8000 gh-99108: add HACL*-based 1-shot HMAC implementation by picnixz · Pull Request #126359 · python/cpython · GitHub
[go: up one dir, main page]
Skip to content

gh-99108: add HACL*-based 1-shot HMAC implementation #126359

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 38 commits into from
Closed

gh-99108: add HACL*-based 1-shot HMAC implementation #126359

Changes from 1 commit
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
6336160
Pull HACL* HMAC.
picnixz Nov 3, 2024
5a410f8
Update SBOM files
picnixz Nov 3, 2024
c1c7c92
Update HACL (CPython) namespace
picnixz Nov 3, 2024
2901987
Update HACL (CPython) README
picnixz Nov 3, 2024
92a1e76
Update `configure` script
picnixz Nov 3, 2024
027964b
Update Makefile scripts
picnixz Nov 3, 2024
17a2e46
Update MSVC project
picnixz Nov 3, 2024
186094b
Implement HACL* HMAC module
picnixz Nov 3, 2024
b10c729
fix blake2b digest size
picnixz Nov 7, 2024
6a3515f
drop un-necessary `@critical_section`
picnixz Nov 7, 2024
612974e
Improve 1-shot macro
picnixz Nov 7, 2024
e714135
Define HMAC static information
picnixz Nov 7, 2024
9fb6300
reduce the possibility of typos
picnixz Nov 8, 2024
755d6c0
update names
picnixz Nov 8, 2024
89c5f89
cleanup
picnixz Nov 8, 2024
755aca6
cleanup
picnixz Nov 8, 2024
1ddbe26
improve naming
picnixz Nov 8, 2024
12fbfc4
Update HACL* project.
picnixz Nov 8, 2024
448b0ba
Merge remote-tracking branch 'upstream/main' into hacl/HMAC-99108
picnixz Nov 8, 2024
39be4b1
update SBOM files
picnixz Nov 9, 2024
5ae6b6d
cosmetic cleanups
picnixz Nov 9, 2024
49083aa
unconditionally build `_hmac` extension module
picnixz Nov 11, 2024
dd80600
implement hash algorithm resolution
picnixz Nov 11, 2024
542738c
raise OverflowError instead of ValueError in 1-shot HMAC
picnixz Nov 11, 2024
09c631a
reduce import time
picnixz Nov 11, 2024
9bee955
expose 1-shot HMAC
picnixz Nov 11, 2024
d36977f
ensure that openssl is linked
picnixz Nov 11, 2024
b3aa599
update globals
picnixz Nov 11, 2024
49a1294
fix LN_* macro values
picnixz Nov 12, 2024
06b012d
improve OpenSSL name resolution
picnixz Nov 12, 2024
82c610c
update comment
picnixz Nov 12, 2024
ff8cf2f
fix configure?
picnixz Nov 12, 2024
7af7eb6
Merge remote-tracking branch 'upstream/main' into hacl/HMAC-99108
picnixz Nov 15, 2024
fba3778
sbom
picnixz Nov 15, 2024
5c3cbfd
remove unused imports
picnixz Nov 15, 2024
379cbef
cosmetic changes for future resolution
picnixz Nov 19, 2024
960aa73
fix memory leak
picnixz Nov 28, 2024
074f9ab
add #define for error messages
picnixz Nov 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
reduce the possibility of typos
  • Loading branch information
@picnixz
picnixz committed Nov 8, 2024
commit 9fb6300a5047721d200a38b83cd41f4f537fb92c
142 changes: 75 additions & 67 deletions Modules/hmacmodule.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,57 +16,83 @@ typedef void (*HACL_HMAC_digest_func_t)(uint8_t *out,
// HMAC underlying hash function static information.

/* MD-5 */
// (HACL_HID = md5)
#define Py_hmac_md5_block_size 64
#define Py_hmac_md5_digest_size 16
#define Py_hmac_md5_update_func NULL
#define Py_hmac_md5_digest_func Hacl_HMAC_compute_md5

/* SHA-1 family */
// HACL_HID = sha1
#define Py_hmac_sha1_block_size 64
#define Py_hmac_sha1_digest_size 20
#define Py_hmac_sha1_update_func NULL
#define Py_hmac_sha1_digest_func Hacl_HMAC_compute_sha1

/* SHA-2 family */
// HACL_HID = sha2_224
#define Py_hmac_sha2_224_block_size 64
#define Py_hmac_sha2_224_digest_size 28
#define Py_hmac_sha2_224_update_func NULL
#define Py_hmac_sha2_224_digest_func Hacl_HMAC_compute_sha2_224

