake2.a +@MODULE__MD5_TRUE@_md5 md5module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_MD5.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +@MODULE__SHA1_TRUE@_sha1 sha1module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA1.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +@MODULE__SHA2_TRUE@_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA2.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +@MODULE__SHA3_TRUE@_sha3 sha3module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA3.a -D_BSD_SOURCE -D_DEFAULT_SOURCE +@MODULE__BLAKE2_TRUE@_blake2 blake2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_Blake2.a -D_BSD_SOURCE -D_DEFAULT_SOURCE + +# HMAC builtin, can be disabled with --without-builtin-hashlib-hmac +@MODULE__HMAC_TRUE@_hmac hmacmodule.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_HMAC.a -D_BSD_SOURCE -D_DEFAULT_SOURCE ############################################################################ # XML and text From 17a2e4649e4f7636a24c25d035d1dac5890fd567 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sun, 3 Nov 2024 13:21:02 +0100 Subject: [PATCH 07/36] Update MSVC project --- PCbuild/pythoncore.vcxproj | 2 ++ PCbuild/pythoncore.vcxproj.filters | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/PCbuild/pythoncore.vcxproj b/PCbuild/pythoncore.vcxproj index a4881e9256e4dd..c30db5f3285a63 100644 --- a/PCbuild/pythoncore.vcxproj +++ b/PCbuild/pythoncore.vcxproj @@ -433,6 +433,7 @@ + @@ -469,6 +470,7 @@ + diff --git a/PCbuild/pythoncore.vcxproj.filters b/PCbuild/pythoncore.vcxproj.filters index 740790cc5e1119..32f22a4007f64a 100644 --- a/PCbuild/pythoncore.vcxproj.filters +++ b/PCbuild/pythoncore.vcxproj.filters @@ -938,6 +938,9 @@ Modules + + Modules + Modules @@ -992,6 +995,9 @@ Modules + + Modules + Modules @@ -1007,6 +1013,9 @@ Modules + + Modules + Modules From 186094b09b1f23cb696e0dc4061935b7a456fe03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sun, 3 Nov 2024 13:21:11 +0100 Subject: [PATCH 08/36] Implement HACL* HMAC module --- Modules/clinic/hmacmodule.c.h | 545 ++++++++++++++++++++++++++++ Modules/hmacmodule.c | 277 ++++++++++++++ PC/config.c | 2 + Python/stdlib_module_names.h | 1 + Tools/c-analyzer/cpython/_parser.py | 1 + 5 files changed, 826 insertions(+) create mode 100644 Modules/clinic/hmacmodule.c.h create mode 100644 Modules/hmacmodule.c diff --git a/Modules/clinic/hmacmodule.c.h b/Modules/clinic/hmacmodule.c.h new file mode 100644 index 00000000000000..3a4b7ffa29bae9 --- /dev/null +++ b/Modules/clinic/hmacmodule.c.h @@ -0,0 +1,545 @@ +/*[clinic input] +preserve +[clinic start generated code]*/ + +#include "pycore_critical_section.h"// Py_BEGIN_CRITICAL_SECTION() +#include "pycore_modsupport.h" // _PyArg_CheckPositional() + +PyDoc_STRVAR(_hmac_compute_md5__doc__, +"compute_md5($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_MD5_METHODDEF \ + {"compute_md5", _PyCFunction_CAST(_hmac_compute_md5), METH_FASTCALL, _hmac_compute_md5__doc__}, + +static PyObject * +_hmac_compute_md5_impl(PyObject *module, Py_buffer *key, Py_buffer *data); + +static PyObject * +_hmac_compute_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_md5", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_md5_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha1__doc__, +"compute_sha1($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA1_METHODDEF \ + {"compute_sha1", _PyCFunction_CAST(_hmac_compute_sha1), METH_FASTCALL, _hmac_compute_sha1__doc__}, + +static PyObject * +_hmac_compute_sha1_impl(PyObject *module, Py_buffer *key, Py_buffer *data); + +static PyObject * +_hmac_compute_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha1", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha1_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha2_224__doc__, +"compute_sha2_224($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA2_224_METHODDEF \ + {"compute_sha2_224", _PyCFunction_CAST(_hmac_compute_sha2_224), METH_FASTCALL, _hmac_compute_sha2_224__doc__}, + +static PyObject * +_hmac_compute_sha2_224_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_sha2_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha2_224", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha2_224_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha2_256__doc__, +"compute_sha2_256($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA2_256_METHODDEF \ + {"compute_sha2_256", _PyCFunction_CAST(_hmac_compute_sha2_256), METH_FASTCALL, _hmac_compute_sha2_256__doc__}, + +static PyObject * +_hmac_compute_sha2_256_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_sha2_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha2_256", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha2_256_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha2_384__doc__, +"compute_sha2_384($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA2_384_METHODDEF \ + {"compute_sha2_384", _PyCFunction_CAST(_hmac_compute_sha2_384), METH_FASTCALL, _hmac_compute_sha2_384__doc__}, + +static PyObject * +_hmac_compute_sha2_384_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_sha2_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha2_384", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha2_384_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha2_512__doc__, +"compute_sha2_512($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA2_512_METHODDEF \ + {"compute_sha2_512", _PyCFunction_CAST(_hmac_compute_sha2_512), METH_FASTCALL, _hmac_compute_sha2_512__doc__}, + +static PyObject * +_hmac_compute_sha2_512_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_sha2_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha2_512", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha2_512_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha3_224__doc__, +"compute_sha3_224($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA3_224_METHODDEF \ + {"compute_sha3_224", _PyCFunction_CAST(_hmac_compute_sha3_224), METH_FASTCALL, _hmac_compute_sha3_224__doc__}, + +static PyObject * +_hmac_compute_sha3_224_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_sha3_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha3_224", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha3_224_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha3_256__doc__, +"compute_sha3_256($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA3_256_METHODDEF \ + {"compute_sha3_256", _PyCFunction_CAST(_hmac_compute_sha3_256), METH_FASTCALL, _hmac_compute_sha3_256__doc__}, + +static PyObject * +_hmac_compute_sha3_256_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_sha3_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha3_256", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha3_256_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha3_384__doc__, +"compute_sha3_384($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA3_384_METHODDEF \ + {"compute_sha3_384", _PyCFunction_CAST(_hmac_compute_sha3_384), METH_FASTCALL, _hmac_compute_sha3_384__doc__}, + +static PyObject * +_hmac_compute_sha3_384_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_sha3_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha3_384", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha3_384_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_sha3_512__doc__, +"compute_sha3_512($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_SHA3_512_METHODDEF \ + {"compute_sha3_512", _PyCFunction_CAST(_hmac_compute_sha3_512), METH_FASTCALL, _hmac_compute_sha3_512__doc__}, + +static PyObject * +_hmac_compute_sha3_512_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_sha3_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_sha3_512", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_sha3_512_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_blake2s_32__doc__, +"compute_blake2s_32($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_BLAKE2S_32_METHODDEF \ + {"compute_blake2s_32", _PyCFunction_CAST(_hmac_compute_blake2s_32), METH_FASTCALL, _hmac_compute_blake2s_32__doc__}, + +static PyObject * +_hmac_compute_blake2s_32_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_blake2s_32(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_blake2s_32", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_blake2s_32_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} + +PyDoc_STRVAR(_hmac_compute_blake2b_32__doc__, +"compute_blake2b_32($module, key, data, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_BLAKE2B_32_METHODDEF \ + {"compute_blake2b_32", _PyCFunction_CAST(_hmac_compute_blake2b_32), METH_FASTCALL, _hmac_compute_blake2b_32__doc__}, + +static PyObject * +_hmac_compute_blake2b_32_impl(PyObject *module, Py_buffer *key, + Py_buffer *data); + +static PyObject * +_hmac_compute_blake2b_32(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + Py_buffer key = {NULL, NULL}; + Py_buffer data = {NULL, NULL}; + + if (!_PyArg_CheckPositional("compute_blake2b_32", nargs, 2, 2)) { + goto exit; + } + if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { + goto exit; + } + if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + goto exit; + } + Py_BEGIN_CRITICAL_SECTION(module); + return_value = _hmac_compute_blake2b_32_impl(module, &key, &data); + Py_END_CRITICAL_SECTION(); + +exit: + /* Cleanup for key */ + if (key.obj) { + PyBuffer_Release(&key); + } + /* Cleanup for data */ + if (data.obj) { + PyBuffer_Release(&data); + } + + return return_value; +} +/*[clinic end generated code: output=c10b8daa18a66857 input=a9049054013a1b77]*/ diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c new file mode 100644 index 00000000000000..73945cc245ca3c --- /dev/null +++ b/Modules/hmacmodule.c @@ -0,0 +1,277 @@ +#ifndef Py_BUILD_CORE_BUILTIN +# define Py_BUILD_CORE_MODULE 1 +#endif + +#include "pyconfig.h" +#include "Python.h" +#include "hashlib.h" + +#include "_hacl/Hacl_HMAC.h" + +#include "clinic/hmacmodule.c.h" + +#define HACL_HMAC_COMPUTE_HASH(HACL_FUNCTION, DIGEST_SIZE, KEY, SRC) \ + do { \ + unsigned char out[DIGEST_SIZE]; \ + HACL_FUNCTION( \ + out, \ + (uint8_t *)KEY->buf, (uint32_t)KEY->len, \ + (uint8_t *)SRC->buf, (uint32_t)SRC->len \ + ); \ + return PyBytes_FromString((const char *)out); \ + } while (0) + +/*[clinic input] +module _hmac +[clinic start generated code]*/ +/*[clinic end generated code: output=da39a3ee5e6b4b0d input=799f0f10157d561f]*/ + +/*[clinic input] +@critical_section +_hmac.compute_md5 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_md5_impl(PyObject *module, Py_buffer *key, Py_buffer *data) +/*[clinic end generated code: output=bcf3dfafd7092a5a input=9ceaaa27ec318007]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_md5, 16, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha1 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha1_impl(PyObject *module, Py_buffer *key, Py_buffer *data) +/*[clinic end generated code: output=f26338ed3aa68853 input=2380452bf9d1fe7d]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha1, 20, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha2_224 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha2_224_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=d9907a240da31c07 input=b874f95fd4b0fb99]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_224, 28, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha2_256 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha2_256_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=1ba977f01c332460 input=c880969b65dca329]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_256, 32, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha2_384 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha2_384_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=5ad8e1c6346fcf5b input=e206968b3c4aad3d]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_384, 48, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha2_512 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha2_512_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=8e73b2c39812934c input=839c27c90c3aed01]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_512, 64, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha3_224 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha3_224_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=5b3ee358e5d96fa8 input=f52550611ea10725]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_224, 28, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha3_256 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha3_256_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=cf977eed9c59ed3b input=ce59d1ddd77c0624]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_256, 32, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha3_384 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha3_384_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=3f576e31d4d05f35 input=f4bca88551693caa]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_384, 48, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_sha3_512 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_sha3_512_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=238126dcba98fda2 input=2f98f302c64eca64]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_512, 64, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_blake2s_32 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_blake2s_32_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=72a8231623e4ccf9 input=0be9099b69bcd9e7]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2s_32, 32, key, data); +} + +/*[clinic input] +@critical_section +_hmac.compute_blake2b_32 + + key: Py_buffer + data: Py_buffer + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_blake2b_32_impl(PyObject *module, Py_buffer *key, + Py_buffer *data) +/*[clinic end generated code: output=ea083dfa29679029 input=aecba54a3e2dff72]*/ +{ + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2b_32, 32, key, data); +} + +static PyMethodDef hmacmodule_methods[] = { + _HMAC_COMPUTE_MD5_METHODDEF + _HMAC_COMPUTE_SHA1_METHODDEF + _HMAC_COMPUTE_SHA2_224_METHODDEF + _HMAC_COMPUTE_SHA2_256_METHODDEF + _HMAC_COMPUTE_SHA2_384_METHODDEF + _HMAC_COMPUTE_SHA2_512_METHODDEF + _HMAC_COMPUTE_SHA3_224_METHODDEF + _HMAC_COMPUTE_SHA3_256_METHODDEF + _HMAC_COMPUTE_SHA3_384_METHODDEF + _HMAC_COMPUTE_SHA3_512_METHODDEF + _HMAC_COMPUTE_BLAKE2S_32_METHODDEF + _HMAC_COMPUTE_BLAKE2B_32_METHODDEF + {NULL, NULL, 0, NULL} +}; + +static struct PyModuleDef_Slot hmacmodule_slots[] = { + {Py_mod_multiple_interpreters, Py_MOD_PER_INTERPRETER_GIL_SUPPORTED}, + {Py_mod_gil, Py_MOD_GIL_NOT_USED}, + {0, NULL} +}; + +static struct PyModuleDef _hmacmodule = { + PyModuleDef_HEAD_INIT, + .m_name = "_hmac", + .m_size = 0, + .m_methods = hmacmodule_methods, + .m_slots = hmacmodule_slots, +}; + +PyMODINIT_FUNC +PyInit__hmac(void) +{ + return PyModuleDef_Init(&_hmacmodule); +} diff --git a/PC/config.c b/PC/config.c index b744f711b0d636..1af3d1ecbd2851 100644 --- a/PC/config.c +++ b/PC/config.c @@ -25,6 +25,7 @@ extern PyObject* PyInit__statistics(void); extern PyObject* PyInit__sysconfig(void); extern PyObject* PyInit__typing(void); extern PyObject* PyInit__blake2(void); +extern PyObject* PyInit__hmac(void); extern PyObject* PyInit_time(void); extern PyObject* PyInit__thread(void); #ifdef WIN32 @@ -102,6 +103,7 @@ struct _inittab _PyImport_Inittab[] = { {"_sha2", PyInit__sha2}, {"_sha3", PyInit__sha3}, {"_blake2", PyInit__blake2}, + {"_hmac", PyInit__hmac}, {"_sysconfig", PyInit__sysconfig}, {"time", PyInit_time}, {"_thread", PyInit__thread}, diff --git a/Python/stdlib_module_names.h b/Python/stdlib_module_names.h index c8cdb933bb108f..46a7c744750cac 100644 --- a/Python/stdlib_module_names.h +++ b/Python/stdlib_module_names.h @@ -38,6 +38,7 @@ static const char* _Py_stdlib_module_names[] = { "_gdbm", "_hashlib", "_heapq", +"_hmac", "_imp", "_interpchannels", "_interpqueues", diff --git a/Tools/c-analyzer/cpython/_parser.py b/Tools/c-analyzer/cpython/_parser.py index 3a73f65f8ff7b3..930b4e34e0a199 100644 --- a/Tools/c-analyzer/cpython/_parser.py +++ b/Tools/c-analyzer/cpython/_parser.py @@ -128,6 +128,7 @@ def clean_lines(text): Modules/sha2module.c Modules/_hacl/include Modules/sha3module.c Modules/_hacl/include Modules/blake2module.c Modules/_hacl/include +Modules/hmacmodule.c Modules/_hacl/include Objects/stringlib/*.h Objects # possible system-installed headers, just in case From b10c7292cdab6d440445cdfb71d45c623b89dea2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Thu, 7 Nov 2024 11:09:31 +0100 Subject: [PATCH 09/36] fix blake2b digest size --- Modules/hmacmodule.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 73945cc245ca3c..7da236dadb12b1 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -237,7 +237,7 @@ _hmac_compute_blake2b_32_impl(PyObject *module, Py_buffer *key, Py_buffer *data) /*[clinic end generated code: output=ea083dfa29679029 input=aecba54a3e2dff72]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2b_32, 32, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2b_32, 64, key, data); } static PyMethodDef hmacmodule_methods[] = { From 6a3515f4bd7bc813b792dff9dfa1c453777a0cbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Thu, 7 Nov 2024 11:12:11 +0100 Subject: [PATCH 10/36] drop un-necessary `@critical_section` --- Modules/clinic/hmacmodule.c.h | 227 +++++++++++++++------------------- Modules/hmacmodule.c | 116 +++++++---------- 2 files changed, 145 insertions(+), 198 deletions(-) diff --git a/Modules/clinic/hmacmodule.c.h b/Modules/clinic/hmacmodule.c.h index 3a4b7ffa29bae9..019bedc63d4f4e 100644 --- a/Modules/clinic/hmacmodule.c.h +++ b/Modules/clinic/hmacmodule.c.h @@ -2,11 +2,10 @@ preserve [clinic start generated code]*/ -#include "pycore_critical_section.h"// Py_BEGIN_CRITICAL_SECTION() #include "pycore_modsupport.h" // _PyArg_CheckPositional() PyDoc_STRVAR(_hmac_compute_md5__doc__, -"compute_md5($module, key, data, /)\n" +"compute_md5($module, key, msg, /)\n" "--\n" "\n"); @@ -14,14 +13,14 @@ PyDoc_STRVAR(_hmac_compute_md5__doc__, {"compute_md5", _PyCFunction_CAST(_hmac_compute_md5), METH_FASTCALL, _hmac_compute_md5__doc__}, static PyObject * -_hmac_compute_md5_impl(PyObject *module, Py_buffer *key, Py_buffer *data); +_hmac_compute_md5_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_md5", nargs, 2, 2)) { goto exit; @@ -29,28 +28,26 @@ _hmac_compute_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs) if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_md5_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_md5_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha1__doc__, -"compute_sha1($module, key, data, /)\n" +"compute_sha1($module, key, msg, /)\n" "--\n" "\n"); @@ -58,14 +55,14 @@ PyDoc_STRVAR(_hmac_compute_sha1__doc__, {"compute_sha1", _PyCFunction_CAST(_hmac_compute_sha1), METH_FASTCALL, _hmac_compute_sha1__doc__}, static PyObject * -_hmac_compute_sha1_impl(PyObject *module, Py_buffer *key, Py_buffer *data); +_hmac_compute_sha1_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha1", nargs, 2, 2)) { goto exit; @@ -73,28 +70,26 @@ _hmac_compute_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs) if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha1_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha1_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha2_224__doc__, -"compute_sha2_224($module, key, data, /)\n" +"compute_sha2_224($module, key, msg, /)\n" "--\n" "\n"); @@ -102,15 +97,14 @@ PyDoc_STRVAR(_hmac_compute_sha2_224__doc__, {"compute_sha2_224", _PyCFunction_CAST(_hmac_compute_sha2_224), METH_FASTCALL, _hmac_compute_sha2_224__doc__}, static PyObject * -_hmac_compute_sha2_224_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); +_hmac_compute_sha2_224_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha2_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha2_224", nargs, 2, 2)) { goto exit; @@ -118,28 +112,26 @@ _hmac_compute_sha2_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha2_224_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha2_224_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha2_256__doc__, -"compute_sha2_256($module, key, data, /)\n" +"compute_sha2_256($module, key, msg, /)\n" "--\n" "\n"); @@ -147,15 +139,14 @@ PyDoc_STRVAR(_hmac_compute_sha2_256__doc__, {"compute_sha2_256", _PyCFunction_CAST(_hmac_compute_sha2_256), METH_FASTCALL, _hmac_compute_sha2_256__doc__}, static PyObject * -_hmac_compute_sha2_256_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); +_hmac_compute_sha2_256_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha2_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha2_256", nargs, 2, 2)) { goto exit; @@ -163,28 +154,26 @@ _hmac_compute_sha2_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha2_256_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha2_256_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha2_384__doc__, -"compute_sha2_384($module, key, data, /)\n" +"compute_sha2_384($module, key, msg, /)\n" "--\n" "\n"); @@ -192,15 +181,14 @@ PyDoc_STRVAR(_hmac_compute_sha2_384__doc__, {"compute_sha2_384", _PyCFunction_CAST(_hmac_compute_sha2_384), METH_FASTCALL, _hmac_compute_sha2_384__doc__}, static PyObject * -_hmac_compute_sha2_384_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); +_hmac_compute_sha2_384_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha2_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha2_384", nargs, 2, 2)) { goto exit; @@ -208,28 +196,26 @@ _hmac_compute_sha2_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha2_384_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha2_384_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha2_512__doc__, -"compute_sha2_512($module, key, data, /)\n" +"compute_sha2_512($module, key, msg, /)\n" "--\n" "\n"); @@ -237,15 +223,14 @@ PyDoc_STRVAR(_hmac_compute_sha2_512__doc__, {"compute_sha2_512", _PyCFunction_CAST(_hmac_compute_sha2_512), METH_FASTCALL, _hmac_compute_sha2_512__doc__}, static PyObject * -_hmac_compute_sha2_512_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); +_hmac_compute_sha2_512_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha2_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha2_512", nargs, 2, 2)) { goto exit; @@ -253,28 +238,26 @@ _hmac_compute_sha2_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha2_512_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha2_512_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha3_224__doc__, -"compute_sha3_224($module, key, data, /)\n" +"compute_sha3_224($module, key, msg, /)\n" "--\n" "\n"); @@ -282,15 +265,14 @@ PyDoc_STRVAR(_hmac_compute_sha3_224__doc__, {"compute_sha3_224", _PyCFunction_CAST(_hmac_compute_sha3_224), METH_FASTCALL, _hmac_compute_sha3_224__doc__}, static PyObject * -_hmac_compute_sha3_224_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); +_hmac_compute_sha3_224_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha3_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha3_224", nargs, 2, 2)) { goto exit; @@ -298,28 +280,26 @@ _hmac_compute_sha3_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha3_224_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha3_224_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha3_256__doc__, -"compute_sha3_256($module, key, data, /)\n" +"compute_sha3_256($module, key, msg, /)\n" "--\n" "\n"); @@ -327,15 +307,14 @@ PyDoc_STRVAR(_hmac_compute_sha3_256__doc__, {"compute_sha3_256", _PyCFunction_CAST(_hmac_compute_sha3_256), METH_FASTCALL, _hmac_compute_sha3_256__doc__}, static PyObject * -_hmac_compute_sha3_256_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); +_hmac_compute_sha3_256_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha3_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha3_256", nargs, 2, 2)) { goto exit; @@ -343,28 +322,26 @@ _hmac_compute_sha3_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha3_256_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha3_256_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha3_384__doc__, -"compute_sha3_384($module, key, data, /)\n" +"compute_sha3_384($module, key, msg, /)\n" "--\n" "\n"); @@ -372,15 +349,14 @@ PyDoc_STRVAR(_hmac_compute_sha3_384__doc__, {"compute_sha3_384", _PyCFunction_CAST(_hmac_compute_sha3_384), METH_FASTCALL, _hmac_compute_sha3_384__doc__}, static PyObject * -_hmac_compute_sha3_384_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); +_hmac_compute_sha3_384_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha3_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha3_384", nargs, 2, 2)) { goto exit; @@ -388,28 +364,26 @@ _hmac_compute_sha3_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha3_384_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha3_384_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_sha3_512__doc__, -"compute_sha3_512($module, key, data, /)\n" +"compute_sha3_512($module, key, msg, /)\n" "--\n" "\n"); @@ -417,15 +391,14 @@ PyDoc_STRVAR(_hmac_compute_sha3_512__doc__, {"compute_sha3_512", _PyCFunction_CAST(_hmac_compute_sha3_512), METH_FASTCALL, _hmac_compute_sha3_512__doc__}, static PyObject * -_hmac_compute_sha3_512_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); +_hmac_compute_sha3_512_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); static PyObject * _hmac_compute_sha3_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_sha3_512", nargs, 2, 2)) { goto exit; @@ -433,28 +406,26 @@ _hmac_compute_sha3_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_sha3_512_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_sha3_512_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_blake2s_32__doc__, -"compute_blake2s_32($module, key, data, /)\n" +"compute_blake2s_32($module, key, msg, /)\n" "--\n" "\n"); @@ -463,14 +434,14 @@ PyDoc_STRVAR(_hmac_compute_blake2s_32__doc__, static PyObject * _hmac_compute_blake2s_32_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); + Py_buffer *msg); static PyObject * _hmac_compute_blake2s_32(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_blake2s_32", nargs, 2, 2)) { goto exit; @@ -478,28 +449,26 @@ _hmac_compute_blake2s_32(PyObject *module, PyObject *const *args, Py_ssize_t nar if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_blake2s_32_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_blake2s_32_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } PyDoc_STRVAR(_hmac_compute_blake2b_32__doc__, -"compute_blake2b_32($module, key, data, /)\n" +"compute_blake2b_32($module, key, msg, /)\n" "--\n" "\n"); @@ -508,14 +477,14 @@ PyDoc_STRVAR(_hmac_compute_blake2b_32__doc__, static PyObject * _hmac_compute_blake2b_32_impl(PyObject *module, Py_buffer *key, - Py_buffer *data); + Py_buffer *msg); static PyObject * _hmac_compute_blake2b_32(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; Py_buffer key = {NULL, NULL}; - Py_buffer data = {NULL, NULL}; + Py_buffer msg = {NULL, NULL}; if (!_PyArg_CheckPositional("compute_blake2b_32", nargs, 2, 2)) { goto exit; @@ -523,23 +492,21 @@ _hmac_compute_blake2b_32(PyObject *module, PyObject *const *args, Py_ssize_t nar if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { goto exit; } - if (PyObject_GetBuffer(args[1], &data, PyBUF_SIMPLE) != 0) { + if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { goto exit; } - Py_BEGIN_CRITICAL_SECTION(module); - return_value = _hmac_compute_blake2b_32_impl(module, &key, &data); - Py_END_CRITICAL_SECTION(); + return_value = _hmac_compute_blake2b_32_impl(module, &key, &msg); exit: /* Cleanup for key */ if (key.obj) { PyBuffer_Release(&key); } - /* Cleanup for data */ - if (data.obj) { - PyBuffer_Release(&data); + /* Cleanup for msg */ + if (msg.obj) { + PyBuffer_Release(&msg); } return return_value; } -/*[clinic end generated code: output=c10b8daa18a66857 input=a9049054013a1b77]*/ +/*[clinic end generated code: output=563e665a88ea572a input=a9049054013a1b77]*/ diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 7da236dadb12b1..2e9d482c30f612 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -27,217 +27,197 @@ module _hmac /*[clinic end generated code: output=da39a3ee5e6b4b0d input=799f0f10157d561f]*/ /*[clinic input] -@critical_section _hmac.compute_md5 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_md5_impl(PyObject *module, Py_buffer *key, Py_buffer *data) -/*[clinic end generated code: output=bcf3dfafd7092a5a input=9ceaaa27ec318007]*/ +_hmac_compute_md5_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=06415d62c949b812 input=ba930327d472e0be]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_md5, 16, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_md5, 16, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha1 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha1_impl(PyObject *module, Py_buffer *key, Py_buffer *data) -/*[clinic end generated code: output=f26338ed3aa68853 input=2380452bf9d1fe7d]*/ +_hmac_compute_sha1_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=3daf26128c9e84b5 input=6015854f4040c058]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha1, 20, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha1, 20, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha2_224 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha2_224_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=d9907a240da31c07 input=b874f95fd4b0fb99]*/ +_hmac_compute_sha2_224_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=f665a01d0ce8873b input=b82974de99696949]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_224, 28, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_224, 28, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha2_256 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha2_256_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=1ba977f01c332460 input=c880969b65dca329]*/ +_hmac_compute_sha2_256_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=6eda2182e50c3832 input=ae9639dccbca11bb]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_256, 32, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_256, 32, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha2_384 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha2_384_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=5ad8e1c6346fcf5b input=e206968b3c4aad3d]*/ +_hmac_compute_sha2_384_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=0fc9803f1d0b731c input=d643b1254bc142e1]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_384, 48, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_384, 48, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha2_512 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha2_512_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=8e73b2c39812934c input=839c27c90c3aed01]*/ +_hmac_compute_sha2_512_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=f4b3f79c749c2100 input=1252a28c102c1d23]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_512, 64, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_512, 64, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha3_224 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha3_224_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=5b3ee358e5d96fa8 input=f52550611ea10725]*/ +_hmac_compute_sha3_224_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=ba0f59d80a557e20 input=b02a4325fbc691ad]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_224, 28, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_224, 28, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha3_256 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha3_256_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=cf977eed9c59ed3b input=ce59d1ddd77c0624]*/ +_hmac_compute_sha3_256_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=cda6fbc13c233f45 input=64a7b8ac5fc62521]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_256, 32, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_256, 32, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha3_384 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha3_384_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=3f576e31d4d05f35 input=f4bca88551693caa]*/ +_hmac_compute_sha3_384_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=5a0fc341caa1b4ed input=3e9e2f74c65193bd]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_384, 48, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_384, 48, key, msg); } /*[clinic input] -@critical_section _hmac.compute_sha3_512 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha3_512_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=238126dcba98fda2 input=2f98f302c64eca64]*/ +_hmac_compute_sha3_512_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) +/*[clinic end generated code: output=af9773a23df74056 input=da79fd5e1de89478]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_512, 64, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_512, 64, key, msg); } /*[clinic input] -@critical_section _hmac.compute_blake2s_32 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * _hmac_compute_blake2s_32_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=72a8231623e4ccf9 input=0be9099b69bcd9e7]*/ + Py_buffer *msg) +/*[clinic end generated code: output=9951eb111793d727 input=cc384ff59f0bf43b]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2s_32, 32, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2s_32, 32, key, msg); } /*[clinic input] -@critical_section _hmac.compute_blake2b_32 key: Py_buffer - data: Py_buffer + msg: Py_buffer / [clinic start generated code]*/ static PyObject * _hmac_compute_blake2b_32_impl(PyObject *module, Py_buffer *key, - Py_buffer *data) -/*[clinic end generated code: output=ea083dfa29679029 input=aecba54a3e2dff72]*/ + Py_buffer *msg) +/*[clinic end generated code: output=341c892645174059 input=52f8b6ccfc97bcba]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2b_32, 64, key, data); + HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2b_32, 64, key, msg); } static PyMethodDef hmacmodule_methods[] = { From 612974e97f8812010dcf9f712bb4e7d51ddf67f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Thu, 7 Nov 2024 11:13:18 +0100 Subject: [PATCH 11/36] Improve 1-shot macro --- Modules/clinic/hmacmodule.c.h | 304 ++++++++-------------------------- Modules/hmacmodule.c | 172 +++++++++++-------- 2 files changed, 173 insertions(+), 303 deletions(-) diff --git a/Modules/clinic/hmacmodule.c.h b/Modules/clinic/hmacmodule.c.h index 019bedc63d4f4e..5210d553e4fa07 100644 --- a/Modules/clinic/hmacmodule.c.h +++ b/Modules/clinic/hmacmodule.c.h @@ -13,36 +13,23 @@ PyDoc_STRVAR(_hmac_compute_md5__doc__, {"compute_md5", _PyCFunction_CAST(_hmac_compute_md5), METH_FASTCALL, _hmac_compute_md5__doc__}, static PyObject * -_hmac_compute_md5_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_md5_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_md5", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_md5_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_md5_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -55,36 +42,23 @@ PyDoc_STRVAR(_hmac_compute_sha1__doc__, {"compute_sha1", _PyCFunction_CAST(_hmac_compute_sha1), METH_FASTCALL, _hmac_compute_sha1__doc__}, static PyObject * -_hmac_compute_sha1_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha1_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha1", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha1_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha1_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -97,36 +71,23 @@ PyDoc_STRVAR(_hmac_compute_sha2_224__doc__, {"compute_sha2_224", _PyCFunction_CAST(_hmac_compute_sha2_224), METH_FASTCALL, _hmac_compute_sha2_224__doc__}, static PyObject * -_hmac_compute_sha2_224_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha2_224_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha2_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha2_224", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha2_224_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha2_224_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -139,36 +100,23 @@ PyDoc_STRVAR(_hmac_compute_sha2_256__doc__, {"compute_sha2_256", _PyCFunction_CAST(_hmac_compute_sha2_256), METH_FASTCALL, _hmac_compute_sha2_256__doc__}, static PyObject * -_hmac_compute_sha2_256_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha2_256_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha2_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha2_256", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha2_256_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha2_256_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -181,36 +129,23 @@ PyDoc_STRVAR(_hmac_compute_sha2_384__doc__, {"compute_sha2_384", _PyCFunction_CAST(_hmac_compute_sha2_384), METH_FASTCALL, _hmac_compute_sha2_384__doc__}, static PyObject * -_hmac_compute_sha2_384_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha2_384_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha2_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha2_384", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha2_384_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha2_384_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -223,36 +158,23 @@ PyDoc_STRVAR(_hmac_compute_sha2_512__doc__, {"compute_sha2_512", _PyCFunction_CAST(_hmac_compute_sha2_512), METH_FASTCALL, _hmac_compute_sha2_512__doc__}, static PyObject * -_hmac_compute_sha2_512_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha2_512_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha2_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha2_512", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha2_512_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha2_512_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -265,36 +187,23 @@ PyDoc_STRVAR(_hmac_compute_sha3_224__doc__, {"compute_sha3_224", _PyCFunction_CAST(_hmac_compute_sha3_224), METH_FASTCALL, _hmac_compute_sha3_224__doc__}, static PyObject * -_hmac_compute_sha3_224_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha3_224_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha3_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha3_224", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha3_224_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha3_224_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -307,36 +216,23 @@ PyDoc_STRVAR(_hmac_compute_sha3_256__doc__, {"compute_sha3_256", _PyCFunction_CAST(_hmac_compute_sha3_256), METH_FASTCALL, _hmac_compute_sha3_256__doc__}, static PyObject * -_hmac_compute_sha3_256_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha3_256_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha3_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha3_256", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha3_256_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha3_256_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -349,36 +245,23 @@ PyDoc_STRVAR(_hmac_compute_sha3_384__doc__, {"compute_sha3_384", _PyCFunction_CAST(_hmac_compute_sha3_384), METH_FASTCALL, _hmac_compute_sha3_384__doc__}, static PyObject * -_hmac_compute_sha3_384_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha3_384_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha3_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha3_384", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha3_384_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha3_384_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -391,36 +274,23 @@ PyDoc_STRVAR(_hmac_compute_sha3_512__doc__, {"compute_sha3_512", _PyCFunction_CAST(_hmac_compute_sha3_512), METH_FASTCALL, _hmac_compute_sha3_512__doc__}, static PyObject * -_hmac_compute_sha3_512_impl(PyObject *module, Py_buffer *key, Py_buffer *msg); +_hmac_compute_sha3_512_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_sha3_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_sha3_512", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_sha3_512_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_sha3_512_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -433,37 +303,23 @@ PyDoc_STRVAR(_hmac_compute_blake2s_32__doc__, {"compute_blake2s_32", _PyCFunction_CAST(_hmac_compute_blake2s_32), METH_FASTCALL, _hmac_compute_blake2s_32__doc__}, static PyObject * -_hmac_compute_blake2s_32_impl(PyObject *module, Py_buffer *key, - Py_buffer *msg); +_hmac_compute_blake2s_32_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_blake2s_32(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_blake2s_32", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_blake2s_32_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_blake2s_32_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } @@ -476,37 +332,23 @@ PyDoc_STRVAR(_hmac_compute_blake2b_32__doc__, {"compute_blake2b_32", _PyCFunction_CAST(_hmac_compute_blake2b_32), METH_FASTCALL, _hmac_compute_blake2b_32__doc__}, static PyObject * -_hmac_compute_blake2b_32_impl(PyObject *module, Py_buffer *key, - Py_buffer *msg); +_hmac_compute_blake2b_32_impl(PyObject *module, PyObject *key, PyObject *msg); static PyObject * _hmac_compute_blake2b_32(PyObject *module, PyObject *const *args, Py_ssize_t nargs) { PyObject *return_value = NULL; - Py_buffer key = {NULL, NULL}; - Py_buffer msg = {NULL, NULL}; + PyObject *key; + PyObject *msg; if (!_PyArg_CheckPositional("compute_blake2b_32", nargs, 2, 2)) { goto exit; } - if (PyObject_GetBuffer(args[0], &key, PyBUF_SIMPLE) != 0) { - goto exit; - } - if (PyObject_GetBuffer(args[1], &msg, PyBUF_SIMPLE) != 0) { - goto exit; - } - return_value = _hmac_compute_blake2b_32_impl(module, &key, &msg); + key = args[0]; + msg = args[1]; + return_value = _hmac_compute_blake2b_32_impl(module, key, msg); exit: - /* Cleanup for key */ - if (key.obj) { - PyBuffer_Release(&key); - } - /* Cleanup for msg */ - if (msg.obj) { - PyBuffer_Release(&msg); - } - return return_value; } -/*[clinic end generated code: output=563e665a88ea572a input=a9049054013a1b77]*/ +/*[clinic end generated code: output=02933e59cf87411a input=a9049054013a1b77]*/ diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 2e9d482c30f612..2ca35c5c7c6555 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -2,7 +2,6 @@ # define Py_BUILD_CORE_MODULE 1 #endif -#include "pyconfig.h" #include "Python.h" #include "hashlib.h" @@ -10,15 +9,46 @@ #include "clinic/hmacmodule.c.h" -#define HACL_HMAC_COMPUTE_HASH(HACL_FUNCTION, DIGEST_SIZE, KEY, SRC) \ - do { \ - unsigned char out[DIGEST_SIZE]; \ - HACL_FUNCTION( \ - out, \ - (uint8_t *)KEY->buf, (uint32_t)KEY->len, \ - (uint8_t *)SRC->buf, (uint32_t)SRC->len \ - ); \ - return PyBytes_FromString((const char *)out); \ +typedef void (*HACL_HMAC_digest_f)(uint8_t *out, + uint8_t *key, uint32_t keylen, + uint8_t *msg, uint32_t msglen); + +/* Check that the buffer length fits on a uint32_t. */ +static inline int +has_uint32_t_buffer_length(const Py_buffer *buffer) +{ +#if PY_SSIZE_T_MAX > UINT32_MAX + return buffer->len <= (Py_ssize_t)UINT32_MAX; +#else + return 1; +#endif +} + +/* One-shot HMAC-HASH using the given HACL_HMAC_FUNCTION. */ +#define Py_HACL_HMAC_ONESHOT(HACL_HMAC_FUNCTION, DIGEST_SIZE, KEY, MSG) \ + do { \ + Py_buffer keyview, msgview; \ + GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \ + if (!has_uint32_t_buffer_length(&keyview)) { \ + PyErr_SetString(PyExc_ValueError, \ + "key length exceeds UINT32_MAX"); \ + return NULL; \ + } \ + GET_BUFFER_VIEW_OR_ERROUT((MSG), &msgview); \ + if (!has_uint32_t_buffer_length(&msgview)) { \ + PyErr_SetString(PyExc_ValueError, \ + "message length exceeds UINT32_MAX"); \ + return NULL; \ + } \ + uint8_t out[(DIGEST_SIZE)]; \ + HACL_HMAC_FUNCTION( \ + out, \ + (uint8_t *)keyview.buf, (uint32_t)keyview.len, \ + (uint8_t *)msgview.buf, (uint32_t)msgview.len \ + ); \ + PyBuffer_Release(&msgview); \ + PyBuffer_Release(&keyview); \ + return PyBytes_FromStringAndSize((const char *)out, (DIGEST_SIZE)); \ } while (0) /*[clinic input] @@ -29,195 +59,193 @@ module _hmac /*[clinic input] _hmac.compute_md5 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_md5_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=06415d62c949b812 input=ba930327d472e0be]*/ +_hmac_compute_md5_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=7837a4ceccbbf636 input=77a4b774c7d61218]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_md5, 16, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_md5, 16, key, msg); } /*[clinic input] _hmac.compute_sha1 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha1_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=3daf26128c9e84b5 input=6015854f4040c058]*/ +_hmac_compute_sha1_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=79fd7689c83691d8 input=3b64dccc6bdbe4ba]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha1, 20, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha1, 20, key, msg); } /*[clinic input] _hmac.compute_sha2_224 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha2_224_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=f665a01d0ce8873b input=b82974de99696949]*/ +_hmac_compute_sha2_224_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=7f21f1613e53979e input=bcaac7a3637484ce]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_224, 28, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha2_224, 28, key, msg); } /*[clinic input] _hmac.compute_sha2_256 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha2_256_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=6eda2182e50c3832 input=ae9639dccbca11bb]*/ +_hmac_compute_sha2_256_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=d4a291f7d9a82459 input=6e2d1f6fe9c56d21]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_256, 32, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha2_256, 32, key, msg); } /*[clinic input] _hmac.compute_sha2_384 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha2_384_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=0fc9803f1d0b731c input=d643b1254bc142e1]*/ +_hmac_compute_sha2_384_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=f211fa26e3700c27 input=9ce8de89dda79e62]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_384, 48, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha2_384, 48, key, msg); } /*[clinic input] _hmac.compute_sha2_512 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha2_512_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=f4b3f79c749c2100 input=1252a28c102c1d23]*/ +_hmac_compute_sha2_512_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=d5c20373762cecca input=b964bb8487d7debd]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha2_512, 64, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha2_512, 64, key, msg); } /*[clinic input] _hmac.compute_sha3_224 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha3_224_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=ba0f59d80a557e20 input=b02a4325fbc691ad]*/ +_hmac_compute_sha3_224_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=a242ccac9ad9c22b input=d0ab0c7d189c3d87]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_224, 28, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha3_224, 28, key, msg); } /*[clinic input] _hmac.compute_sha3_256 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha3_256_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=cda6fbc13c233f45 input=64a7b8ac5fc62521]*/ +_hmac_compute_sha3_256_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=b539dbb61af2fe0b input=f05d7b6364b35d02]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_256, 32, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha3_256, 32, key, msg); } /*[clinic input] _hmac.compute_sha3_384 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha3_384_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=5a0fc341caa1b4ed input=3e9e2f74c65193bd]*/ +_hmac_compute_sha3_384_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=5eb372fb5c4ffd3a input=d842d393e7aa05ae]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_384, 48, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha3_384, 48, key, msg); } /*[clinic input] _hmac.compute_sha3_512 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_sha3_512_impl(PyObject *module, Py_buffer *key, Py_buffer *msg) -/*[clinic end generated code: output=af9773a23df74056 input=da79fd5e1de89478]*/ +_hmac_compute_sha3_512_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=154bcbf8c2eacac1 input=166fe5baaeaabfde]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_sha3_512, 64, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha3_512, 64, key, msg); } /*[clinic input] _hmac.compute_blake2s_32 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_blake2s_32_impl(PyObject *module, Py_buffer *key, - Py_buffer *msg) -/*[clinic end generated code: output=9951eb111793d727 input=cc384ff59f0bf43b]*/ +_hmac_compute_blake2s_32_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=cfc730791bc62361 input=d22c36e7fe31a985]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2s_32, 32, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_blake2s_32, 32, key, msg); } /*[clinic input] _hmac.compute_blake2b_32 - key: Py_buffer - msg: Py_buffer + key: object + msg: object / [clinic start generated code]*/ static PyObject * -_hmac_compute_blake2b_32_impl(PyObject *module, Py_buffer *key, - Py_buffer *msg) -/*[clinic end generated code: output=341c892645174059 input=52f8b6ccfc97bcba]*/ +_hmac_compute_blake2b_32_impl(PyObject *module, PyObject *key, PyObject *msg) +/*[clinic end generated code: output=765c5c4fb9124636 input=4a35ee058d172f4b]*/ { - HACL_HMAC_COMPUTE_HASH(Hacl_HMAC_compute_blake2b_32, 64, key, msg); + Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_blake2b_32, 64, key, msg); } static PyMethodDef hmacmodule_methods[] = { From e71413525a39a1d6f167ff9785b3e4f27d6727b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Thu, 7 Nov 2024 11:56:04 +0100 Subject: [PATCH 12/36] Define HMAC static information --- Modules/hmacmodule.c | 109 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 94 insertions(+), 15 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 2ca35c5c7c6555..3c94e32f7e2160 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -9,9 +9,64 @@ #include "clinic/hmacmodule.c.h" -typedef void (*HACL_HMAC_digest_f)(uint8_t *out, - uint8_t *key, uint32_t keylen, - uint8_t *msg, uint32_t msglen); +typedef void (*HACL_HMAC_digest_func_t)(uint8_t *out, + uint8_t *key, uint32_t keylen, + uint8_t *msg, uint32_t msglen); + +// HMAC underlying hash function static information. + +/* MD-5 */ +#define Py_hmac_md5_block_size 64 +#define Py_hmac_md5_digest_size 16 +#define Py_hmac_md5_digest_func Hacl_HMAC_compute_md5 + +/* SHA-1 family */ +#define Py_hmac_sha1_block_size 64 +#define Py_hmac_sha1_digest_size 20 +#define Py_hmac_sha1_digest_func Hacl_HMAC_compute_sha1 + +/* SHA-2 family */ +#define Py_hmac_sha2_224_block_size 64 +#define Py_hmac_sha2_224_digest_size 28 +#define Py_hmac_sha2_224_digest_func Hacl_HMAC_compute_sha2_224 + +#define Py_hmac_sha2_256_block_size 64 +#define Py_hmac_sha2_256_digest_size 32 +#define Py_hmac_sha2_256_digest_func Hacl_HMAC_compute_sha2_256 + +#define Py_hmac_sha2_384_block_size 128 +#define Py_hmac_sha2_384_digest_size 48 +#define Py_hmac_sha2_384_digest_func Hacl_HMAC_compute_sha2_384 + +#define Py_hmac_sha2_512_block_size 128 +#define Py_hmac_sha2_512_digest_size 64 +#define Py_hmac_sha2_512_digest_func Hacl_HMAC_compute_sha2_512 + +/* SHA-3 family */ +#define Py_hmac_sha3_224_block_size 144 +#define Py_hmac_sha3_224_digest_size 28 +#define Py_hmac_sha3_224_digest_func Hacl_HMAC_compute_sha3_224 + +#define Py_hmac_sha3_256_block_size 136 +#define Py_hmac_sha3_256_digest_size 32 +#define Py_hmac_sha3_256_digest_func Hacl_HMAC_compute_sha3_256 + +#define Py_hmac_sha3_384_block_size 104 +#define Py_hmac_sha3_384_digest_size 48 +#define Py_hmac_sha3_384_digest_func Hacl_HMAC_compute_sha3_384 + +#define Py_hmac_sha3_512_block_size 72 +#define Py_hmac_sha3_512_digest_size 64 +#define Py_hmac_sha3_512_digest_func Hacl_HMAC_compute_sha3_512 + +/* Blake family */ +#define Py_hmac_blake2s_block_size 64 +#define Py_hmac_blake2s_digest_size 32 +#define Py_hmac_blake2s_digest_func Hacl_HMAC_compute_blake2s_32 + +#define Py_hmac_blake2b_block_size 128 +#define Py_hmac_blake2b_digest_size 64 +#define Py_hmac_blake2b_digest_func Hacl_HMAC_compute_blake2b_32 /* Check that the buffer length fits on a uint32_t. */ static inline int @@ -69,7 +124,9 @@ static PyObject * _hmac_compute_md5_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=7837a4ceccbbf636 input=77a4b774c7d61218]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_md5, 16, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_md5_digest_func, + Py_hmac_md5_digest_size, + key, msg); } /*[clinic input] @@ -85,7 +142,9 @@ static PyObject * _hmac_compute_sha1_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=79fd7689c83691d8 input=3b64dccc6bdbe4ba]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha1, 20, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha1_digest_func, + Py_hmac_sha1_digest_size, + key, msg); } /*[clinic input] @@ -101,7 +160,9 @@ static PyObject * _hmac_compute_sha2_224_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=7f21f1613e53979e input=bcaac7a3637484ce]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha2_224, 28, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_224_digest_func, + Py_hmac_sha2_224_digest_size, + key, msg); } /*[clinic input] @@ -117,7 +178,9 @@ static PyObject * _hmac_compute_sha2_256_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=d4a291f7d9a82459 input=6e2d1f6fe9c56d21]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha2_256, 32, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_256_digest_func, + Py_hmac_sha2_256_digest_size, + key, msg); } /*[clinic input] @@ -133,7 +196,9 @@ static PyObject * _hmac_compute_sha2_384_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=f211fa26e3700c27 input=9ce8de89dda79e62]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha2_384, 48, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_384_digest_func, + Py_hmac_sha2_384_digest_size, + key, msg); } /*[clinic input] @@ -149,7 +214,9 @@ static PyObject * _hmac_compute_sha2_512_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=d5c20373762cecca input=b964bb8487d7debd]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha2_512, 64, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_512_digest_func, + Py_hmac_sha2_512_digest_size, + key, msg); } /*[clinic input] @@ -165,7 +232,9 @@ static PyObject * _hmac_compute_sha3_224_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=a242ccac9ad9c22b input=d0ab0c7d189c3d87]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha3_224, 28, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_224_digest_func, + Py_hmac_sha3_224_digest_size, + key, msg); } /*[clinic input] @@ -181,7 +250,9 @@ static PyObject * _hmac_compute_sha3_256_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=b539dbb61af2fe0b input=f05d7b6364b35d02]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha3_256, 32, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_256_digest_func, + Py_hmac_sha3_256_digest_size, + key, msg); } /*[clinic input] @@ -197,7 +268,9 @@ static PyObject * _hmac_compute_sha3_384_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=5eb372fb5c4ffd3a input=d842d393e7aa05ae]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha3_384, 48, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_384_digest_func, + Py_hmac_sha3_384_digest_size, + key, msg); } /*[clinic input] @@ -213,7 +286,9 @@ static PyObject * _hmac_compute_sha3_512_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=154bcbf8c2eacac1 input=166fe5baaeaabfde]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_sha3_512, 64, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_512_digest_func, + Py_hmac_sha3_512_digest_size, + key, msg); } /*[clinic input] @@ -229,7 +304,9 @@ static PyObject * _hmac_compute_blake2s_32_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=cfc730791bc62361 input=d22c36e7fe31a985]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_blake2s_32, 32, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_blake2s_digest_func, + Py_hmac_blake2s_digest_size, + key, msg); } /*[clinic input] @@ -245,7 +322,9 @@ static PyObject * _hmac_compute_blake2b_32_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=765c5c4fb9124636 input=4a35ee058d172f4b]*/ { - Py_HACL_HMAC_ONESHOT(Hacl_HMAC_compute_blake2b_32, 64, key, msg); + Py_HACL_HMAC_ONESHOT(Py_hmac_blake2b_digest_func, + Py_hmac_blake2b_digest_size, + key, msg); } static PyMethodDef hmacmodule_methods[] = { From 9fb6300a5047721d200a38b83cd41f4f537fb92c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Fri, 8 Nov 2024 13:01:35 +0100 Subject: [PATCH 13/36] reduce the possibility of typos --- Modules/hmacmodule.c | 142 +++++++++++++++++++++++-------------------- 1 file changed, 75 insertions(+), 67 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 3c94e32f7e2160..649684ac7518d6 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -16,57 +16,83 @@ typedef void (*HACL_HMAC_digest_func_t)(uint8_t *out, // HMAC underlying hash function static information. /* MD-5 */ +// (HACL_HID = md5) #define Py_hmac_md5_block_size 64 #define Py_hmac_md5_digest_size 16 +#define Py_hmac_md5_update_func NULL #define Py_hmac_md5_digest_func Hacl_HMAC_compute_md5 /* SHA-1 family */ +// HACL_HID = sha1 #define Py_hmac_sha1_block_size 64 #define Py_hmac_sha1_digest_size 20 +#define Py_hmac_sha1_update_func NULL #define Py_hmac_sha1_digest_func Hacl_HMAC_compute_sha1 /* SHA-2 family */ +// HACL_HID = sha2_224 #define Py_hmac_sha2_224_block_size 64 #define Py_hmac_sha2_224_digest_size 28 +#define Py_hmac_sha2_224_update_func NULL #define Py_hmac_sha2_224_digest_func Hacl_HMAC_compute_sha2_224 +// HACL_HID = sha2_256 #define Py_hmac_sha2_256_block_size 64 #define Py_hmac_sha2_256_digest_size 32 +#define Py_hmac_sha2_256_update_func NULL #define Py_hmac_sha2_256_digest_func Hacl_HMAC_compute_sha2_256 +// HACL_HID = sha2_384 #define Py_hmac_sha2_384_block_size 128 #define Py_hmac_sha2_384_digest_size 48 +#define Py_hmac_sha2_384_update_func NULL #define Py_hmac_sha2_384_digest_func Hacl_HMAC_compute_sha2_384 +// HACL_HID = sha2_512 #define Py_hmac_sha2_512_block_size 128 #define Py_hmac_sha2_512_digest_size 64 +#define Py_hmac_sha2_512_update_func NULL #define Py_hmac_sha2_512_digest_func Hacl_HMAC_compute_sha2_512 /* SHA-3 family */ +// HACL_HID = sha3_224 #define Py_hmac_sha3_224_block_size 144 #define Py_hmac_sha3_224_digest_size 28 +#define Py_hmac_sha3_224_update_func NULL #define Py_hmac_sha3_224_digest_func Hacl_HMAC_compute_sha3_224 +// HACL_HID = sha3_256 #define Py_hmac_sha3_256_block_size 136 #define Py_hmac_sha3_256_digest_size 32 +#define Py_hmac_sha3_256_update_func NULL #define Py_hmac_sha3_256_digest_func Hacl_HMAC_compute_sha3_256 +// HACL_HID = sha3_384 #define Py_hmac_sha3_384_block_size 104 #define Py_hmac_sha3_384_digest_size 48 +#define Py_hmac_sha3_384_update_func NULL #define Py_hmac_sha3_384_digest_func Hacl_HMAC_compute_sha3_384 +// HACL_HID = sha3_512 #define Py_hmac_sha3_512_block_size 72 #define Py_hmac_sha3_512_digest_size 64 +#define Py_hmac_sha3_512_update_func NULL #define Py_hmac_sha3_512_digest_func Hacl_HMAC_compute_sha3_512 /* Blake family */ -#define Py_hmac_blake2s_block_size 64 -#define Py_hmac_blake2s_digest_size 32 -#define Py_hmac_blake2s_digest_func Hacl_HMAC_compute_blake2s_32 +// HACL_HID = blake2s_32 +#define Py_hmac_blake2s_32_block_size 64 +#define Py_hmac_blake2s_32_digest_size 32 +#define Py_hmac_blake2s_32_update_func NULL +#define Py_hmac_blake2s_32_digest_func Hacl_HMAC_compute_blake2s_32 -#define Py_hmac_blake2b_block_size 128 -#define Py_hmac_blake2b_digest_size 64 -#define Py_hmac_blake2b_digest_func Hacl_HMAC_compute_blake2b_32 +// HACL_HID = blake2b_32 +#define Py_hmac_blake2b_32_block_size 128 +#define Py_hmac_blake2b_32_digest_size 64 +#define Py_hmac_blake2b_32_update_func NULL +#define Py_hmac_blake2b_32_digest_func Hacl_HMAC_compute_blake2b_32 + +#define Py_hmac_hash_max_digest_size 64 /* Check that the buffer length fits on a uint32_t. */ static inline int @@ -79,31 +105,37 @@ has_uint32_t_buffer_length(const Py_buffer *buffer) #endif } -/* One-shot HMAC-HASH using the given HACL_HMAC_FUNCTION. */ -#define Py_HACL_HMAC_ONESHOT(HACL_HMAC_FUNCTION, DIGEST_SIZE, KEY, MSG) \ - do { \ - Py_buffer keyview, msgview; \ - GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \ - if (!has_uint32_t_buffer_length(&keyview)) { \ - PyErr_SetString(PyExc_ValueError, \ - "key length exceeds UINT32_MAX"); \ - return NULL; \ - } \ - GET_BUFFER_VIEW_OR_ERROUT((MSG), &msgview); \ - if (!has_uint32_t_buffer_length(&msgview)) { \ - PyErr_SetString(PyExc_ValueError, \ - "message length exceeds UINT32_MAX"); \ - return NULL; \ - } \ - uint8_t out[(DIGEST_SIZE)]; \ - HACL_HMAC_FUNCTION( \ - out, \ - (uint8_t *)keyview.buf, (uint32_t)keyview.len, \ - (uint8_t *)msgview.buf, (uint32_t)msgview.len \ - ); \ - PyBuffer_Release(&msgview); \ - PyBuffer_Release(&keyview); \ - return PyBytes_FromStringAndSize((const char *)out, (DIGEST_SIZE)); \ +/* One-shot HMAC-HASH using the given HACL_HID. */ +#define Py_HACL_HMAC_ONESHOT(HACL_HID, KEY, MSG) \ + do { \ + Py_buffer keyview, msgview; \ + GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \ + if (!has_uint32_t_buffer_length(&keyview)) { \ + PyBuffer_Release(&keyview); \ + PyErr_SetString(PyExc_ValueError, \ + "key length exceeds UINT32_MAX"); \ + return NULL; \ + } \ + GET_BUFFER_VIEW_OR_ERROUT((MSG), &msgview); \ + if (!has_uint32_t_buffer_length(&msgview)) { \ + PyBuffer_Release(&msgview); \ + PyBuffer_Release(&keyview); \ + PyErr_SetString(PyExc_ValueError, \ + "message length exceeds UINT32_MAX"); \ + return NULL; \ + } \ + uint8_t out[Py_hmac_## HACL_HID ##_digest_size]; \ + Py_hmac_## HACL_HID ##_digest_func( \ + out, \ + (uint8_t *)keyview.buf, (uint32_t)keyview.len, \ + (uint8_t *)msgview.buf, (uint32_t)msgview.len \ + ); \ + PyBuffer_Release(&msgview); \ + PyBuffer_Release(&keyview); \ + return PyBytes_FromStringAndSize( \ + (const char *)out, \ + Py_hmac_## HACL_HID ##_digest_size \ + ); \ } while (0) /*[clinic input] @@ -124,9 +156,7 @@ static PyObject * _hmac_compute_md5_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=7837a4ceccbbf636 input=77a4b774c7d61218]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_md5_digest_func, - Py_hmac_md5_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(md5, key, msg); } /*[clinic input] @@ -142,9 +172,7 @@ static PyObject * _hmac_compute_sha1_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=79fd7689c83691d8 input=3b64dccc6bdbe4ba]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha1_digest_func, - Py_hmac_sha1_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha1, key, msg); } /*[clinic input] @@ -160,9 +188,7 @@ static PyObject * _hmac_compute_sha2_224_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=7f21f1613e53979e input=bcaac7a3637484ce]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_224_digest_func, - Py_hmac_sha2_224_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha2_224, key, msg); } /*[clinic input] @@ -178,9 +204,7 @@ static PyObject * _hmac_compute_sha2_256_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=d4a291f7d9a82459 input=6e2d1f6fe9c56d21]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_256_digest_func, - Py_hmac_sha2_256_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha2_256, key, msg); } /*[clinic input] @@ -196,9 +220,7 @@ static PyObject * _hmac_compute_sha2_384_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=f211fa26e3700c27 input=9ce8de89dda79e62]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_384_digest_func, - Py_hmac_sha2_384_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha2_384, key, msg); } /*[clinic input] @@ -214,9 +236,7 @@ static PyObject * _hmac_compute_sha2_512_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=d5c20373762cecca input=b964bb8487d7debd]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_512_digest_func, - Py_hmac_sha2_512_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha2_512, key, msg); } /*[clinic input] @@ -232,9 +252,7 @@ static PyObject * _hmac_compute_sha3_224_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=a242ccac9ad9c22b input=d0ab0c7d189c3d87]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_224_digest_func, - Py_hmac_sha3_224_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha3_224, key, msg); } /*[clinic input] @@ -250,9 +268,7 @@ static PyObject * _hmac_compute_sha3_256_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=b539dbb61af2fe0b input=f05d7b6364b35d02]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_256_digest_func, - Py_hmac_sha3_256_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha3_256, key, msg); } /*[clinic input] @@ -268,9 +284,7 @@ static PyObject * _hmac_compute_sha3_384_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=5eb372fb5c4ffd3a input=d842d393e7aa05ae]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_384_digest_func, - Py_hmac_sha3_384_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha3_384, key, msg); } /*[clinic input] @@ -286,9 +300,7 @@ static PyObject * _hmac_compute_sha3_512_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=154bcbf8c2eacac1 input=166fe5baaeaabfde]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_512_digest_func, - Py_hmac_sha3_512_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(sha3_512, key, msg); } /*[clinic input] @@ -304,9 +316,7 @@ static PyObject * _hmac_compute_blake2s_32_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=cfc730791bc62361 input=d22c36e7fe31a985]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_blake2s_digest_func, - Py_hmac_blake2s_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(blake2s_32, key, msg); } /*[clinic input] @@ -322,9 +332,7 @@ static PyObject * _hmac_compute_blake2b_32_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=765c5c4fb9124636 input=4a35ee058d172f4b]*/ { - Py_HACL_HMAC_ONESHOT(Py_hmac_blake2b_digest_func, - Py_hmac_blake2b_digest_size, - key, msg); + Py_HACL_HMAC_ONESHOT(blake2b_32, key, msg); } static PyMethodDef hmacmodule_methods[] = { From 755d6c0768e7fe37dd693fad2d08af4663b20873 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Fri, 8 Nov 2024 13:32:33 +0100 Subject: [PATCH 14/36] update names --- Modules/hmacmodule.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 649684ac7518d6..e1d18604947c17 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -106,7 +106,7 @@ has_uint32_t_buffer_length(const Py_buffer *buffer) } /* One-shot HMAC-HASH using the given HACL_HID. */ -#define Py_HACL_HMAC_ONESHOT(HACL_HID, KEY, MSG) \ +#define Py_HMAC_HACL_ONESHOT(HACL_HID, KEY, MSG) \ do { \ Py_buffer keyview, msgview; \ GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \ @@ -156,7 +156,7 @@ static PyObject * _hmac_compute_md5_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=7837a4ceccbbf636 input=77a4b774c7d61218]*/ { - Py_HACL_HMAC_ONESHOT(md5, key, msg); + Py_HMAC_HACL_ONESHOT(md5, key, msg); } /*[clinic input] @@ -172,7 +172,7 @@ static PyObject * _hmac_compute_sha1_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=79fd7689c83691d8 input=3b64dccc6bdbe4ba]*/ { - Py_HACL_HMAC_ONESHOT(sha1, key, msg); + Py_HMAC_HACL_ONESHOT(sha1, key, msg); } /*[clinic input] @@ -188,7 +188,7 @@ static PyObject * _hmac_compute_sha2_224_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=7f21f1613e53979e input=bcaac7a3637484ce]*/ { - Py_HACL_HMAC_ONESHOT(sha2_224, key, msg); + Py_HMAC_HACL_ONESHOT(sha2_224, key, msg); } /*[clinic input] @@ -204,7 +204,7 @@ static PyObject * _hmac_compute_sha2_256_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=d4a291f7d9a82459 input=6e2d1f6fe9c56d21]*/ { - Py_HACL_HMAC_ONESHOT(sha2_256, key, msg); + Py_HMAC_HACL_ONESHOT(sha2_256, key, msg); } /*[clinic input] @@ -220,7 +220,7 @@ static PyObject * _hmac_compute_sha2_384_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=f211fa26e3700c27 input=9ce8de89dda79e62]*/ { - Py_HACL_HMAC_ONESHOT(sha2_384, key, msg); + Py_HMAC_HACL_ONESHOT(sha2_384, key, msg); } /*[clinic input] @@ -236,7 +236,7 @@ static PyObject * _hmac_compute_sha2_512_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=d5c20373762cecca input=b964bb8487d7debd]*/ { - Py_HACL_HMAC_ONESHOT(sha2_512, key, msg); + Py_HMAC_HACL_ONESHOT(sha2_512, key, msg); } /*[clinic input] @@ -252,7 +252,7 @@ static PyObject * _hmac_compute_sha3_224_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=a242ccac9ad9c22b input=d0ab0c7d189c3d87]*/ { - Py_HACL_HMAC_ONESHOT(sha3_224, key, msg); + Py_HMAC_HACL_ONESHOT(sha3_224, key, msg); } /*[clinic input] @@ -268,7 +268,7 @@ static PyObject * _hmac_compute_sha3_256_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=b539dbb61af2fe0b input=f05d7b6364b35d02]*/ { - Py_HACL_HMAC_ONESHOT(sha3_256, key, msg); + Py_HMAC_HACL_ONESHOT(sha3_256, key, msg); } /*[clinic input] @@ -284,7 +284,7 @@ static PyObject * _hmac_compute_sha3_384_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=5eb372fb5c4ffd3a input=d842d393e7aa05ae]*/ { - Py_HACL_HMAC_ONESHOT(sha3_384, key, msg); + Py_HMAC_HACL_ONESHOT(sha3_384, key, msg); } /*[clinic input] @@ -300,7 +300,7 @@ static PyObject * _hmac_compute_sha3_512_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=154bcbf8c2eacac1 input=166fe5baaeaabfde]*/ { - Py_HACL_HMAC_ONESHOT(sha3_512, key, msg); + Py_HMAC_HACL_ONESHOT(sha3_512, key, msg); } /*[clinic input] @@ -316,7 +316,7 @@ static PyObject * _hmac_compute_blake2s_32_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=cfc730791bc62361 input=d22c36e7fe31a985]*/ { - Py_HACL_HMAC_ONESHOT(blake2s_32, key, msg); + Py_HMAC_HACL_ONESHOT(blake2s_32, key, msg); } /*[clinic input] @@ -332,7 +332,7 @@ static PyObject * _hmac_compute_blake2b_32_impl(PyObject *module, PyObject *key, PyObject *msg) /*[clinic end generated code: output=765c5c4fb9124636 input=4a35ee058d172f4b]*/ { - Py_HACL_HMAC_ONESHOT(blake2b_32, key, msg); + Py_HMAC_HACL_ONESHOT(blake2b_32, key, msg); } static PyMethodDef hmacmodule_methods[] = { From 89c5f893d4e41ba41be4fc76138072c353955fa2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Fri, 8 Nov 2024 13:32:49 +0100 Subject: [PATCH 15/36] cleanup --- Modules/hmacmodule.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index e1d18604947c17..de553516df9f44 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -3,16 +3,10 @@ #endif #include "Python.h" -#include "hashlib.h" +#include "hashlib.h" #include "_hacl/Hacl_HMAC.h" -#include "clinic/hmacmodule.c.h" - -typedef void (*HACL_HMAC_digest_func_t)(uint8_t *out, - uint8_t *key, uint32_t keylen, - uint8_t *msg, uint32_t msglen); - // HMAC underlying hash function static information. /* MD-5 */ @@ -94,6 +88,13 @@ typedef void (*HACL_HMAC_digest_func_t)(uint8_t *out, #define Py_hmac_hash_max_digest_size 64 +/*[clinic input] +module _hmac +[clinic start generated code]*/ +/*[clinic end generated code: output=da39a3ee5e6b4b0d input=799f0f10157d561f]*/ + +#include "clinic/hmacmodule.c.h" + /* Check that the buffer length fits on a uint32_t. */ static inline int has_uint32_t_buffer_length(const Py_buffer *buffer) @@ -138,11 +139,6 @@ has_uint32_t_buffer_length(const Py_buffer *buffer) ); \ } while (0) -/*[clinic input] -module _hmac -[clinic start generated code]*/ -/*[clinic end generated code: output=da39a3ee5e6b4b0d input=799f0f10157d561f]*/ - /*[clinic input] _hmac.compute_md5 From 755aca6a809c3f7ce966403faa9d48701f21249b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Fri, 8 Nov 2024 13:34:23 +0100 Subject: [PATCH 16/36] cleanup --- Modules/hmacmodule.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index de553516df9f44..c0da5709a776c3 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -4,8 +4,8 @@ #include "Python.h" -#include "hashlib.h" #include "_hacl/Hacl_HMAC.h" +#include "hashlib.h" // HMAC underlying hash function static information. From 1ddbe265cf94e2f9da1b9c460930a7f1c1062bdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Fri, 8 Nov 2024 14:10:54 +0100 Subject: [PATCH 17/36] improve naming --- Modules/hmacmodule.c | 38 +++++++++++++++++++++++++------------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index c0da5709a776c3..34873998a4420e 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -14,77 +14,89 @@ #define Py_hmac_md5_block_size 64 #define Py_hmac_md5_digest_size 16 #define Py_hmac_md5_update_func NULL -#define Py_hmac_md5_digest_func Hacl_HMAC_compute_md5 +#define Py_hmac_md5_digest_func NULL +#define Py_hmac_md5_compute_func Hacl_HMAC_compute_md5 /* SHA-1 family */ // HACL_HID = sha1 #define Py_hmac_sha1_block_size 64 #define Py_hmac_sha1_digest_size 20 #define Py_hmac_sha1_update_func NULL -#define Py_hmac_sha1_digest_func Hacl_HMAC_compute_sha1 +#define Py_hmac_sha1_digest_func NULL +#define Py_hmac_sha1_compute_func Hacl_HMAC_compute_sha1 /* SHA-2 family */ // HACL_HID = sha2_224 #define Py_hmac_sha2_224_block_size 64 #define Py_hmac_sha2_224_digest_size 28 #define Py_hmac_sha2_224_update_func NULL -#define Py_hmac_sha2_224_digest_func Hacl_HMAC_compute_sha2_224 +#define Py_hmac_sha2_224_digest_func NULL +#define Py_hmac_sha2_224_compute_func Hacl_HMAC_compute_sha2_224 // HACL_HID = sha2_256 #define Py_hmac_sha2_256_block_size 64 #define Py_hmac_sha2_256_digest_size 32 #define Py_hmac_sha2_256_update_func NULL -#define Py_hmac_sha2_256_digest_func Hacl_HMAC_compute_sha2_256 +#define Py_hmac_sha2_256_digest_func NULL +#define Py_hmac_sha2_256_compute_func Hacl_HMAC_compute_sha2_256 // HACL_HID = sha2_384 #define Py_hmac_sha2_384_block_size 128 #define Py_hmac_sha2_384_digest_size 48 #define Py_hmac_sha2_384_update_func NULL -#define Py_hmac_sha2_384_digest_func Hacl_HMAC_compute_sha2_384 +#define Py_hmac_sha2_384_digest_func NULL +#define Py_hmac_sha2_384_compute_func Hacl_HMAC_compute_sha2_384 // HACL_HID = sha2_512 #define Py_hmac_sha2_512_block_size 128 #define Py_hmac_sha2_512_digest_size 64 #define Py_hmac_sha2_512_update_func NULL -#define Py_hmac_sha2_512_digest_func Hacl_HMAC_compute_sha2_512 +#define Py_hmac_sha2_512_digest_func NULL +#define Py_hmac_sha2_512_compute_func Hacl_HMAC_compute_sha2_512 /* SHA-3 family */ // HACL_HID = sha3_224 #define Py_hmac_sha3_224_block_size 144 #define Py_hmac_sha3_224_digest_size 28 #define Py_hmac_sha3_224_update_func NULL -#define Py_hmac_sha3_224_digest_func Hacl_HMAC_compute_sha3_224 +#define Py_hmac_sha3_224_digest_func NULL +#define Py_hmac_sha3_224_compute_func Hacl_HMAC_compute_sha3_224 // HACL_HID = sha3_256 #define Py_hmac_sha3_256_block_size 136 #define Py_hmac_sha3_256_digest_size 32 #define Py_hmac_sha3_256_update_func NULL -#define Py_hmac_sha3_256_digest_func Hacl_HMAC_compute_sha3_256 +#define Py_hmac_sha3_256_digest_func NULL +#define Py_hmac_sha3_256_compute_func Hacl_HMAC_compute_sha3_256 // HACL_HID = sha3_384 #define Py_hmac_sha3_384_block_size 104 #define Py_hmac_sha3_384_digest_size 48 #define Py_hmac_sha3_384_update_func NULL -#define Py_hmac_sha3_384_digest_func Hacl_HMAC_compute_sha3_384 +#define Py_hmac_sha3_384_digest_func NULL +#define Py_hmac_sha3_384_compute_func Hacl_HMAC_compute_sha3_384 // HACL_HID = sha3_512 #define Py_hmac_sha3_512_block_size 72 #define Py_hmac_sha3_512_digest_size 64 #define Py_hmac_sha3_512_update_func NULL -#define Py_hmac_sha3_512_digest_func Hacl_HMAC_compute_sha3_512 +#define Py_hmac_sha3_512_digest_func NULL +#define Py_hmac_sha3_512_compute_func Hacl_HMAC_compute_sha3_512 /* Blake family */ // HACL_HID = blake2s_32 #define Py_hmac_blake2s_32_block_size 64 #define Py_hmac_blake2s_32_digest_size 32 #define Py_hmac_blake2s_32_update_func NULL -#define Py_hmac_blake2s_32_digest_func Hacl_HMAC_compute_blake2s_32 +#define Py_hmac_blake2s_32_digest_func NULL +#define Py_hmac_blake2s_32_compute_func Hacl_HMAC_compute_blake2s_32 // HACL_HID = blake2b_32 #define Py_hmac_blake2b_32_block_size 128 #define Py_hmac_blake2b_32_digest_size 64 #define Py_hmac_blake2b_32_update_func NULL -#define Py_hmac_blake2b_32_digest_func Hacl_HMAC_compute_blake2b_32 +#define Py_hmac_blake2b_32_digest_func NULL +#define Py_hmac_blake2b_32_compute_func Hacl_HMAC_compute_blake2b_32 #define Py_hmac_hash_max_digest_size 64 @@ -126,7 +138,7 @@ has_uint32_t_buffer_length(const Py_buffer *buffer) return NULL; \ } \ uint8_t out[Py_hmac_## HACL_HID ##_digest_size]; \ - Py_hmac_## HACL_HID ##_digest_func( \ + Py_hmac_## HACL_HID ##_compute_func( \ out, \ (uint8_t *)keyview.buf, (uint32_t)keyview.len, \ (uint8_t *)msgview.buf, (uint32_t)msgview.len \ From 12fbfc4eb5dda2f7e9404098b4b032b1e321fd45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Fri, 8 Nov 2024 14:53:26 +0100 Subject: [PATCH 18/36] Update HACL* project. Commit hash is now `cea4e8eb5c81fa668c6240e8c5a334de8a86394f`. --- Misc/sbom.spdx.json | 8 +- Modules/_hacl/Hacl_HMAC.c | 240 +++++++++++++++----------------------- Modules/_hacl/refresh.sh | 2 +- 3 files changed, 101 insertions(+), 149 deletions(-) diff --git a/Misc/sbom.spdx.json b/Misc/sbom.spdx.json index 36df377910d9d2..af9727d829cdb7 100644 --- a/Misc/sbom.spdx.json +++ b/Misc/sbom.spdx.json @@ -1682,14 +1682,14 @@ "checksums": [ { "algorithm": "SHA256", - "checksumValue": "cbd19d064b3136172cabe88ab1b51fe2ee5264fe8eaf4a586355533ffe97977d" + "checksumValue": "017202337a7052c64832c134d80777a7a868cefd056471052cb608f38c71b181" } ], - "downloadLocation": "https://github.com/hacl-star/hacl-star/archive/fc2e38f4d899ba28665c5b91caedaf35b3b37452.zip", + "downloadLocation": "https://github.com/hacl-star/hacl-star/archive/cea4e8eb5c81fa668c6240e8c5a334de8a86394f.zip", "externalRefs": [ { "referenceCategory": "SECURITY", - "referenceLocator": "cpe:2.3:a:hacl-star:hacl-star:fc2e38f4d899ba28665c5b91caedaf35b3b37452:*:*:*:*:*:*:*", + "referenceLocator": "cpe:2.3:a:hacl-star:hacl-star:cea4e8eb5c81fa668c6240e8c5a334de8a86394f:*:*:*:*:*:*:*", "referenceType": "cpe23Type" } ], @@ -1697,7 +1697,7 @@ "name": "hacl-star", "originator": "Organization: HACL* Developers", "primaryPackagePurpose": "SOURCE", - "versionInfo": "fc2e38f4d899ba28665c5b91caedaf35b3b37452" + "versionInfo": "cea4e8eb5c81fa668c6240e8c5a334de8a86394f" }, { "SPDXID": "SPDXRef-PACKAGE-macholib", diff --git a/Modules/_hacl/Hacl_HMAC.c b/Modules/_hacl/Hacl_HMAC.c index 93002d2ba3e42b..2c32e403d88112 100644 --- a/Modules/_hacl/Hacl_HMAC.c +++ b/Modules/_hacl/Hacl_HMAC.c @@ -48,10 +48,8 @@ Hacl_HMAC_compute_md5( uint32_t data_len ) { - uint32_t l = 64U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[64U]; + memset(key_block, 0U, 64U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 64U) @@ -72,19 +70,17 @@ Hacl_HMAC_compute_md5( { Hacl_Hash_MD5_hash_oneshot(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[64U]; + memset(ipad, 0x36U, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[64U]; + memset(opad, 0x5cU, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -162,10 +158,8 @@ Hacl_HMAC_compute_sha1( uint32_t data_len ) { - uint32_t l = 64U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[64U]; + memset(key_block, 0U, 64U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 64U) @@ -186,19 +180,17 @@ Hacl_HMAC_compute_sha1( { Hacl_Hash_SHA1_hash_oneshot(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[64U]; + memset(ipad, 0x36U, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[64U]; + memset(opad, 0x5cU, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -276,10 +268,8 @@ Hacl_HMAC_compute_sha2_224( uint32_t data_len ) { - uint32_t l = 64U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[64U]; + memset(key_block, 0U, 64U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 64U) @@ -300,19 +290,17 @@ Hacl_HMAC_compute_sha2_224( { Hacl_Hash_SHA2_hash_224(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[64U]; + memset(ipad, 0x36U, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[64U]; + memset(opad, 0x5cU, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -404,10 +392,8 @@ Hacl_HMAC_compute_sha2_256( uint32_t data_len ) { - uint32_t l = 64U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[64U]; + memset(key_block, 0U, 64U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 64U) @@ -428,19 +414,17 @@ Hacl_HMAC_compute_sha2_256( { Hacl_Hash_SHA2_hash_256(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[64U]; + memset(ipad, 0x36U, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[64U]; + memset(opad, 0x5cU, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -532,10 +516,8 @@ Hacl_HMAC_compute_sha2_384( uint32_t data_len ) { - uint32_t l = 128U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[128U]; + memset(key_block, 0U, 128U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 128U) @@ -556,19 +538,17 @@ Hacl_HMAC_compute_sha2_384( { Hacl_Hash_SHA2_hash_384(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[128U]; + memset(ipad, 0x36U, 128U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 128U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[128U]; + memset(opad, 0x5cU, 128U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 128U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -668,10 +648,8 @@ Hacl_HMAC_compute_sha2_512( uint32_t data_len ) { - uint32_t l = 128U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[128U]; + memset(key_block, 0U, 128U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 128U) @@ -692,19 +670,17 @@ Hacl_HMAC_compute_sha2_512( { Hacl_Hash_SHA2_hash_512(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[128U]; + memset(ipad, 0x36U, 128U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 128U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[128U]; + memset(opad, 0x5cU, 128U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 128U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -804,10 +780,8 @@ Hacl_HMAC_compute_sha3_224( uint32_t data_len ) { - uint32_t l = 144U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[144U]; + memset(key_block, 0U, 144U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 144U) @@ -828,19 +802,17 @@ Hacl_HMAC_compute_sha3_224( { Hacl_Hash_SHA3_sha3_224(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[144U]; + memset(ipad, 0x36U, 144U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 144U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[144U]; + memset(opad, 0x5cU, 144U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 144U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -934,10 +906,8 @@ Hacl_HMAC_compute_sha3_256( uint32_t data_len ) { - uint32_t l = 136U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[136U]; + memset(key_block, 0U, 136U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 136U) @@ -958,19 +928,17 @@ Hacl_HMAC_compute_sha3_256( { Hacl_Hash_SHA3_sha3_256(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[136U]; + memset(ipad, 0x36U, 136U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 136U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[136U]; + memset(opad, 0x5cU, 136U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 136U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -1064,10 +1032,8 @@ Hacl_HMAC_compute_sha3_384( uint32_t data_len ) { - uint32_t l = 104U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[104U]; + memset(key_block, 0U, 104U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 104U) @@ -1088,19 +1054,17 @@ Hacl_HMAC_compute_sha3_384( { Hacl_Hash_SHA3_sha3_384(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[104U]; + memset(ipad, 0x36U, 104U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 104U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[104U]; + memset(opad, 0x5cU, 104U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 104U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -1194,10 +1158,8 @@ Hacl_HMAC_compute_sha3_512( uint32_t data_len ) { - uint32_t l = 72U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[72U]; + memset(key_block, 0U, 72U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 72U) @@ -1218,19 +1180,17 @@ Hacl_HMAC_compute_sha3_512( { Hacl_Hash_SHA3_sha3_512(nkey, key, key_len); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[72U]; + memset(ipad, 0x36U, 72U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 72U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[72U]; + memset(opad, 0x5cU, 72U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 72U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -1324,10 +1284,8 @@ Hacl_HMAC_compute_blake2s_32( uint32_t data_len ) { - uint32_t l = 64U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[64U]; + memset(key_block, 0U, 64U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 64U) @@ -1348,19 +1306,17 @@ Hacl_HMAC_compute_blake2s_32( { Hacl_Hash_Blake2s_hash_with_key(nkey, 32U, key, key_len, NULL, 0U); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[64U]; + memset(ipad, 0x36U, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[64U]; + memset(opad, 0x5cU, 64U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 64U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; @@ -1469,10 +1425,8 @@ Hacl_HMAC_compute_blake2b_32( uint32_t data_len ) { - uint32_t l = 128U; - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t key_block[l]; - memset(key_block, 0U, l * sizeof (uint8_t)); + uint8_t key_block[128U]; + memset(key_block, 0U, 128U * sizeof (uint8_t)); uint8_t *nkey = key_block; uint32_t ite; if (key_len <= 128U) @@ -1493,19 +1447,17 @@ Hacl_HMAC_compute_blake2b_32( { Hacl_Hash_Blake2b_hash_with_key(nkey, 64U, key, key_len, NULL, 0U); } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t ipad[l]; - memset(ipad, 0x36U, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t ipad[128U]; + memset(ipad, 0x36U, 128U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 128U; i++) { uint8_t xi = ipad[i]; uint8_t yi = key_block[i]; ipad[i] = (uint32_t)xi ^ (uint32_t)yi; } - KRML_CHECK_SIZE(sizeof (uint8_t), l); - uint8_t opad[l]; - memset(opad, 0x5cU, l * sizeof (uint8_t)); - for (uint32_t i = 0U; i < l; i++) + uint8_t opad[128U]; + memset(opad, 0x5cU, 128U * sizeof (uint8_t)); + for (uint32_t i = 0U; i < 128U; i++) { uint8_t xi = opad[i]; uint8_t yi = key_block[i]; diff --git a/Modules/_hacl/refresh.sh b/Modules/_hacl/refresh.sh index 78b9c8acd762e0..8f6d1b3132cc06 100755 --- a/Modules/_hacl/refresh.sh +++ b/Modules/_hacl/refresh.sh @@ -22,7 +22,7 @@ fi # Update this when updating to a new version after verifying that the changes # the update brings in are good. -expected_hacl_star_rev=fc2e38f4d899ba28665c5b91caedaf35b3b37452 +expected_hacl_star_rev=cea4e8eb5c81fa668c6240e8c5a334de8a86394f hacl_dir="$(realpath "$1")" cd "$(dirname "$0")" From 39be4b1d61c81eb8fb10e8ddef3b11633f115027 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sat, 9 Nov 2024 09:48:34 +0100 Subject: [PATCH 19/36] update SBOM files --- Misc/sbom.spdx.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Misc/sbom.spdx.json b/Misc/sbom.spdx.json index af9727d829cdb7..a0bcb87f174171 100644 --- a/Misc/sbom.spdx.json +++ b/Misc/sbom.spdx.json @@ -300,11 +300,11 @@ "checksums": [ { "algorithm": "SHA1", - "checksumValue": "39845bf2f06d85ba98824f6f4f02f3a2f27d4d1a" + "checksumValue": "c314722e89fefe2c00fb35b89f6eec7e03c336e6" }, { "algorithm": "SHA256", - "checksumValue": "0ca9c580923d8e88e09d8b709257462dcf11eb18ea40d9b782e0ffa694141bbd" + "checksumValue": "a3166efac8b34ea03fb61e7ce3a06cfab52adcccdac765c59eb3b0b848678ebf" } ], "fileName": "Modules/_hacl/Hacl_HMAC.c" From 5ae6b6d8e48c202e7aec7f547fd5c3554169806b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sat, 9 Nov 2024 12:04:28 +0100 Subject: [PATCH 20/36] cosmetic cleanups --- Modules/hmacmodule.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 34873998a4420e..8db3a75de47818 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -10,7 +10,7 @@ // HMAC underlying hash function static information. /* MD-5 */ -// (HACL_HID = md5) +// HACL_HID = md5 #define Py_hmac_md5_block_size 64 #define Py_hmac_md5_digest_size 16 #define Py_hmac_md5_update_func NULL From 49083aa406d22f8f8f1a5c21f6bfb9ab3223d8d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Mon, 11 Nov 2024 11:42:12 +0100 Subject: [PATCH 21/36] unconditionally build `_hmac` extension module --- configure | 47 ++++++----------------------------------------- configure.ac | 13 +------------ 2 files changed, 7 insertions(+), 53 deletions(-) diff --git a/configure b/configure index 7416165563888b..7009897768ebc8 100755 --- a/configure +++ b/configure @@ -1135,7 +1135,6 @@ with_openssl with_openssl_rpath with_ssl_default_suites with_builtin_hashlib_hashes -with_builtin_hashlib_hmac enable_test_modules ' ac_precious_vars='build_alias @@ -1958,9 +1957,6 @@ Optional Packages: --with-builtin-hashlib-hashes=md5,sha1,sha2,sha3,blake2 builtin hash modules, md5, sha1, sha2, sha3 (with shake), blake2 - --with-builtin-hashlib-hmac - use builtin HACL* HMAC when possible [default is - yes] Some influential environment variables: PKG_CONFIG path to pkg-config utility @@ -29052,21 +29048,6 @@ esac done IFS=$as_save_IFS -# builtin HACL* HMAC module -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for --with-builtin-hashlib-hmac=yes,no" >&5 -printf %s "checking for --with-builtin-hashlib-hmac=yes,no... " >&6; } - -# Check whether --with-builtin-hashlib-hmac was given. -if test ${with_builtin_hashlib_hmac+y} -then : - withval=$with_builtin_hashlib_hmac; with_builtin_hashlib_hmac=$with_val -else $as_nop - with_builtin_hashlib_hmac=yes -fi - -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_builtin_hashlib_hmac" >&5 -printf "%s\n" "$with_builtin_hashlib_hmac" >&6; } - # Check whether to disable test modules. Once set, setup.py will not build # test extension modules and "make install" will not install test suites. { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for --disable-test-modules" >&5 @@ -30749,24 +30730,18 @@ printf "%s\n" "$py_cv_module__blake2" >&6; } - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _hmac" >&5 -printf %s "checking for stdlib extension module _hmac... " >&6; } if test "$py_cv_module__hmac" != "n/a" then : - - if test "$with_builtin_hashlib_hmac" = yes -then : - if true -then : py_cv_module__hmac=yes -else $as_nop - py_cv_module__hmac=missing fi -else $as_nop - py_cv_module__hmac=disabled + if test "$py_cv_module__hmac" = yes; then + MODULE__HMAC_TRUE= + MODULE__HMAC_FALSE='#' +else + MODULE__HMAC_TRUE='#' + MODULE__HMAC_FALSE= fi -fi as_fn_append MODULE_BLOCK "MODULE__HMAC_STATE=$py_cv_module__hmac$as_nl" if test "x$py_cv_module__hmac" = xyes then : @@ -30775,16 +30750,6 @@ then : fi - if test "$py_cv_module__hmac" = yes; then - MODULE__HMAC_TRUE= - MODULE__HMAC_FALSE='#' -else - MODULE__HMAC_TRUE='#' - MODULE__HMAC_FALSE= -fi - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $py_cv_module__hmac" >&5 -printf "%s\n" "$py_cv_module__hmac" >&6; } LIBHACL_CFLAGS='-I$(srcdir)/Modules/_hacl -I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)' diff --git a/configure.ac b/configure.ac index 81acff048d133d..51017373c526ea 100644 --- a/configure.ac +++ b/configure.ac @@ -7460,15 +7460,6 @@ for builtin_hash in $with_builtin_hashlib_hashes; do done IFS=$as_save_IFS -# builtin HACL* HMAC module -AC_MSG_CHECKING([for --with-builtin-hashlib-hmac=yes,no]) -AC_ARG_WITH([builtin-hashlib-hmac], - [AS_HELP_STRING([--with-builtin-hashlib-hmac], - [use builtin HACL* HMAC when possible @<:@default is yes@:>@])], - [with_builtin_hashlib_hmac=$with_val], - [with_builtin_hashlib_hmac=yes]) -AC_MSG_RESULT([$with_builtin_hashlib_hmac]) - # Check whether to disable test modules. Once set, setup.py will not build # test extension modules and "make install" will not install test suites. AC_MSG_CHECKING([for --disable-test-modules]) @@ -7810,9 +7801,7 @@ PY_STDLIB_MOD([_sha2], [test "$with_builtin_sha2" = yes]) PY_STDLIB_MOD([_sha3], [test "$with_builtin_sha3" = yes]) PY_STDLIB_MOD([_blake2], [test "$with_builtin_blake2" = yes]) -dnl We always build the '_hmac' extension module but falls back -dnl to the Python implementation if needs arise. -PY_STDLIB_MOD([_hmac], [test "$with_builtin_hashlib_hmac" = yes]) +PY_STDLIB_MOD_SIMPLE([_hmac]) LIBHACL_CFLAGS='-I$(srcdir)/Modules/_hacl -I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)' case "$ac_sys_system" in From dd8060034a8400b5f4dd361314243294e673f722 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Mon, 11 Nov 2024 12:48:38 +0100 Subject: [PATCH 22/36] implement hash algorithm resolution --- Modules/clinic/hmacmodule.c.h | 34 +- Modules/hmacmodule.c | 586 ++++++++++++++++++++++++++++++---- 2 files changed, 555 insertions(+), 65 deletions(-) diff --git a/Modules/clinic/hmacmodule.c.h b/Modules/clinic/hmacmodule.c.h index 5210d553e4fa07..dc3fdd655ccd9f 100644 --- a/Modules/clinic/hmacmodule.c.h +++ b/Modules/clinic/hmacmodule.c.h @@ -4,6 +4,38 @@ preserve #include "pycore_modsupport.h" // _PyArg_CheckPositional() +PyDoc_STRVAR(_hmac_compute_digest__doc__, +"compute_digest($module, key, msg, digestmod, /)\n" +"--\n" +"\n"); + +#define _HMAC_COMPUTE_DIGEST_METHODDEF \ + {"compute_digest", _PyCFunction_CAST(_hmac_compute_digest), METH_FASTCALL, _hmac_compute_digest__doc__}, + +static PyObject * +_hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg, + PyObject *digestmod); + +static PyObject * +_hmac_compute_digest(PyObject *module, PyObject *const *args, Py_ssize_t nargs) +{ + PyObject *return_value = NULL; + PyObject *key; + PyObject *msg; + PyObject *digestmod; + + if (!_PyArg_CheckPositional("compute_digest", nargs, 3, 3)) { + goto exit; + } + key = args[0]; + msg = args[1]; + digestmod = args[2]; + return_value = _hmac_compute_digest_impl(module, key, msg, digestmod); + +exit: + return return_value; +} + PyDoc_STRVAR(_hmac_compute_md5__doc__, "compute_md5($module, key, msg, /)\n" "--\n" @@ -351,4 +383,4 @@ _hmac_compute_blake2b_32(PyObject *module, PyObject *const *args, Py_ssize_t nar exit: return return_value; } -/*[clinic end generated code: output=02933e59cf87411a input=a9049054013a1b77]*/ +/*[clinic end generated code: output=f0d13237cf250e7d input=a9049054013a1b77]*/ diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 8db3a75de47818..6b5d0bf709a4a7 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -3,102 +3,192 @@ #endif #include "Python.h" +#include "pycore_hashtable.h" +#include "pycore_strhex.h" // _Py_strhex() + +#include // LN_* macros #include "_hacl/Hacl_HMAC.h" #include "hashlib.h" + // HMAC underlying hash function static information. +#define Py_hmac_hash_max_digest_size 64 + /* MD-5 */ // HACL_HID = md5 -#define Py_hmac_md5_block_size 64 -#define Py_hmac_md5_digest_size 16 -#define Py_hmac_md5_update_func NULL -#define Py_hmac_md5_digest_func NULL -#define Py_hmac_md5_compute_func Hacl_HMAC_compute_md5 +#define Py_hmac_md5_block_size 64 +#define Py_hmac_md5_digest_size 16 + +#define Py_hmac_md5_compute_func Hacl_HMAC_compute_md5 /* SHA-1 family */ // HACL_HID = sha1 -#define Py_hmac_sha1_block_size 64 -#define Py_hmac_sha1_digest_size 20 -#define Py_hmac_sha1_update_func NULL -#define Py_hmac_sha1_digest_func NULL -#define Py_hmac_sha1_compute_func Hacl_HMAC_compute_sha1 +#define Py_hmac_sha1_block_size 64 +#define Py_hmac_sha1_digest_size 20 + +#define Py_hmac_sha1_compute_func Hacl_HMAC_compute_sha1 /* SHA-2 family */ // HACL_HID = sha2_224 -#define Py_hmac_sha2_224_block_size 64 -#define Py_hmac_sha2_224_digest_size 28 -#define Py_hmac_sha2_224_update_func NULL -#define Py_hmac_sha2_224_digest_func NULL -#define Py_hmac_sha2_224_compute_func Hacl_HMAC_compute_sha2_224 +#define Py_hmac_sha2_224_block_size 64 +#define Py_hmac_sha2_224_digest_size 28 + +#define Py_hmac_sha2_224_compute_func Hacl_HMAC_compute_sha2_224 // HACL_HID = sha2_256 -#define Py_hmac_sha2_256_block_size 64 -#define Py_hmac_sha2_256_digest_size 32 -#define Py_hmac_sha2_256_update_func NULL -#define Py_hmac_sha2_256_digest_func NULL -#define Py_hmac_sha2_256_compute_func Hacl_HMAC_compute_sha2_256 +#define Py_hmac_sha2_256_block_size 64 +#define Py_hmac_sha2_256_digest_size 32 + +#define Py_hmac_sha2_256_compute_func Hacl_HMAC_compute_sha2_256 // HACL_HID = sha2_384 -#define Py_hmac_sha2_384_block_size 128 -#define Py_hmac_sha2_384_digest_size 48 -#define Py_hmac_sha2_384_update_func NULL -#define Py_hmac_sha2_384_digest_func NULL -#define Py_hmac_sha2_384_compute_func Hacl_HMAC_compute_sha2_384 +#define Py_hmac_sha2_384_block_size 128 +#define Py_hmac_sha2_384_digest_size 48 + +#define Py_hmac_sha2_384_compute_func Hacl_HMAC_compute_sha2_384 // HACL_HID = sha2_512 -#define Py_hmac_sha2_512_block_size 128 -#define Py_hmac_sha2_512_digest_size 64 -#define Py_hmac_sha2_512_update_func NULL -#define Py_hmac_sha2_512_digest_func NULL -#define Py_hmac_sha2_512_compute_func Hacl_HMAC_compute_sha2_512 +#define Py_hmac_sha2_512_block_size 128 +#define Py_hmac_sha2_512_digest_size 64 + +#define Py_hmac_sha2_512_compute_func Hacl_HMAC_compute_sha2_512 /* SHA-3 family */ // HACL_HID = sha3_224 -#define Py_hmac_sha3_224_block_size 144 -#define Py_hmac_sha3_224_digest_size 28 -#define Py_hmac_sha3_224_update_func NULL -#define Py_hmac_sha3_224_digest_func NULL -#define Py_hmac_sha3_224_compute_func Hacl_HMAC_compute_sha3_224 +#define Py_hmac_sha3_224_block_size 144 +#define Py_hmac_sha3_224_digest_size 28 + +#define Py_hmac_sha3_224_compute_func Hacl_HMAC_compute_sha3_224 // HACL_HID = sha3_256 -#define Py_hmac_sha3_256_block_size 136 -#define Py_hmac_sha3_256_digest_size 32 -#define Py_hmac_sha3_256_update_func NULL -#define Py_hmac_sha3_256_digest_func NULL -#define Py_hmac_sha3_256_compute_func Hacl_HMAC_compute_sha3_256 +#define Py_hmac_sha3_256_block_size 136 +#define Py_hmac_sha3_256_digest_size 32 + +#define Py_hmac_sha3_256_compute_func Hacl_HMAC_compute_sha3_256 // HACL_HID = sha3_384 -#define Py_hmac_sha3_384_block_size 104 -#define Py_hmac_sha3_384_digest_size 48 -#define Py_hmac_sha3_384_update_func NULL -#define Py_hmac_sha3_384_digest_func NULL -#define Py_hmac_sha3_384_compute_func Hacl_HMAC_compute_sha3_384 +#define Py_hmac_sha3_384_block_size 104 +#define Py_hmac_sha3_384_digest_size 48 + +#define Py_hmac_sha3_384_compute_func Hacl_HMAC_compute_sha3_384 // HACL_HID = sha3_512 -#define Py_hmac_sha3_512_block_size 72 -#define Py_hmac_sha3_512_digest_size 64 -#define Py_hmac_sha3_512_update_func NULL -#define Py_hmac_sha3_512_digest_func NULL -#define Py_hmac_sha3_512_compute_func Hacl_HMAC_compute_sha3_512 +#define Py_hmac_sha3_512_block_size 72 +#define Py_hmac_sha3_512_digest_size 64 + +#define Py_hmac_sha3_512_compute_func Hacl_HMAC_compute_sha3_512 /* Blake family */ // HACL_HID = blake2s_32 -#define Py_hmac_blake2s_32_block_size 64 -#define Py_hmac_blake2s_32_digest_size 32 -#define Py_hmac_blake2s_32_update_func NULL -#define Py_hmac_blake2s_32_digest_func NULL -#define Py_hmac_blake2s_32_compute_func Hacl_HMAC_compute_blake2s_32 +#define Py_hmac_blake2s_32_block_size 64 +#define Py_hmac_blake2s_32_digest_size 32 -// HACL_HID = blake2b_32 -#define Py_hmac_blake2b_32_block_size 128 -#define Py_hmac_blake2b_32_digest_size 64 -#define Py_hmac_blake2b_32_update_func NULL -#define Py_hmac_blake2b_32_digest_func NULL -#define Py_hmac_blake2b_32_compute_func Hacl_HMAC_compute_blake2b_32 +#define Py_hmac_blake2s_32_compute_func Hacl_HMAC_compute_blake2s_32 -#define Py_hmac_hash_max_digest_size 64 +// HACL_HID = blake2b_32 +#define Py_hmac_blake2b_32_block_size 128 +#define Py_hmac_blake2b_32_digest_size 64 + +#define Py_hmac_blake2b_32_compute_func Hacl_HMAC_compute_blake2b_32 + +/* Enumeration indicating the underlying hash function used by HMAC. */ +typedef enum HMAC_Hash_Kind { + Py_hmac_kind_unknown = 0, + /* MD5 */ + Py_hmac_kind_hmac_md5, + /* SHA-1 */ + Py_hmac_kind_hmac_sha1, + /* SHA-2 family */ + Py_hmac_kind_hmac_sha2_224, + Py_hmac_kind_hmac_sha2_256, + Py_hmac_kind_hmac_sha2_384, + Py_hmac_kind_hmac_sha2_512, + /* SHA-3 family */ + Py_hmac_kind_hmac_sha3_224, + Py_hmac_kind_hmac_sha3_256, + Py_hmac_kind_hmac_sha3_384, + Py_hmac_kind_hmac_sha3_512, + /* Blake family */ + Py_hmac_kind_hmac_blake2s_32, + Py_hmac_kind_hmac_blake2b_32, +} HMAC_Hash_Kind; + +/* Function pointer type for 1-shot HACL* HMAC functions. */ +typedef void +(*HACL_HMAC_compute_func)(uint8_t *out, + uint8_t *key, uint32_t keylen, + uint8_t *msg, uint32_t msglen); + +/* Function pointer type for 1-shot HACL* HMAC CPython AC functions. */ +typedef PyObject * +(*PYAC_HMAC_compute_func)(PyObject *module, PyObject *key, PyObject *msg); + +/* + * HACL* HMAC minimal interface. + */ +typedef struct py_hmac_hacl_api { + HACL_HMAC_compute_func compute; + PYAC_HMAC_compute_func compute_py; +} py_hmac_hacl_api; + +/* + * HMAC underlying hash function static information. + * + * The '_hmac' built-in module is able to recognize the same hash + * functions as the '_hashlib' built-in module with the exception + * of truncated SHA-2-512-224/256 which are not yet implemented by + * the HACL* project. + */ +typedef struct py_hmac_hinfo { + /* + * Name of the hash function used by the HACL* HMAC module. + * + * This name may differ from the hashlib names and OpenSSL names. + * For instance, SHA-2/224 is named "sha2_224" instead of "sha224" + * as it is done by 'hashlib'. + */ + const char *name; + /* + * Optional field to cache storing the 'name' field as a Python string. + * + * This field is NULL by default in the items of "py_hmac_hinfo_table" + * but will be populated when creating the module's state "hinfo_table". + */ + PyObject *p_name; + + /* hash function information */ + HMAC_Hash_Kind kind; + uint32_t block_size; + uint32_t digest_size; + + /* HACL* HMAC API */ + py_hmac_hacl_api api; + + const char *hashlib_name; /* hashlib preferred name (default: name) */ + const char *hashlib_altn; /* hashlib alias (default: hashlib_name) */ + const char *openssl_name; /* hashlib preferred OpenSSL alias (if any) */ + + Py_ssize_t refcnt; +} py_hmac_hinfo; + +typedef struct hmacmodule_state { + _Py_hashtable_t *hinfo_table; + /* imported from _hashlib */ + PyObject *hashlib_constructs_mappingproxy; + PyObject *hashlib_unsupported_digestmod_error; + /* interned strings */ + PyObject *str_lower; +} hmacmodule_state; + +static inline hmacmodule_state * +get_hmacmodule_state(PyObject *module) +{ + void *state = PyModule_GetState(module); + assert(state != NULL); + return (hmacmodule_state *)state; +} /*[clinic input] module _hmac @@ -107,6 +197,91 @@ module _hmac #include "clinic/hmacmodule.c.h" +static inline int +find_hash_info_by_utf8name(hmacmodule_state *state, + const char *name, + const py_hmac_hinfo **info) +{ + if (name == NULL) { + *info = NULL; + return -1; + } + *info = _Py_hashtable_get(state->hinfo_table, name); + return *info != NULL; +} + +static int +find_hash_info_by_name(hmacmodule_state *state, + PyObject *name, + const py_hmac_hinfo **info) +{ + int rc = find_hash_info_by_utf8name(state, PyUnicode_AsUTF8(name), info); + if (rc == 0) { + // try to find an alternative using the lowercase name + PyObject *lower = PyObject_CallMethodNoArgs(name, state->str_lower); + if (lower == NULL) { + *info = NULL; + return -1; + } + rc = find_hash_info_by_utf8name(state, PyUnicode_AsUTF8(lower), info); + Py_DECREF(lower); + } + return rc; +} + +/* + * Find the corresponding HMAC static information. + * + * If an error occurs or if nothing can be found, this + * returns -1 or 0 respectively, and sets 'info' to NULL. + * Otherwise, this returns 1 and stores the result in 'info'. + * + * Parameters + * + * state The HMAC module state. + * hash_info_ref An input to hashlib.new(). + * info The deduced information, if any. + */ +static int +find_hash_info_impl(hmacmodule_state *state, + PyObject *hash_info_ref, + const py_hmac_hinfo **info) +{ + if (PyUnicode_Check(hash_info_ref)) { + return find_hash_info_by_name(state, hash_info_ref, info); + } + PyObject *hashlib_name = NULL; + int rc = PyMapping_GetOptionalItem(state->hashlib_constructs_mappingproxy, + hash_info_ref, &hashlib_name); + if (rc <= 0) { + *info = NULL; + return rc; + } + rc = find_hash_info_by_name(state, hashlib_name, info); + Py_DECREF(hashlib_name); + return rc; +} + +static const py_hmac_hinfo * +find_hash_info(hmacmodule_state *state, PyObject *hash_info_ref) +{ + const py_hmac_hinfo *info = NULL; + int rc = find_hash_info_impl(state, hash_info_ref, &info); + if (rc < 0) { + assert(info == NULL); + assert(PyErr_Occurred()); + return NULL; + } + if (rc == 0) { + assert(info == NULL); + assert(!PyErr_Occurred()); + PyErr_Format(state->hashlib_unsupported_digestmod_error, + "unsupported hash type: %R", hash_info_ref); + return NULL; + } + return info; +} + /* Check that the buffer length fits on a uint32_t. */ static inline int has_uint32_t_buffer_length(const Py_buffer *buffer) @@ -118,7 +293,39 @@ has_uint32_t_buffer_length(const Py_buffer *buffer) #endif } -/* One-shot HMAC-HASH using the given HACL_HID. */ +// --- One-shot HMAC-HASH interface ------------------------------------------- + +/*[clinic input] +_hmac.compute_digest + + key: object + msg: object + digestmod: object + / + +[clinic start generated code]*/ + +static PyObject * +_hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg, + PyObject *digestmod) +/*[clinic end generated code: output=593ea8a175024c9a input=bd3be7c5b717c950]*/ +{ + hmacmodule_state *state = get_hmacmodule_state(module); + const py_hmac_hinfo *info = find_hash_info(state, digestmod); + if (info == NULL) { + return NULL; + } + assert(info->api.compute_py != NULL); + return info->api.compute_py(module, key, msg); +} + +/* + * One-shot HMAC-HASH using the given HACL_HID. + * + * The length of the key and message buffers must not exceed UINT32_MAX, + * lest an OverflowError is raised. The Python implementation takes care + * of dispatching to the OpenSSL implementation in this case. + */ #define Py_HMAC_HACL_ONESHOT(HACL_HID, KEY, MSG) \ do { \ Py_buffer keyview, msgview; \ @@ -343,7 +550,12 @@ _hmac_compute_blake2b_32_impl(PyObject *module, PyObject *key, PyObject *msg) Py_HMAC_HACL_ONESHOT(blake2b_32, key, msg); } +// --- HMAC module methods ---------------------------------------------------- + static PyMethodDef hmacmodule_methods[] = { + /* one-shot dispatcher */ + _HMAC_COMPUTE_DIGEST_METHODDEF + /* one-shot methods */ _HMAC_COMPUTE_MD5_METHODDEF _HMAC_COMPUTE_SHA1_METHODDEF _HMAC_COMPUTE_SHA2_224_METHODDEF @@ -359,7 +571,250 @@ static PyMethodDef hmacmodule_methods[] = { {NULL, NULL, 0, NULL} }; +// --- HMAC static information table ------------------------------------------ + + +/* Static information used to construct the hash table. */ +static const py_hmac_hinfo py_hmac_static_hinfo[] = { +#define Py_HMAC_HINFO_HACL_API(HACL_HID) \ + { \ + .compute = &Py_hmac_## HACL_HID ##_compute_func, \ + .compute_py = &_hmac_compute_## HACL_HID ##_impl, \ + } + +#define Py_HMAC_HINFO_ENTRY(HACL_HID, HLIB_NAME, HLIB_ALTN, OSSL_NAME) \ + { \ + .name = Py_STRINGIFY(HACL_HID), \ + .p_name = NULL, \ + .kind = Py_hmac_kind_hmac_ ## HACL_HID, \ + .block_size = Py_hmac_## HACL_HID ##_block_size, \ + .digest_size = Py_hmac_## HACL_HID ##_digest_size, \ + .api = Py_HMAC_HINFO_HACL_API(HACL_HID), \ + .hashlib_name = HLIB_NAME, \ + .hashlib_altn = HLIB_ALTN, \ + .openssl_name = OSSL_NAME, \ + .refcnt = 0, \ + } + /* MD5 */ + Py_HMAC_HINFO_ENTRY(md5, "md5", "MD5", LN_md5), + /* SHA-1 */ + Py_HMAC_HINFO_ENTRY(sha1, "sha1", "SHA1", LN_sha1), + /* SHA-2 family */ + Py_HMAC_HINFO_ENTRY(sha2_224, "sha224", "SHA224", LN_sha224), + Py_HMAC_HINFO_ENTRY(sha2_256, "sha256", "SHA256", LN_sha256), + Py_HMAC_HINFO_ENTRY(sha2_384, "sha384", "SHA384", LN_sha384), + Py_HMAC_HINFO_ENTRY(sha2_512, "sha512", "SHA512", LN_sha512), + /* SHA-3 family */ + Py_HMAC_HINFO_ENTRY(sha3_224, NULL, NULL, LN_sha3_224), + Py_HMAC_HINFO_ENTRY(sha3_256, NULL, NULL, LN_sha3_256), + Py_HMAC_HINFO_ENTRY(sha3_384, NULL, NULL, LN_sha3_384), + Py_HMAC_HINFO_ENTRY(sha3_512, NULL, NULL, LN_sha3_512), + /* Blake family */ + Py_HMAC_HINFO_ENTRY(blake2s_32, "blake2s256", NULL, LN_blake2s256), + Py_HMAC_HINFO_ENTRY(blake2b_32, "blake2b512", NULL, LN_blake2b512), +#undef Py_HMAC_HINFO_ENTRY +#undef Py_HMAC_HINFO_HACL_API + /* sentinel */ + { + NULL, NULL, + Py_hmac_kind_unknown, 0, 0, + {NULL, NULL}, + NULL, NULL, NULL, + 0 + }, +}; + +static inline Py_uhash_t +py_hmac_hinfo_ht_hash(const void *name) +{ + return Py_HashBuffer(name, strlen((const char *)name)); +} + +static inline int +py_hmac_hinfo_ht_comp(const void *a, const void *b) +{ + return strcmp((const char *)a, (const char *)b) == 0; +} + +static void +py_hmac_hinfo_ht_free(void *hinfo) +{ + py_hmac_hinfo *entry = (py_hmac_hinfo *)hinfo; + assert(entry->p_name != NULL); + if (--(entry->refcnt) == 0) { + Py_CLEAR(entry->p_name); + PyMem_Free(hinfo); + } +} + +static inline int +py_hmac_hinfo_ht_add(_Py_hashtable_t *table, const void *key, void *info) +{ + if (key == NULL || _Py_hashtable_get(table, key) != NULL) { + return 0; + } + int ok = _Py_hashtable_set(table, key, info); + return ok < 0 ? -1 : ok == 0; +} + +static _Py_hashtable_t * +py_hmac_hinfo_ht_new(void) +{ + _Py_hashtable_t *table = _Py_hashtable_new_full( + py_hmac_hinfo_ht_hash, + py_hmac_hinfo_ht_comp, + NULL, + py_hmac_hinfo_ht_free, + NULL + ); + + if (table == NULL) { + return NULL; + } + + for (const py_hmac_hinfo *e = py_hmac_static_hinfo; e->name != NULL; e++) { + py_hmac_hinfo *value = PyMem_Malloc(sizeof(py_hmac_hinfo)); + if (value == NULL) { + goto error; + } + + memcpy(value, e, sizeof(py_hmac_hinfo)); + assert(value->p_name == NULL); + value->refcnt = 0; + +#define Py_HMAC_HINFO_LINK(KEY) \ + do { \ + int rc = py_hmac_hinfo_ht_add(table, KEY, value); \ + if (rc < 0) { \ + PyMem_Free(value); \ + goto error; \ + } \ + else if (rc == 1) { \ + value->refcnt++; \ + } \ + } while (0) + Py_HMAC_HINFO_LINK(e->name); + Py_HMAC_HINFO_LINK(e->hashlib_name); + Py_HMAC_HINFO_LINK(e->hashlib_altn); + Py_HMAC_HINFO_LINK(e->openssl_name); +#undef Py_HMAC_HINFO_LINK + assert(value->refcnt > 0); + value->p_name = PyUnicode_FromString(e->name); + if (value->p_name == NULL) { + PyMem_Free(value); + goto error; + } + } + + return table; + +error: + _Py_hashtable_destroy(table); + return NULL; +} + +// --- HMAC module initialization and finalization functions ------------------ + +static int +hmacmodule_init_hash_info_table(hmacmodule_state *state) +{ + state->hinfo_table = py_hmac_hinfo_ht_new(); + if (state->hinfo_table == NULL) { + // An exception other than a memory error can be raised + // by PyUnicode_FromString() or _Py_hashtable_set() when + // creating the hash table entries. + if (!PyErr_Occurred()) { + PyErr_NoMemory(); + } + return -1; + } + return 0; +} + +static int +hmacmodule_init_from_hashlib(hmacmodule_state *state) +{ + PyObject *_hashlib = PyImport_ImportModule("_hashlib"); + if (_hashlib == NULL) { + return -1; + } +#define IMPORT_FROM_HASHLIB(VAR, NAME) \ + do { \ + (VAR) = PyObject_GetAttrString(_hashlib, NAME); \ + if ((VAR) == NULL) { \ + Py_DECREF(_hashlib); \ + return -1; \ + } \ + } while (0) + + IMPORT_FROM_HASHLIB(state->hashlib_constructs_mappingproxy, + "_constructors"); + IMPORT_FROM_HASHLIB(state->hashlib_unsupported_digestmod_error, + "UnsupportedDigestmodError"); +#undef IMPORT_FROM_HASHLIB + Py_DECREF(_hashlib); + return 0; +} + +static int +hmacmodule_init_strings(hmacmodule_state *state) +{ + state->str_lower = PyUnicode_FromString("lower"); + if (state->str_lower == NULL) { + return -1; + } + return 0; +} + +static int +hmacmodule_exec(PyObject *module) +{ + hmacmodule_state *state = get_hmacmodule_state(module); + if (hmacmodule_init_hash_info_table(state) < 0) { + return -1; + } + if (hmacmodule_init_from_hashlib(state) < 0) { + return -1; + } + if (hmacmodule_init_strings(state) < 0) { + return -1; + } + return 0; +} + +static int +hmacmodule_traverse(PyObject *mod, visitproc visit, void *arg) +{ + Py_VISIT(Py_TYPE(mod)); + hmacmodule_state *state = get_hmacmodule_state(mod); + Py_VISIT(state->hashlib_constructs_mappingproxy); + Py_VISIT(state->hashlib_unsupported_digestmod_error); + Py_VISIT(state->str_lower); + return 0; +} + +static int +hmacmodule_clear(PyObject *mod) +{ + hmacmodule_state *state = get_hmacmodule_state(mod); + if (state->hinfo_table != NULL) { + _Py_hashtable_destroy(state->hinfo_table); + state->hinfo_table = NULL; + } + Py_CLEAR(state->hashlib_constructs_mappingproxy); + Py_CLEAR(state->hashlib_unsupported_digestmod_error); + Py_CLEAR(state->str_lower); + return 0; +} + +static inline void +hmacmodule_free(void *mod) +{ + (void)hmacmodule_clear((PyObject *)mod); +} + static struct PyModuleDef_Slot hmacmodule_slots[] = { + {Py_mod_exec, hmacmodule_exec}, {Py_mod_multiple_interpreters, Py_MOD_PER_INTERPRETER_GIL_SUPPORTED}, {Py_mod_gil, Py_MOD_GIL_NOT_USED}, {0, NULL} @@ -368,9 +823,12 @@ static struct PyModuleDef_Slot hmacmodule_slots[] = { static struct PyModuleDef _hmacmodule = { PyModuleDef_HEAD_INIT, .m_name = "_hmac", - .m_size = 0, + .m_size = sizeof(hmacmodule_state), .m_methods = hmacmodule_methods, .m_slots = hmacmodule_slots, + .m_traverse = hmacmodule_traverse, + .m_clear = hmacmodule_clear, + .m_free = hmacmodule_free, }; PyMODINIT_FUNC From 542738cf0e7998486138a73d36fe9820bcb1c3f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Mon, 11 Nov 2024 12:02:10 +0100 Subject: [PATCH 23/36] raise OverflowError instead of ValueError in 1-shot HMAC --- Modules/hmacmodule.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 6b5d0bf709a4a7..ed8a0e6f24f66b 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -332,7 +332,7 @@ _hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg, GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \ if (!has_uint32_t_buffer_length(&keyview)) { \ PyBuffer_Release(&keyview); \ - PyErr_SetString(PyExc_ValueError, \ + PyErr_SetString(PyExc_OverflowError, \ "key length exceeds UINT32_MAX"); \ return NULL; \ } \ @@ -340,7 +340,7 @@ _hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg, if (!has_uint32_t_buffer_length(&msgview)) { \ PyBuffer_Release(&msgview); \ PyBuffer_Release(&keyview); \ - PyErr_SetString(PyExc_ValueError, \ + PyErr_SetString(PyExc_OverflowError, \ "message length exceeds UINT32_MAX"); \ return NULL; \ } \ From 09c631ac7f7cc54cebc39d6c8c93e2edb95a7bda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Mon, 11 Nov 2024 12:03:42 +0100 Subject: [PATCH 24/36] reduce import time --- Lib/hmac.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Lib/hmac.py b/Lib/hmac.py index 8b4eb2fe741e60..98adf50bec97b9 100644 --- a/Lib/hmac.py +++ b/Lib/hmac.py @@ -3,7 +3,6 @@ Implements the HMAC algorithm as described by RFC 2104. """ -import warnings as _warnings try: import _hashlib as _hashopenssl except ImportError: @@ -84,11 +83,15 @@ def _init_old(self, key, msg, digestmod): if hasattr(self._inner, 'block_size'): blocksize = self._inner.block_size if blocksize < 16: + import warnings as _warnings + _warnings.warn('block_size of %d seems too small; using our ' 'default of %d.' % (blocksize, self.blocksize), RuntimeWarning, 2) blocksize = self.blocksize else: + import warnings as _warnings + _warnings.warn('No block_size attribute on given digest object; ' 'Assuming %d.' % (self.blocksize), RuntimeWarning, 2) From 9bee955d169435fa27e208a9cad5f70ef5f33e22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Mon, 11 Nov 2024 12:16:51 +0100 Subject: [PATCH 25/36] expose 1-shot HMAC --- Lib/hmac.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Lib/hmac.py b/Lib/hmac.py index 98adf50bec97b9..47bb25913c7891 100644 --- a/Lib/hmac.py +++ b/Lib/hmac.py @@ -13,6 +13,14 @@ compare_digest = _hashopenssl.compare_digest _functype = type(_hashopenssl.openssl_sha256) # builtin type +try: + import _hmac +except ImportError: + _hmac = None + _functype = None +else: + _functype = type(_hmac.compute_md5) # builtin type + import hashlib as _hashlib trans_5C = bytes((x ^ 0x5C) for x in range(256)) @@ -196,6 +204,12 @@ def digest(key, msg, digest): A hashlib constructor returning a new hash object. *OR* A module supporting PEP 247. """ + if _hmac is not None and isinstance(digest, (str, _functype)): + try: + return _hmac.compute_digest(key, msg, digest) + except (OverflowError, _hashopenssl.UnsupportedDigestmodError): + pass + if _hashopenssl is not None and isinstance(digest, (str, _functype)): try: return _hashopenssl.hmac_digest(key, msg, digest) From d36977f540fe175415dee5202d59a9b55b4d5bd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Mon, 11 Nov 2024 13:12:11 +0100 Subject: [PATCH 26/36] ensure that openssl is linked --- Modules/hmacmodule.c | 87 ++++++++++++++++++++++++++++++++------------ configure | 82 +++++++++++++++++++++++++++++++++++++---- configure.ac | 15 +++++++- 3 files changed, 151 insertions(+), 33 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index ed8a0e6f24f66b..a72d89d88d1fd6 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -573,6 +573,45 @@ static PyMethodDef hmacmodule_methods[] = { // --- HMAC static information table ------------------------------------------ +#define Py_OpenSSL_LN_md5 LN_md5 +#define Py_OpenSSL_LN_sha1 LN_sha1 + +#define Py_OpenSSL_LN_sha2_224 LN_sha224 +#define Py_OpenSSL_LN_sha2_256 LN_sha256 +#define Py_OpenSSL_LN_sha2_384 LN_sha384 +#define Py_OpenSSL_LN_sha2_512 LN_sha512 + +#if defined(LN_sha3_224) +# define Py_OpenSSL_LN_sha3_224 LN_sha3_224 +#else +# define Py_OpenSSL_LN_sha3_224 "sha3_224" +#endif +#if defined(LN_sha3_256) +# define Py_OpenSSL_LN_sha3_256 LN_sha3_256 +#else +# define Py_OpenSSL_LN_sha3_256 "sha3_256" +#endif +#if defined(LN_sha3_384) +# define Py_OpenSSL_LN_sha3_384 LN_sha3_384 +#else +# define Py_OpenSSL_LN_sha3_384 "sha3_384" +#endif +#if defined(LN_sha3_512) +# define Py_OpenSSL_LN_sha3_512 LN_sha3_512 +#else +# define Py_OpenSSL_LN_sha3_512 "sha3_512" +#endif + +#if defined(LN_blake2s256) +# define Py_OpenSSL_LN_blake2s_32 LN_blake2s256 +#else +# define Py_OpenSSL_LN_blake2s_32 "blake2s256" +#endif +#if defined(LN_blake2b512) +# define Py_OpenSSL_LN_blake2b_32 LN_blake2b512 +#else +# define Py_OpenSSL_LN_blake2b_32 "blake2b512" +#endif /* Static information used to construct the hash table. */ static const py_hmac_hinfo py_hmac_static_hinfo[] = { @@ -582,36 +621,36 @@ static const py_hmac_hinfo py_hmac_static_hinfo[] = { .compute_py = &_hmac_compute_## HACL_HID ##_impl, \ } -#define Py_HMAC_HINFO_ENTRY(HACL_HID, HLIB_NAME, HLIB_ALTN, OSSL_NAME) \ - { \ - .name = Py_STRINGIFY(HACL_HID), \ - .p_name = NULL, \ - .kind = Py_hmac_kind_hmac_ ## HACL_HID, \ - .block_size = Py_hmac_## HACL_HID ##_block_size, \ - .digest_size = Py_hmac_## HACL_HID ##_digest_size, \ - .api = Py_HMAC_HINFO_HACL_API(HACL_HID), \ - .hashlib_name = HLIB_NAME, \ - .hashlib_altn = HLIB_ALTN, \ - .openssl_name = OSSL_NAME, \ - .refcnt = 0, \ +#define Py_HMAC_HINFO_ENTRY(HACL_HID, HLIB_NAME, HLIB_ALTN) \ + { \ + .name = Py_STRINGIFY(HACL_HID), \ + .p_name = NULL, \ + .kind = Py_hmac_kind_hmac_ ## HACL_HID, \ + .block_size = Py_hmac_## HACL_HID ##_block_size, \ + .digest_size = Py_hmac_## HACL_HID ##_digest_size, \ + .api = Py_HMAC_HINFO_HACL_API(HACL_HID), \ + .hashlib_name = HLIB_NAME, \ + .hashlib_altn = HLIB_ALTN, \ + .openssl_name = Py_OpenSSL_LN_ ## HACL_HID, \ + .refcnt = 0, \ } /* MD5 */ - Py_HMAC_HINFO_ENTRY(md5, "md5", "MD5", LN_md5), + Py_HMAC_HINFO_ENTRY(md5, "md5", "MD5"), /* SHA-1 */ - Py_HMAC_HINFO_ENTRY(sha1, "sha1", "SHA1", LN_sha1), + Py_HMAC_HINFO_ENTRY(sha1, "sha1", "SHA1"), /* SHA-2 family */ - Py_HMAC_HINFO_ENTRY(sha2_224, "sha224", "SHA224", LN_sha224), - Py_HMAC_HINFO_ENTRY(sha2_256, "sha256", "SHA256", LN_sha256), - Py_HMAC_HINFO_ENTRY(sha2_384, "sha384", "SHA384", LN_sha384), - Py_HMAC_HINFO_ENTRY(sha2_512, "sha512", "SHA512", LN_sha512), + Py_HMAC_HINFO_ENTRY(sha2_224, "sha224", "SHA224"), + Py_HMAC_HINFO_ENTRY(sha2_256, "sha256", "SHA256"), + Py_HMAC_HINFO_ENTRY(sha2_384, "sha384", "SHA384"), + Py_HMAC_HINFO_ENTRY(sha2_512, "sha512", "SHA512"), /* SHA-3 family */ - Py_HMAC_HINFO_ENTRY(sha3_224, NULL, NULL, LN_sha3_224), - Py_HMAC_HINFO_ENTRY(sha3_256, NULL, NULL, LN_sha3_256), - Py_HMAC_HINFO_ENTRY(sha3_384, NULL, NULL, LN_sha3_384), - Py_HMAC_HINFO_ENTRY(sha3_512, NULL, NULL, LN_sha3_512), + Py_HMAC_HINFO_ENTRY(sha3_224, NULL, NULL), + Py_HMAC_HINFO_ENTRY(sha3_256, NULL, NULL), + Py_HMAC_HINFO_ENTRY(sha3_384, NULL, NULL), + Py_HMAC_HINFO_ENTRY(sha3_512, NULL, NULL), /* Blake family */ - Py_HMAC_HINFO_ENTRY(blake2s_32, "blake2s256", NULL, LN_blake2s256), - Py_HMAC_HINFO_ENTRY(blake2b_32, "blake2b512", NULL, LN_blake2b512), + Py_HMAC_HINFO_ENTRY(blake2s_32, "blake2s256", NULL), + Py_HMAC_HINFO_ENTRY(blake2b_32, "blake2b512", NULL), #undef Py_HMAC_HINFO_ENTRY #undef Py_HMAC_HINFO_HACL_API /* sentinel */ diff --git a/configure b/configure index 7009897768ebc8..78bd0c981ff002 100755 --- a/configure +++ b/configure @@ -28957,6 +28957,56 @@ LIBS=$save_LIBS +save_CFLAGS=$CFLAGS +save_CPPFLAGS=$CPPFLAGS +save_LDFLAGS=$LDFLAGS +save_LIBS=$LIBS + + + LIBS="$LIBS $LIBCRYPTO_LIBS" + CFLAGS="$CFLAGS $OPENSSL_INCLUDES" + LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH" + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL provides LN_* macros" >&5 +printf %s "checking whether OpenSSL provides LN_* macros... " >&6; } +if test ${ac_cv_working_openssl_hmac+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include // for LN_* macros + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_working_openssl_hmac=yes +else $as_nop + ac_cv_working_openssl_hmac=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_working_openssl_hmac" >&5 +printf "%s\n" "$ac_cv_working_openssl_hmac" >&6; } + +CFLAGS=$save_CFLAGS +CPPFLAGS=$save_CPPFLAGS +LDFLAGS=$save_LDFLAGS +LIBS=$save_LIBS + + + # ssl module default cipher suite string @@ -30730,26 +30780,42 @@ printf "%s\n" "$py_cv_module__blake2" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _hmac" >&5 +printf %s "checking for stdlib extension module _hmac... " >&6; } if test "$py_cv_module__hmac" != "n/a" then : + + if true +then : + if test "$ac_cv_working_openssl_hmac" = yes +then : py_cv_module__hmac=yes +else $as_nop + py_cv_module__hmac=missing fi - if test "$py_cv_module__hmac" = yes; then - MODULE__HMAC_TRUE= - MODULE__HMAC_FALSE='#' -else - MODULE__HMAC_TRUE='#' - MODULE__HMAC_FALSE= +else $as_nop + py_cv_module__hmac=disabled fi +fi as_fn_append MODULE_BLOCK "MODULE__HMAC_STATE=$py_cv_module__hmac$as_nl" if test "x$py_cv_module__hmac" = xyes then : - - + as_fn_append MODULE_BLOCK "MODULE__HMAC_CFLAGS=$OPENSSL_INCLUDES$as_nl" + as_fn_append MODULE_BLOCK "MODULE__HMAC_LDFLAGS=$OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS$as_nl" fi + if test "$py_cv_module__hmac" = yes; then + MODULE__HMAC_TRUE= + MODULE__HMAC_FALSE='#' +else + MODULE__HMAC_TRUE='#' + MODULE__HMAC_FALSE= +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $py_cv_module__hmac" >&5 +printf "%s\n" "$py_cv_module__hmac" >&6; } LIBHACL_CFLAGS='-I$(srcdir)/Modules/_hacl -I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)' diff --git a/configure.ac b/configure.ac index 51017373c526ea..2a719e868d0699 100644 --- a/configure.ac +++ b/configure.ac @@ -7387,6 +7387,18 @@ WITH_SAVE_ENV([ ]) ]) +WITH_SAVE_ENV([ + LIBS="$LIBS $LIBCRYPTO_LIBS" + CFLAGS="$CFLAGS $OPENSSL_INCLUDES" + LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH" + + AC_CACHE_CHECK([whether OpenSSL provides LN_* macros], [ac_cv_working_openssl_hmac], [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([ + #include // for LN_* macros + ], [])], [ac_cv_working_openssl_hmac=yes], [ac_cv_working_openssl_hmac=no]) + ]) +]) + # ssl module default cipher suite string AH_TEMPLATE([PY_SSL_DEFAULT_CIPHERS], [Default cipher suites list for ssl module. @@ -7801,7 +7813,8 @@ PY_STDLIB_MOD([_sha2], [test "$with_builtin_sha2" = yes]) PY_STDLIB_MOD([_sha3], [test "$with_builtin_sha3" = yes]) PY_STDLIB_MOD([_blake2], [test "$with_builtin_blake2" = yes]) -PY_STDLIB_MOD_SIMPLE([_hmac]) +PY_STDLIB_MOD([_hmac], [], [test "$ac_cv_working_openssl_hmac" = yes], + [$OPENSSL_INCLUDES], [$OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS]) LIBHACL_CFLAGS='-I$(srcdir)/Modules/_hacl -I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)' case "$ac_sys_system" in From b3aa599d9281009b8ff7f847299214f4e57d266b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Mon, 11 Nov 2024 13:30:34 +0100 Subject: [PATCH 27/36] update globals --- Modules/hmacmodule.c | 128 ++++++++++++++------------- Tools/c-analyzer/cpython/ignored.tsv | 1 + 2 files changed, 69 insertions(+), 60 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index a72d89d88d1fd6..77a5fef853dbb9 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -11,8 +11,7 @@ #include "_hacl/Hacl_HMAC.h" #include "hashlib.h" - -// HMAC underlying hash function static information. +// --- HMAC underlying hash function static information ----------------------- #define Py_hmac_hash_max_digest_size 64 @@ -23,6 +22,8 @@ #define Py_hmac_md5_compute_func Hacl_HMAC_compute_md5 +#define Py_OpenSSL_LN_md5 LN_md5 + /* SHA-1 family */ // HACL_HID = sha1 #define Py_hmac_sha1_block_size 64 @@ -30,6 +31,8 @@ #define Py_hmac_sha1_compute_func Hacl_HMAC_compute_sha1 +#define Py_OpenSSL_LN_sha1 LN_sha1 + /* SHA-2 family */ // HACL_HID = sha2_224 #define Py_hmac_sha2_224_block_size 64 @@ -37,24 +40,32 @@ #define Py_hmac_sha2_224_compute_func Hacl_HMAC_compute_sha2_224 +#define Py_OpenSSL_LN_sha2_224 LN_sha224 + // HACL_HID = sha2_256 #define Py_hmac_sha2_256_block_size 64 #define Py_hmac_sha2_256_digest_size 32 #define Py_hmac_sha2_256_compute_func Hacl_HMAC_compute_sha2_256 +#define Py_OpenSSL_LN_sha2_256 LN_sha256 + // HACL_HID = sha2_384 #define Py_hmac_sha2_384_block_size 128 #define Py_hmac_sha2_384_digest_size 48 #define Py_hmac_sha2_384_compute_func Hacl_HMAC_compute_sha2_384 +#define Py_OpenSSL_LN_sha2_384 LN_sha384 + // HACL_HID = sha2_512 #define Py_hmac_sha2_512_block_size 128 #define Py_hmac_sha2_512_digest_size 64 #define Py_hmac_sha2_512_compute_func Hacl_HMAC_compute_sha2_512 +#define Py_OpenSSL_LN_sha2_512 LN_sha512 + /* SHA-3 family */ // HACL_HID = sha3_224 #define Py_hmac_sha3_224_block_size 144 @@ -62,24 +73,48 @@ #define Py_hmac_sha3_224_compute_func Hacl_HMAC_compute_sha3_224 +#if defined(LN_sha3_224) +# define Py_OpenSSL_LN_sha3_224 LN_sha3_224 +#else +# define Py_OpenSSL_LN_sha3_224 "sha3_224" +#endif + // HACL_HID = sha3_256 #define Py_hmac_sha3_256_block_size 136 #define Py_hmac_sha3_256_digest_size 32 #define Py_hmac_sha3_256_compute_func Hacl_HMAC_compute_sha3_256 +#if defined(LN_sha3_256) +# define Py_OpenSSL_LN_sha3_256 LN_sha3_256 +#else +# define Py_OpenSSL_LN_sha3_256 "sha3_256" +#endif + // HACL_HID = sha3_384 #define Py_hmac_sha3_384_block_size 104 #define Py_hmac_sha3_384_digest_size 48 #define Py_hmac_sha3_384_compute_func Hacl_HMAC_compute_sha3_384 +#if defined(LN_sha3_384) +# define Py_OpenSSL_LN_sha3_384 LN_sha3_384 +#else +# define Py_OpenSSL_LN_sha3_384 "sha3_384" +#endif + // HACL_HID = sha3_512 #define Py_hmac_sha3_512_block_size 72 #define Py_hmac_sha3_512_digest_size 64 #define Py_hmac_sha3_512_compute_func Hacl_HMAC_compute_sha3_512 +#if defined(LN_sha3_512) +# define Py_OpenSSL_LN_sha3_512 LN_sha3_512 +#else +# define Py_OpenSSL_LN_sha3_512 "sha3_512" +#endif + /* Blake family */ // HACL_HID = blake2s_32 #define Py_hmac_blake2s_32_block_size 64 @@ -87,12 +122,24 @@ #define Py_hmac_blake2s_32_compute_func Hacl_HMAC_compute_blake2s_32 +#if defined(LN_blake2s256) +# define Py_OpenSSL_LN_blake2s_32 LN_blake2s256 +#else +# define Py_OpenSSL_LN_blake2s_32 "blake2s256" +#endif + // HACL_HID = blake2b_32 #define Py_hmac_blake2b_32_block_size 128 #define Py_hmac_blake2b_32_digest_size 64 #define Py_hmac_blake2b_32_compute_func Hacl_HMAC_compute_blake2b_32 +#if defined(LN_blake2b512) +# define Py_OpenSSL_LN_blake2b_32 LN_blake2b512 +#else +# define Py_OpenSSL_LN_blake2b_32 "blake2b512" +#endif + /* Enumeration indicating the underlying hash function used by HMAC. */ typedef enum HMAC_Hash_Kind { Py_hmac_kind_unknown = 0, @@ -167,12 +214,13 @@ typedef struct py_hmac_hinfo { py_hmac_hacl_api api; const char *hashlib_name; /* hashlib preferred name (default: name) */ - const char *hashlib_altn; /* hashlib alias (default: hashlib_name) */ const char *openssl_name; /* hashlib preferred OpenSSL alias (if any) */ Py_ssize_t refcnt; } py_hmac_hinfo; +// --- HMAC module state ------------------------------------------------------ + typedef struct hmacmodule_state { _Py_hashtable_t *hinfo_table; /* imported from _hashlib */ @@ -197,6 +245,8 @@ module _hmac #include "clinic/hmacmodule.c.h" +// --- Helpers ---------------------------------------------------------------- + static inline int find_hash_info_by_utf8name(hmacmodule_state *state, const char *name, @@ -230,7 +280,7 @@ find_hash_info_by_name(hmacmodule_state *state, } /* - * Find the corresponding HMAC static information. + * Find the corresponding HMAC hash function static information. * * If an error occurs or if nothing can be found, this * returns -1 or 0 respectively, and sets 'info' to NULL. @@ -573,46 +623,6 @@ static PyMethodDef hmacmodule_methods[] = { // --- HMAC static information table ------------------------------------------ -#define Py_OpenSSL_LN_md5 LN_md5 -#define Py_OpenSSL_LN_sha1 LN_sha1 - -#define Py_OpenSSL_LN_sha2_224 LN_sha224 -#define Py_OpenSSL_LN_sha2_256 LN_sha256 -#define Py_OpenSSL_LN_sha2_384 LN_sha384 -#define Py_OpenSSL_LN_sha2_512 LN_sha512 - -#if defined(LN_sha3_224) -# define Py_OpenSSL_LN_sha3_224 LN_sha3_224 -#else -# define Py_OpenSSL_LN_sha3_224 "sha3_224" -#endif -#if defined(LN_sha3_256) -# define Py_OpenSSL_LN_sha3_256 LN_sha3_256 -#else -# define Py_OpenSSL_LN_sha3_256 "sha3_256" -#endif -#if defined(LN_sha3_384) -# define Py_OpenSSL_LN_sha3_384 LN_sha3_384 -#else -# define Py_OpenSSL_LN_sha3_384 "sha3_384" -#endif -#if defined(LN_sha3_512) -# define Py_OpenSSL_LN_sha3_512 LN_sha3_512 -#else -# define Py_OpenSSL_LN_sha3_512 "sha3_512" -#endif - -#if defined(LN_blake2s256) -# define Py_OpenSSL_LN_blake2s_32 LN_blake2s256 -#else -# define Py_OpenSSL_LN_blake2s_32 "blake2s256" -#endif -#if defined(LN_blake2b512) -# define Py_OpenSSL_LN_blake2b_32 LN_blake2b512 -#else -# define Py_OpenSSL_LN_blake2b_32 "blake2b512" -#endif - /* Static information used to construct the hash table. */ static const py_hmac_hinfo py_hmac_static_hinfo[] = { #define Py_HMAC_HINFO_HACL_API(HACL_HID) \ @@ -621,7 +631,7 @@ static const py_hmac_hinfo py_hmac_static_hinfo[] = { .compute_py = &_hmac_compute_## HACL_HID ##_impl, \ } -#define Py_HMAC_HINFO_ENTRY(HACL_HID, HLIB_NAME, HLIB_ALTN) \ +#define Py_HMAC_HINFO_ENTRY(HACL_HID, HLIB_NAME) \ { \ .name = Py_STRINGIFY(HACL_HID), \ .p_name = NULL, \ @@ -630,27 +640,26 @@ static const py_hmac_hinfo py_hmac_static_hinfo[] = { .digest_size = Py_hmac_## HACL_HID ##_digest_size, \ .api = Py_HMAC_HINFO_HACL_API(HACL_HID), \ .hashlib_name = HLIB_NAME, \ - .hashlib_altn = HLIB_ALTN, \ .openssl_name = Py_OpenSSL_LN_ ## HACL_HID, \ .refcnt = 0, \ } /* MD5 */ - Py_HMAC_HINFO_ENTRY(md5, "md5", "MD5"), + Py_HMAC_HINFO_ENTRY(md5, "md5"), /* SHA-1 */ - Py_HMAC_HINFO_ENTRY(sha1, "sha1", "SHA1"), + Py_HMAC_HINFO_ENTRY(sha1, "sha1"), /* SHA-2 family */ - Py_HMAC_HINFO_ENTRY(sha2_224, "sha224", "SHA224"), - Py_HMAC_HINFO_ENTRY(sha2_256, "sha256", "SHA256"), - Py_HMAC_HINFO_ENTRY(sha2_384, "sha384", "SHA384"), - Py_HMAC_HINFO_ENTRY(sha2_512, "sha512", "SHA512"), + Py_HMAC_HINFO_ENTRY(sha2_224, "sha224"), + Py_HMAC_HINFO_ENTRY(sha2_256, "sha256"), + Py_HMAC_HINFO_ENTRY(sha2_384, "sha384"), + Py_HMAC_HINFO_ENTRY(sha2_512, "sha512"), /* SHA-3 family */ - Py_HMAC_HINFO_ENTRY(sha3_224, NULL, NULL), - Py_HMAC_HINFO_ENTRY(sha3_256, NULL, NULL), - Py_HMAC_HINFO_ENTRY(sha3_384, NULL, NULL), - Py_HMAC_HINFO_ENTRY(sha3_512, NULL, NULL), + Py_HMAC_HINFO_ENTRY(sha3_224, NULL), + Py_HMAC_HINFO_ENTRY(sha3_256, NULL), + Py_HMAC_HINFO_ENTRY(sha3_384, NULL), + Py_HMAC_HINFO_ENTRY(sha3_512, NULL), /* Blake family */ - Py_HMAC_HINFO_ENTRY(blake2s_32, "blake2s256", NULL), - Py_HMAC_HINFO_ENTRY(blake2b_32, "blake2b512", NULL), + Py_HMAC_HINFO_ENTRY(blake2s_32, "blake2s256"), + Py_HMAC_HINFO_ENTRY(blake2b_32, "blake2b512"), #undef Py_HMAC_HINFO_ENTRY #undef Py_HMAC_HINFO_HACL_API /* sentinel */ @@ -658,7 +667,7 @@ static const py_hmac_hinfo py_hmac_static_hinfo[] = { NULL, NULL, Py_hmac_kind_unknown, 0, 0, {NULL, NULL}, - NULL, NULL, NULL, + NULL, NULL, 0 }, }; @@ -734,7 +743,6 @@ py_hmac_hinfo_ht_new(void) } while (0) Py_HMAC_HINFO_LINK(e->name); Py_HMAC_HINFO_LINK(e->hashlib_name); - Py_HMAC_HINFO_LINK(e->hashlib_altn); Py_HMAC_HINFO_LINK(e->openssl_name); #undef Py_HMAC_HINFO_LINK assert(value->refcnt > 0); diff --git a/Tools/c-analyzer/cpython/ignored.tsv b/Tools/c-analyzer/cpython/ignored.tsv index 686f3935d91bda..4d8f5183e78ae5 100644 --- a/Tools/c-analyzer/cpython/ignored.tsv +++ b/Tools/c-analyzer/cpython/ignored.tsv @@ -302,6 +302,7 @@ Modules/cmathmodule.c - sqrt_special_values - Modules/cmathmodule.c - tanh_special_values - Modules/config.c - _PyImport_Inittab - Modules/faulthandler.c - faulthandler_handlers - +Modules/hmacmodule.c - py_hmac_static_hinfo - Modules/getnameinfo.c - gni_afdl - Modules/posixmodule.c os_getxattr_impl buffer_sizes - Modules/posixmodule.c os_listxattr_impl buffer_sizes - From 49a1294e92ededa51be75298bb1481b6a00beacf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:11:16 +0100 Subject: [PATCH 28/36] fix LN_* macro values --- Modules/hmacmodule.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 77a5fef853dbb9..7e53fd30ca4383 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -6,7 +6,7 @@ #include "pycore_hashtable.h" #include "pycore_strhex.h" // _Py_strhex() -#include // LN_* macros +#include #include "_hacl/Hacl_HMAC.h" #include "hashlib.h" @@ -76,7 +76,7 @@ #if defined(LN_sha3_224) # define Py_OpenSSL_LN_sha3_224 LN_sha3_224 #else -# define Py_OpenSSL_LN_sha3_224 "sha3_224" +# define Py_OpenSSL_LN_sha3_224 "sha3-224" #endif // HACL_HID = sha3_256 @@ -88,7 +88,7 @@ #if defined(LN_sha3_256) # define Py_OpenSSL_LN_sha3_256 LN_sha3_256 #else -# define Py_OpenSSL_LN_sha3_256 "sha3_256" +# define Py_OpenSSL_LN_sha3_256 "sha3-256" #endif // HACL_HID = sha3_384 @@ -100,7 +100,7 @@ #if defined(LN_sha3_384) # define Py_OpenSSL_LN_sha3_384 LN_sha3_384 #else -# define Py_OpenSSL_LN_sha3_384 "sha3_384" +# define Py_OpenSSL_LN_sha3_384 "sha3-384" #endif // HACL_HID = sha3_512 @@ -112,7 +112,7 @@ #if defined(LN_sha3_512) # define Py_OpenSSL_LN_sha3_512 LN_sha3_512 #else -# define Py_OpenSSL_LN_sha3_512 "sha3_512" +# define Py_OpenSSL_LN_sha3_512 "sha3-512" #endif /* Blake family */ From 06b012d55a15b857e6aefb7f778d654202ae0e7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Tue, 12 Nov 2024 12:12:28 +0100 Subject: [PATCH 29/36] improve OpenSSL name resolution --- Modules/Setup.stdlib.in | 4 +- Modules/hmacmodule.c | 242 +++++++++++++++++++++++++++------------- configure | 106 ++++++++++-------- configure.ac | 23 +++- 4 files changed, 239 insertions(+), 136 deletions(-) diff --git a/Modules/Setup.stdlib.in b/Modules/Setup.stdlib.in index 8999bf0f14a4b4..ea6b65a1071dcc 100644 --- a/Modules/Setup.stdlib.in +++ b/Modules/Setup.stdlib.in @@ -84,9 +84,6 @@ @MODULE__SHA3_TRUE@_sha3 sha3module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA3.a -D_BSD_SOURCE -D_DEFAULT_SOURCE @MODULE__BLAKE2_TRUE@_blake2 blake2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_Blake2.a -D_BSD_SOURCE -D_DEFAULT_SOURCE -# HMAC builtin, can be disabled with --without-builtin-hashlib-hmac -@MODULE__HMAC_TRUE@_hmac hmacmodule.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_HMAC.a -D_BSD_SOURCE -D_DEFAULT_SOURCE - ############################################################################ # XML and text @@ -145,6 +142,7 @@ @MODULE__SSL_TRUE@_ssl _ssl.c # needs -lcrypt @MODULE__HASHLIB_TRUE@_hashlib _hashopenssl.c +@MODULE__HMAC_TRUE@_hmac hmacmodule.c # Linux: -luuid, BSD/AIX: libc's uuid_create() @MODULE__UUID_TRUE@_uuid _uuidmodule.c diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 7e53fd30ca4383..42f1a462c13306 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -4,17 +4,33 @@ #include "Python.h" #include "pycore_hashtable.h" -#include "pycore_strhex.h" // _Py_strhex() +#include "pycore_strhex.h" // _Py_strhex() -#include +#include // EVP_* interface +#include // LN_* and NID_* macros #include "_hacl/Hacl_HMAC.h" #include "hashlib.h" +// --- OpenSSL EVP interface (used for resolving algorithm names) ------------- + +#if OPENSSL_VERSION_NUMBER >= 0x30000000L +# define Py_EVP_MD EVP_MD +# define Py_EVP_MD_fetch(ALGO) EVP_MD_fetch(NULL, ALGO, NULL) +# define Py_EVP_MD_free(MD) EVP_MD_free(MD) +#else +# define Py_EVP_MD const EVP_MD +# define Py_EVP_MD_fetch(ALGO) EVP_get_digestbyname(ALGO) +# define Py_EVP_MD_free(MD) do {} while(0) +#endif + // --- HMAC underlying hash function static information ----------------------- #define Py_hmac_hash_max_digest_size 64 +#define Py_OpenSSL_LN_MISSING NULL +#define Py_OpenSSL_NID_MISSING -1 + /* MD-5 */ // HACL_HID = md5 #define Py_hmac_md5_block_size 64 @@ -23,6 +39,7 @@ #define Py_hmac_md5_compute_func Hacl_HMAC_compute_md5 #define Py_OpenSSL_LN_md5 LN_md5 +#define Py_OpenSSL_NID_md5 NID_md5 /* SHA-1 family */ // HACL_HID = sha1 @@ -32,6 +49,7 @@ #define Py_hmac_sha1_compute_func Hacl_HMAC_compute_sha1 #define Py_OpenSSL_LN_sha1 LN_sha1 +#define Py_OpenSSL_NID_sha1 NID_sha1 /* SHA-2 family */ // HACL_HID = sha2_224 @@ -41,6 +59,7 @@ #define Py_hmac_sha2_224_compute_func Hacl_HMAC_compute_sha2_224 #define Py_OpenSSL_LN_sha2_224 LN_sha224 +#define Py_OpenSSL_NID_sha2_224 NID_sha224 // HACL_HID = sha2_256 #define Py_hmac_sha2_256_block_size 64 @@ -49,6 +68,7 @@ #define Py_hmac_sha2_256_compute_func Hacl_HMAC_compute_sha2_256 #define Py_OpenSSL_LN_sha2_256 LN_sha256 +#define Py_OpenSSL_NID_sha2_256 NID_sha256 // HACL_HID = sha2_384 #define Py_hmac_sha2_384_block_size 128 @@ -57,6 +77,7 @@ #define Py_hmac_sha2_384_compute_func Hacl_HMAC_compute_sha2_384 #define Py_OpenSSL_LN_sha2_384 LN_sha384 +#define Py_OpenSSL_NID_sha2_384 NID_sha384 // HACL_HID = sha2_512 #define Py_hmac_sha2_512_block_size 128 @@ -65,6 +86,7 @@ #define Py_hmac_sha2_512_compute_func Hacl_HMAC_compute_sha2_512 #define Py_OpenSSL_LN_sha2_512 LN_sha512 +#define Py_OpenSSL_NID_sha2_512 NID_sha512 /* SHA-3 family */ // HACL_HID = sha3_224 @@ -73,10 +95,12 @@ #define Py_hmac_sha3_224_compute_func Hacl_HMAC_compute_sha3_224 -#if defined(LN_sha3_224) +#if defined(LN_sha3_224) && defined(NID_sha3_224) # define Py_OpenSSL_LN_sha3_224 LN_sha3_224 +# define Py_OpenSSL_NID_sha3_224 NID_sha3_224 #else -# define Py_OpenSSL_LN_sha3_224 "sha3-224" +# define Py_OpenSSL_LN_sha3_224 Py_OpenSSL_LN_MISSING +# define Py_OpenSSL_NID_sha3_224 Py_OpenSSL_NID_MISSING #endif // HACL_HID = sha3_256 @@ -85,10 +109,12 @@ #define Py_hmac_sha3_256_compute_func Hacl_HMAC_compute_sha3_256 -#if defined(LN_sha3_256) +#if defined(LN_sha3_256) && defined(NID_sha3_256) # define Py_OpenSSL_LN_sha3_256 LN_sha3_256 +# define Py_OpenSSL_NID_sha3_256 NID_sha3_256 #else -# define Py_OpenSSL_LN_sha3_256 "sha3-256" +# define Py_OpenSSL_LN_sha3_256 Py_OpenSSL_LN_MISSING +# define Py_OpenSSL_NID_sha3_256 Py_OpenSSL_NID_MISSING #endif // HACL_HID = sha3_384 @@ -97,10 +123,12 @@ #define Py_hmac_sha3_384_compute_func Hacl_HMAC_compute_sha3_384 -#if defined(LN_sha3_384) +#if defined(LN_sha3_384) && defined(NID_sha3_384) # define Py_OpenSSL_LN_sha3_384 LN_sha3_384 +# define Py_OpenSSL_NID_sha3_384 NID_sha3_384 #else -# define Py_OpenSSL_LN_sha3_384 "sha3-384" +# define Py_OpenSSL_LN_sha3_384 Py_OpenSSL_LN_MISSING +# define Py_OpenSSL_NID_sha3_384 Py_OpenSSL_NID_MISSING #endif // HACL_HID = sha3_512 @@ -109,10 +137,12 @@ #define Py_hmac_sha3_512_compute_func Hacl_HMAC_compute_sha3_512 -#if defined(LN_sha3_512) +#if defined(LN_sha3_512) && defined(NID_sha3_512) # define Py_OpenSSL_LN_sha3_512 LN_sha3_512 +# define Py_OpenSSL_NID_sha3_512 NID_sha3_512 #else -# define Py_OpenSSL_LN_sha3_512 "sha3-512" +# define Py_OpenSSL_LN_sha3_512 Py_OpenSSL_LN_MISSING +# define Py_OpenSSL_NID_sha3_512 Py_OpenSSL_NID_MISSING #endif /* Blake family */ @@ -122,10 +152,12 @@ #define Py_hmac_blake2s_32_compute_func Hacl_HMAC_compute_blake2s_32 -#if defined(LN_blake2s256) +#if defined(LN_blake2s256) && defined(NID_blake2s256) # define Py_OpenSSL_LN_blake2s_32 LN_blake2s256 +# define Py_OpenSSL_NID_blake2s_32 NID_blake2s256 #else -# define Py_OpenSSL_LN_blake2s_32 "blake2s256" +# define Py_OpenSSL_LN_blake2s_32 Py_OpenSSL_LN_MISSING +# define Py_OpenSSL_NID_blake2s_32 Py_OpenSSL_NID_MISSING #endif // HACL_HID = blake2b_32 @@ -134,10 +166,12 @@ #define Py_hmac_blake2b_32_compute_func Hacl_HMAC_compute_blake2b_32 -#if defined(LN_blake2b512) +#if defined(LN_blake2b512) && defined(NID_blake2b512) # define Py_OpenSSL_LN_blake2b_32 LN_blake2b512 +# define Py_OpenSSL_NID_blake2b_32 NID_blake2b512 #else -# define Py_OpenSSL_LN_blake2b_32 "blake2b512" +# define Py_OpenSSL_LN_blake2b_32 Py_OpenSSL_LN_MISSING +# define Py_OpenSSL_NID_blake2b_32 Py_OpenSSL_NID_MISSING #endif /* Enumeration indicating the underlying hash function used by HMAC. */ @@ -214,7 +248,8 @@ typedef struct py_hmac_hinfo { py_hmac_hacl_api api; const char *hashlib_name; /* hashlib preferred name (default: name) */ - const char *openssl_name; /* hashlib preferred OpenSSL alias (if any) */ + const char *openssl_name; /* OpenSSL EVP preferred name (NULL if none) */ + int openssl_nid; /* OpenSSL EVP NID (-1 if none) */ Py_ssize_t refcnt; } py_hmac_hinfo; @@ -247,36 +282,133 @@ module _hmac // --- Helpers ---------------------------------------------------------------- -static inline int +/* Static information used to construct the hash table. */ +static const py_hmac_hinfo py_hmac_static_hinfo[] = { +#define Py_HMAC_HINFO_HACL_API(HACL_HID) \ + { \ + .compute = &Py_hmac_## HACL_HID ##_compute_func, \ + .compute_py = &_hmac_compute_## HACL_HID ##_impl, \ + } + +#define Py_HMAC_HINFO_ENTRY(HACL_HID, HLIB_NAME) \ + { \ + .name = Py_STRINGIFY(HACL_HID), \ + .p_name = NULL, \ + .kind = Py_hmac_kind_hmac_ ## HACL_HID, \ + .block_size = Py_hmac_## HACL_HID ##_block_size, \ + .digest_size = Py_hmac_## HACL_HID ##_digest_size, \ + .api = Py_HMAC_HINFO_HACL_API(HACL_HID), \ + .hashlib_name = HLIB_NAME, \ + .openssl_name = Py_OpenSSL_LN_ ## HACL_HID, \ + .openssl_nid = Py_OpenSSL_NID_ ## HACL_HID, \ + .refcnt = 0, \ + } + /* MD5 */ + Py_HMAC_HINFO_ENTRY(md5, "md5"), + /* SHA-1 */ + Py_HMAC_HINFO_ENTRY(sha1, "sha1"), + /* SHA-2 family */ + Py_HMAC_HINFO_ENTRY(sha2_224, "sha224"), + Py_HMAC_HINFO_ENTRY(sha2_256, "sha256"), + Py_HMAC_HINFO_ENTRY(sha2_384, "sha384"), + Py_HMAC_HINFO_ENTRY(sha2_512, "sha512"), + /* SHA-3 family */ + Py_HMAC_HINFO_ENTRY(sha3_224, NULL), + Py_HMAC_HINFO_ENTRY(sha3_256, NULL), + Py_HMAC_HINFO_ENTRY(sha3_384, NULL), + Py_HMAC_HINFO_ENTRY(sha3_512, NULL), + /* Blake family */ + Py_HMAC_HINFO_ENTRY(blake2s_32, "blake2s256"), + Py_HMAC_HINFO_ENTRY(blake2b_32, "blake2b512"), +#undef Py_HMAC_HINFO_ENTRY +#undef Py_HMAC_HINFO_HACL_API + /* sentinel */ + { + NULL, NULL, Py_hmac_kind_unknown, 0, 0, + {NULL, NULL}, + NULL, Py_OpenSSL_LN_MISSING, Py_OpenSSL_NID_MISSING, + 0, + }, +}; + +static inline bool find_hash_info_by_utf8name(hmacmodule_state *state, const char *name, const py_hmac_hinfo **info) { - if (name == NULL) { - *info = NULL; - return -1; - } + assert(name != NULL); *info = _Py_hashtable_get(state->hinfo_table, name); return *info != NULL; } +static bool +find_hash_info_by_evp_nid(hmacmodule_state *state, + int openssl_nid, + const py_hmac_hinfo **info) +{ + assert(openssl_nid != Py_OpenSSL_NID_MISSING); + for (const py_hmac_hinfo *e = py_hmac_static_hinfo; e->name != NULL; e++) { + if (e->openssl_nid == openssl_nid) { + assert(e->openssl_name != Py_OpenSSL_LN_MISSING); + *info = e; + return 1; + } + } + *info = NULL; + return 0; +} + +static bool +find_hash_info_by_evp_name(hmacmodule_state *state, + const char *openssl_name, + const py_hmac_hinfo **info) +{ + assert(openssl_name != NULL); + Py_EVP_MD *digest = Py_EVP_MD_fetch(openssl_name); + if (digest == NULL) { + *info = NULL; + return 0; + } + int nid = EVP_MD_nid(digest); + Py_EVP_MD_free(digest); + return find_hash_info_by_evp_nid(state, nid, info); +} + static int find_hash_info_by_name(hmacmodule_state *state, PyObject *name, const py_hmac_hinfo **info) { - int rc = find_hash_info_by_utf8name(state, PyUnicode_AsUTF8(name), info); - if (rc == 0) { - // try to find an alternative using the lowercase name - PyObject *lower = PyObject_CallMethodNoArgs(name, state->str_lower); - if (lower == NULL) { - *info = NULL; - return -1; - } - rc = find_hash_info_by_utf8name(state, PyUnicode_AsUTF8(lower), info); + const char *utf8name = PyUnicode_AsUTF8(name); + if (utf8name == NULL) { + goto error; + } + if (find_hash_info_by_utf8name(state, utf8name, info)) { + return 1; + } + + // try to find an alternative using the lowercase name + PyObject *lower = PyObject_CallMethodNoArgs(name, state->str_lower); + if (lower == NULL) { + goto error; + } + const char *utf8lower = PyUnicode_AsUTF8(lower); + if (utf8lower == NULL) { Py_DECREF(lower); + goto error; } - return rc; + int found = find_hash_info_by_utf8name(state, utf8lower, info); + Py_DECREF(lower); + if (found) { + return 1; + } + + // try to resolve via OpenSSL EVP interface as a last resort (slow) + return find_hash_info_by_evp_name(state, utf8name, info); + +error: + *info = NULL; + return -1; } /* @@ -363,6 +495,7 @@ _hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg, hmacmodule_state *state = get_hmacmodule_state(module); const py_hmac_hinfo *info = find_hash_info(state, digestmod); if (info == NULL) { + assert(PyErr_Occurred()); return NULL; } assert(info->api.compute_py != NULL); @@ -623,55 +756,6 @@ static PyMethodDef hmacmodule_methods[] = { // --- HMAC static information table ------------------------------------------ -/* Static information used to construct the hash table. */ -static const py_hmac_hinfo py_hmac_static_hinfo[] = { -#define Py_HMAC_HINFO_HACL_API(HACL_HID) \ - { \ - .compute = &Py_hmac_## HACL_HID ##_compute_func, \ - .compute_py = &_hmac_compute_## HACL_HID ##_impl, \ - } - -#define Py_HMAC_HINFO_ENTRY(HACL_HID, HLIB_NAME) \ - { \ - .name = Py_STRINGIFY(HACL_HID), \ - .p_name = NULL, \ - .kind = Py_hmac_kind_hmac_ ## HACL_HID, \ - .block_size = Py_hmac_## HACL_HID ##_block_size, \ - .digest_size = Py_hmac_## HACL_HID ##_digest_size, \ - .api = Py_HMAC_HINFO_HACL_API(HACL_HID), \ - .hashlib_name = HLIB_NAME, \ - .openssl_name = Py_OpenSSL_LN_ ## HACL_HID, \ - .refcnt = 0, \ - } - /* MD5 */ - Py_HMAC_HINFO_ENTRY(md5, "md5"), - /* SHA-1 */ - Py_HMAC_HINFO_ENTRY(sha1, "sha1"), - /* SHA-2 family */ - Py_HMAC_HINFO_ENTRY(sha2_224, "sha224"), - Py_HMAC_HINFO_ENTRY(sha2_256, "sha256"), - Py_HMAC_HINFO_ENTRY(sha2_384, "sha384"), - Py_HMAC_HINFO_ENTRY(sha2_512, "sha512"), - /* SHA-3 family */ - Py_HMAC_HINFO_ENTRY(sha3_224, NULL), - Py_HMAC_HINFO_ENTRY(sha3_256, NULL), - Py_HMAC_HINFO_ENTRY(sha3_384, NULL), - Py_HMAC_HINFO_ENTRY(sha3_512, NULL), - /* Blake family */ - Py_HMAC_HINFO_ENTRY(blake2s_32, "blake2s256"), - Py_HMAC_HINFO_ENTRY(blake2b_32, "blake2b512"), -#undef Py_HMAC_HINFO_ENTRY -#undef Py_HMAC_HINFO_HACL_API - /* sentinel */ - { - NULL, NULL, - Py_hmac_kind_unknown, 0, 0, - {NULL, NULL}, - NULL, NULL, - 0 - }, -}; - static inline Py_uhash_t py_hmac_hinfo_ht_hash(const void *name) { diff --git a/configure b/configure index 78bd0c981ff002..52a13f94454755 100755 --- a/configure +++ b/configure @@ -681,6 +681,8 @@ MODULE__TESTCLINIC_FALSE MODULE__TESTCLINIC_TRUE MODULE__TESTCAPI_FALSE MODULE__TESTCAPI_TRUE +MODULE__HMAC_FALSE +MODULE__HMAC_TRUE MODULE__HASHLIB_FALSE MODULE__HASHLIB_TRUE MODULE__SSL_FALSE @@ -718,8 +720,6 @@ LIBHACL_SIMD256_FLAGS LIBHACL_SIMD128_OBJS LIBHACL_SIMD128_FLAGS LIBHACL_CFLAGS -MODULE__HMAC_FALSE -MODULE__HMAC_TRUE MODULE__BLAKE2_FALSE MODULE__BLAKE2_TRUE MODULE__SHA3_FALSE @@ -28967,8 +28967,8 @@ save_LIBS=$LIBS CFLAGS="$CFLAGS $OPENSSL_INCLUDES" LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH" - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL provides LN_* macros" >&5 -printf %s "checking whether OpenSSL provides LN_* macros... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL provides required hmac module APIs" >&5 +printf %s "checking whether OpenSSL provides required hmac module APIs... " >&6; } if test ${ac_cv_working_openssl_hmac+y} then : printf %s "(cached) " >&6 @@ -28977,12 +28977,23 @@ else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #include // for LN_* macros + #include + #include + #if OPENSSL_VERSION_NUMBER < 0x10101000L + #error "OpenSSL >= 1.1.1 is required" + #endif int main (void) { + OBJ_nid2sn(NID_md5); + OBJ_nid2sn(NID_sha1); + OBJ_nid2sn(NID_sha224); + OBJ_nid2sn(NID_sha256); + OBJ_nid2sn(NID_sha384); + OBJ_nid2sn(NID_sha512); + ; return 0; } @@ -30779,45 +30790,6 @@ fi printf "%s\n" "$py_cv_module__blake2" >&6; } - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _hmac" >&5 -printf %s "checking for stdlib extension module _hmac... " >&6; } - if test "$py_cv_module__hmac" != "n/a" -then : - - if true -then : - if test "$ac_cv_working_openssl_hmac" = yes -then : - py_cv_module__hmac=yes -else $as_nop - py_cv_module__hmac=missing -fi -else $as_nop - py_cv_module__hmac=disabled -fi - -fi - as_fn_append MODULE_BLOCK "MODULE__HMAC_STATE=$py_cv_module__hmac$as_nl" - if test "x$py_cv_module__hmac" = xyes -then : - - as_fn_append MODULE_BLOCK "MODULE__HMAC_CFLAGS=$OPENSSL_INCLUDES$as_nl" - as_fn_append MODULE_BLOCK "MODULE__HMAC_LDFLAGS=$OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS$as_nl" - -fi - if test "$py_cv_module__hmac" = yes; then - MODULE__HMAC_TRUE= - MODULE__HMAC_FALSE='#' -else - MODULE__HMAC_TRUE='#' - MODULE__HMAC_FALSE= -fi - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $py_cv_module__hmac" >&5 -printf "%s\n" "$py_cv_module__hmac" >&6; } - - LIBHACL_CFLAGS='-I$(srcdir)/Modules/_hacl -I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)' case "$ac_sys_system" in Linux*) @@ -31564,6 +31536,44 @@ fi printf "%s\n" "$py_cv_module__hashlib" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _hmac" >&5 +printf %s "checking for stdlib extension module _hmac... " >&6; } + if test "$py_cv_module__hmac" != "n/a" +then : + + if true +then : + if test "$ac_cv_working_openssl_hmac" = yes +then : + py_cv_module__hmac=yes +else $as_nop + py_cv_module__hmac=missing +fi +else $as_nop + py_cv_module__hmac=disabled +fi + +fi + as_fn_append MODULE_BLOCK "MODULE__HMAC_STATE=$py_cv_module__hmac$as_nl" + if test "x$py_cv_module__hmac" = xyes +then : + + as_fn_append MODULE_BLOCK "MODULE__HMAC_CFLAGS=$LIBHACL_CFLAGS $OPENSSL_INCLUDES$as_nl" + as_fn_append MODULE_BLOCK "MODULE__HMAC_LDFLAGS=$LIBHACL_CFLAGS $srcdir/Modules/_hacl/libHacl_HMAC.a $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS$as_nl" + +fi + if test "$py_cv_module__hmac" = yes; then + MODULE__HMAC_TRUE= + MODULE__HMAC_FALSE='#' +else + MODULE__HMAC_TRUE='#' + MODULE__HMAC_FALSE= +fi + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $py_cv_module__hmac" >&5 +printf "%s\n" "$py_cv_module__hmac" >&6; } + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _testcapi" >&5 printf %s "checking for stdlib extension module _testcapi... " >&6; } @@ -32461,10 +32471,6 @@ if test -z "${MODULE__BLAKE2_TRUE}" && test -z "${MODULE__BLAKE2_FALSE}"; then as_fn_error $? "conditional \"MODULE__BLAKE2\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${MODULE__HMAC_TRUE}" && test -z "${MODULE__HMAC_FALSE}"; then - as_fn_error $? "conditional \"MODULE__HMAC\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi if test -z "${MODULE__CTYPES_TRUE}" && test -z "${MODULE__CTYPES_FALSE}"; then as_fn_error $? "conditional \"MODULE__CTYPES\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -32529,6 +32535,10 @@ if test -z "${MODULE__HASHLIB_TRUE}" && test -z "${MODULE__HASHLIB_FALSE}"; then as_fn_error $? "conditional \"MODULE__HASHLIB\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${MODULE__HMAC_TRUE}" && test -z "${MODULE__HMAC_FALSE}"; then + as_fn_error $? "conditional \"MODULE__HMAC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${MODULE__TESTCAPI_TRUE}" && test -z "${MODULE__TESTCAPI_FALSE}"; then as_fn_error $? "conditional \"MODULE__TESTCAPI\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 diff --git a/configure.ac b/configure.ac index 2a719e868d0699..dd261edcfa76ba 100644 --- a/configure.ac +++ b/configure.ac @@ -7392,10 +7392,21 @@ WITH_SAVE_ENV([ CFLAGS="$CFLAGS $OPENSSL_INCLUDES" LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH" - AC_CACHE_CHECK([whether OpenSSL provides LN_* macros], [ac_cv_working_openssl_hmac], [ + AC_CACHE_CHECK([whether OpenSSL provides required hmac module APIs], [ac_cv_working_openssl_hmac], [ AC_LINK_IFELSE([AC_LANG_PROGRAM([ - #include // for LN_* macros - ], [])], [ac_cv_working_openssl_hmac=yes], [ac_cv_working_openssl_hmac=no]) + #include + #include + #if OPENSSL_VERSION_NUMBER < 0x10101000L + #error "OpenSSL >= 1.1.1 is required" + #endif + ], [ + OBJ_nid2sn(NID_md5); + OBJ_nid2sn(NID_sha1); + OBJ_nid2sn(NID_sha224); + OBJ_nid2sn(NID_sha256); + OBJ_nid2sn(NID_sha384); + OBJ_nid2sn(NID_sha512); + ])], [ac_cv_working_openssl_hmac=yes], [ac_cv_working_openssl_hmac=no]) ]) ]) @@ -7813,9 +7824,6 @@ PY_STDLIB_MOD([_sha2], [test "$with_builtin_sha2" = yes]) PY_STDLIB_MOD([_sha3], [test "$with_builtin_sha3" = yes]) PY_STDLIB_MOD([_blake2], [test "$with_builtin_blake2" = yes]) -PY_STDLIB_MOD([_hmac], [], [test "$ac_cv_working_openssl_hmac" = yes], - [$OPENSSL_INCLUDES], [$OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS]) - LIBHACL_CFLAGS='-I$(srcdir)/Modules/_hacl -I$(srcdir)/Modules/_hacl/include -D_BSD_SOURCE -D_DEFAULT_SOURCE $(PY_STDMODULE_CFLAGS) $(CCSHARED)' case "$ac_sys_system" in Linux*) @@ -7931,6 +7939,9 @@ PY_STDLIB_MOD([_ssl], [], [test "$ac_cv_working_openssl_ssl" = yes], [$OPENSSL_INCLUDES], [$OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $OPENSSL_LIBS]) PY_STDLIB_MOD([_hashlib], [], [test "$ac_cv_working_openssl_hashlib" = yes], [$OPENSSL_INCLUDES], [$OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS]) +PY_STDLIB_MOD([_hmac], [], [test "$ac_cv_working_openssl_hmac" = yes], + [$LIBHACL_CFLAGS $OPENSSL_INCLUDES], + [$LIBHACL_CFLAGS $srcdir/Modules/_hacl/libHacl_HMAC.a $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS]) dnl test modules PY_STDLIB_MOD([_testcapi], From 82c610cf06c91d563b2af2dd549df58e8427a52c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Tue, 12 Nov 2024 13:11:41 +0100 Subject: [PATCH 30/36] update comment --- Modules/hmacmodule.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 42f1a462c13306..841a737fda84f5 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -145,7 +145,7 @@ # define Py_OpenSSL_NID_sha3_512 Py_OpenSSL_NID_MISSING #endif -/* Blake family */ +/* Blake2 family */ // HACL_HID = blake2s_32 #define Py_hmac_blake2s_32_block_size 64 #define Py_hmac_blake2s_32_digest_size 32 From ff8cf2fc2062ba8ef2332f54493fc2fac97e1791 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Tue, 12 Nov 2024 13:37:48 +0100 Subject: [PATCH 31/36] fix configure? --- configure | 2 +- configure.ac | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configure b/configure index 52a13f94454755..e1358dc3bdcc64 100755 --- a/configure +++ b/configure @@ -31559,7 +31559,7 @@ fi then : as_fn_append MODULE_BLOCK "MODULE__HMAC_CFLAGS=$LIBHACL_CFLAGS $OPENSSL_INCLUDES$as_nl" - as_fn_append MODULE_BLOCK "MODULE__HMAC_LDFLAGS=$LIBHACL_CFLAGS $srcdir/Modules/_hacl/libHacl_HMAC.a $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS$as_nl" + as_fn_append MODULE_BLOCK "MODULE__HMAC_LDFLAGS=$LIBHACL_CFLAGS Modules/_hacl/libHacl_HMAC.a $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS$as_nl" fi if test "$py_cv_module__hmac" = yes; then diff --git a/configure.ac b/configure.ac index dd261edcfa76ba..05a858e6347097 100644 --- a/configure.ac +++ b/configure.ac @@ -7941,7 +7941,7 @@ PY_STDLIB_MOD([_hashlib], [], [test "$ac_cv_working_openssl_hashlib" = yes], [$OPENSSL_INCLUDES], [$OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS]) PY_STDLIB_MOD([_hmac], [], [test "$ac_cv_working_openssl_hmac" = yes], [$LIBHACL_CFLAGS $OPENSSL_INCLUDES], - [$LIBHACL_CFLAGS $srcdir/Modules/_hacl/libHacl_HMAC.a $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS]) + [$LIBHACL_CFLAGS Modules/_hacl/libHacl_HMAC.a $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS]) dnl test modules PY_STDLIB_MOD([_testcapi], From fba3778bc0f8351a30b46d5891d18a6b401a341a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Fri, 15 Nov 2024 10:24:12 +0100 Subject: [PATCH 32/36] sbom --- Misc/sbom.spdx.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Misc/sbom.spdx.json b/Misc/sbom.spdx.json index 0d574f9569f423..cf1a385f6b6e76 100644 --- a/Misc/sbom.spdx.json +++ b/Misc/sbom.spdx.json @@ -2337,4 +2337,4 @@ } ], "spdxVersion": "SPDX-2.3" -} +} \ No newline at end of file From 5c3cbfdf9f838e6f23bced3987cba25fe4f38e63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Fri, 15 Nov 2024 10:28:50 +0100 Subject: [PATCH 33/36] remove unused imports --- Modules/hmacmodule.c | 1 - 1 file changed, 1 deletion(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 841a737fda84f5..0d8be53dda81c9 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -4,7 +4,6 @@ #include "Python.h" #include "pycore_hashtable.h" -#include "pycore_strhex.h" // _Py_strhex() #include // EVP_* interface #include // LN_* and NID_* macros From 379cbef23fbb16b34919310116c39f5bd0b85646 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Tue, 19 Nov 2024 12:21:15 +0100 Subject: [PATCH 34/36] cosmetic changes for future resolution --- Modules/hmacmodule.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 0d8be53dda81c9..f07d3e47244bb1 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -5,8 +5,8 @@ #include "Python.h" #include "pycore_hashtable.h" -#include // EVP_* interface -#include // LN_* and NID_* macros +#include // EVP_* interface +#include // LN_* and NID_* macros #include "_hacl/Hacl_HMAC.h" #include "hashlib.h" @@ -200,7 +200,6 @@ typedef void (*HACL_HMAC_compute_func)(uint8_t *out, uint8_t *key, uint32_t keylen, uint8_t *msg, uint32_t msglen); - /* Function pointer type for 1-shot HACL* HMAC CPython AC functions. */ typedef PyObject * (*PYAC_HMAC_compute_func)(PyObject *module, PyObject *key, PyObject *msg); From 960aa7355c6683667f8827701f282542c38ecf76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Thu, 28 Nov 2024 12:02:16 +0100 Subject: [PATCH 35/36] fix memory leak --- Modules/hmacmodule.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index f07d3e47244bb1..3bda08cfdf4089 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -517,7 +517,10 @@ _hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg, "key length exceeds UINT32_MAX"); \ return NULL; \ } \ - GET_BUFFER_VIEW_OR_ERROUT((MSG), &msgview); \ + GET_BUFFER_VIEW_OR_ERROR( \ + (MSG), &msgview, \ + PyBuffer_Release(&keyview); return NULL \ + ); \ if (!has_uint32_t_buffer_length(&msgview)) { \ PyBuffer_Release(&msgview); \ PyBuffer_Release(&keyview); \ From 074f9ab692ac8c3456f0801e38152a3332799831 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Thu, 28 Nov 2024 12:05:39 +0100 Subject: [PATCH 36/36] add #define for error messages --- Modules/hmacmodule.c | 68 +++++++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 33 deletions(-) diff --git a/Modules/hmacmodule.c b/Modules/hmacmodule.c index 3bda08cfdf4089..0a1d1439b0aa3a 100644 --- a/Modules/hmacmodule.c +++ b/Modules/hmacmodule.c @@ -23,6 +23,11 @@ # define Py_EVP_MD_free(MD) do {} while(0) #endif +// --- Reusable error messages ------------------------------------------------ + +#define INVALID_KEY_LENGTH "key length exceeds UINT32_MAX" +#define INVALID_MSG_LENGTH "message length exceeds UINT32_MAX" + // --- HMAC underlying hash function static information ----------------------- #define Py_hmac_hash_max_digest_size 64 @@ -507,39 +512,36 @@ _hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg, * lest an OverflowError is raised. The Python implementation takes care * of dispatching to the OpenSSL implementation in this case. */ -#define Py_HMAC_HACL_ONESHOT(HACL_HID, KEY, MSG) \ - do { \ - Py_buffer keyview, msgview; \ - GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \ - if (!has_uint32_t_buffer_length(&keyview)) { \ - PyBuffer_Release(&keyview); \ - PyErr_SetString(PyExc_OverflowError, \ - "key length exceeds UINT32_MAX"); \ - return NULL; \ - } \ - GET_BUFFER_VIEW_OR_ERROR( \ - (MSG), &msgview, \ - PyBuffer_Release(&keyview); return NULL \ - ); \ - if (!has_uint32_t_buffer_length(&msgview)) { \ - PyBuffer_Release(&msgview); \ - PyBuffer_Release(&keyview); \ - PyErr_SetString(PyExc_OverflowError, \ - "message length exceeds UINT32_MAX"); \ - return NULL; \ - } \ - uint8_t out[Py_hmac_## HACL_HID ##_digest_size]; \ - Py_hmac_## HACL_HID ##_compute_func( \ - out, \ - (uint8_t *)keyview.buf, (uint32_t)keyview.len, \ - (uint8_t *)msgview.buf, (uint32_t)msgview.len \ - ); \ - PyBuffer_Release(&msgview); \ - PyBuffer_Release(&keyview); \ - return PyBytes_FromStringAndSize( \ - (const char *)out, \ - Py_hmac_## HACL_HID ##_digest_size \ - ); \ +#define Py_HMAC_HACL_ONESHOT(HACL_HID, KEY, MSG) \ + do { \ + Py_buffer keyview, msgview; \ + GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \ + if (!has_uint32_t_buffer_length(&keyview)) { \ + PyBuffer_Release(&keyview); \ + PyErr_SetString(PyExc_OverflowError, INVALID_KEY_LENGTH); \ + return NULL; \ + } \ + GET_BUFFER_VIEW_OR_ERROR((MSG), &msgview, \ + PyBuffer_Release(&keyview); \ + return NULL); \ + if (!has_uint32_t_buffer_length(&msgview)) { \ + PyBuffer_Release(&msgview); \ + PyBuffer_Release(&keyview); \ + PyErr_SetString(PyExc_OverflowError, INVALID_MSG_LENGTH); \ + return NULL; \ + } \ + uint8_t out[Py_hmac_## HACL_HID ##_digest_size]; \ + Py_hmac_## HACL_HID ##_compute_func( \ + out, \ + (uint8_t *)keyview.buf, (uint32_t)keyview.len, \ + (uint8_t *)msgview.buf, (uint32_t)msgview.len \ + ); \ + PyBuffer_Release(&msgview); \ + PyBuffer_Release(&keyview); \ + return PyBytes_FromStringAndSize( \ + (const char *)out, \ + Py_hmac_## HACL_HID ##_digest_size \ + ); \ } while (0) /*[clinic input]