// HACL_HID = sha2_256
#define Py_hmac_sha2_256_block_size 64
#define Py_hmac_sha2_256_digest_size 32
#define Py_hmac_sha2_256_update_func NULL
#define Py_hmac_sha2_256_digest_func Hacl_HMAC_compute_sha2_256

// HACL_HID = sha2_384
#define Py_hmac_sha2_384_block_size 128
#define Py_hmac_sha2_384_digest_size 48
#define Py_hmac_sha2_384_update_func NULL
#define Py_hmac_sha2_384_digest_func Hacl_HMAC_compute_sha2_384

// HACL_HID = sha2_512
#define Py_hmac_sha2_512_block_size 128
#define Py_hmac_sha2_512_digest_size 64
#define Py_hmac_sha2_512_update_func NULL
#define Py_hmac_sha2_512_digest_func Hacl_HMAC_compute_sha2_512

/* SHA-3 family */
// HACL_HID = sha3_224
#define Py_hmac_sha3_224_block_size 144
#define Py_hmac_sha3_224_digest_size 28
#define Py_hmac_sha3_224_update_func NULL
#define Py_hmac_sha3_224_digest_func Hacl_HMAC_compute_sha3_224

// HACL_HID = sha3_256
#define Py_hmac_sha3_256_block_size 136
#define Py_hmac_sha3_256_digest_size 32
#define Py_hmac_sha3_256_update_func NULL
#define Py_hmac_sha3_256_digest_func Hacl_HMAC_compute_sha3_256

// HACL_HID = sha3_384
#define Py_hmac_sha3_384_block_size 104
#define Py_hmac_sha3_384_digest_size 48
#define Py_hmac_sha3_384_update_func NULL
#define Py_hmac_sha3_384_digest_func Hacl_HMAC_compute_sha3_384

// HACL_HID = sha3_512
#define Py_hmac_sha3_512_block_size 72
#define Py_hmac_sha3_512_digest_size 64
#define Py_hmac_sha3_512_update_func NULL
#define Py_hmac_sha3_512_digest_func Hacl_HMAC_compute_sha3_512

/* Blake family */
#define Py_hmac_blake2s_block_size 64
#define Py_hmac_blake2s_digest_size 32
#define Py_hmac_blake2s_digest_func Hacl_HMAC_compute_blake2s_32
// HACL_HID = blake2s_32
#define Py_hmac_blake2s_32_block_size 64
#define Py_hmac_blake2s_32_digest_size 32
#define Py_hmac_blake2s_32_update_func NULL
#define Py_hmac_blake2s_32_digest_func Hacl_HMAC_compute_blake2s_32

#define Py_hmac_blake2b_block_size 128
#define Py_hmac_blake2b_digest_size 64
#define Py_hmac_blake2b_digest_func Hacl_HMAC_compute_blake2b_32
// HACL_HID = blake2b_32
#define Py_hmac_blake2b_32_block_size 128
#define Py_hmac_blake2b_32_digest_size 64
#define Py_hmac_blake2b_32_update_func NULL
#define Py_hmac_blake2b_32_digest_func Hacl_HMAC_compute_blake2b_32

#define Py_hmac_hash_max_digest_size 64

/* Check that the buffer length fits on a uint32_t. */
static inline int
Expand All @@ -79,31 +105,37 @@ has_uint32_t_buffer_length(const Py_buffer *buffer)
#endif
}

/* One-shot HMAC-HASH using the given HACL_HMAC_FUNCTION. */
#define Py_HACL_HMAC_ONESHOT(HACL_HMAC_FUNCTION, DIGEST_SIZE, KEY, MSG) \
do { \
Py_buffer keyview, msgview; \
GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \
if (!has_uint32_t_buffer_length(&keyview)) { \
PyErr_SetString(PyExc_ValueError, \
"key length exceeds UINT32_MAX"); \
return NULL; \
} \
GET_BUFFER_VIEW_OR_ERROUT((MSG), &msgview); \
if (!has_uint32_t_buffer_length(&msgview)) { \
8000 PyErr_SetString(PyExc_ValueError, \
"message length exceeds UINT32_MAX"); \
return NULL; \
} \
uint8_t out[(DIGEST_SIZE)]; \
HACL_HMAC_FUNCTION( \
out, \
(uint8_t *)keyview.buf, (uint32_t)keyview.len, \
(uint8_t *)msgview.buf, (uint32_t)msgview.len \
); \
PyBuffer_Release(&msgview); \
PyBuffer_Release(&keyview); \
return PyBytes_FromStringAndSize((const char *)out, (DIGEST_SIZE)); \
/* One-shot HMAC-HASH using the given HACL_HID. */
#define Py_HACL_HMAC_ONESHOT(HACL_HID, KEY, MSG) \
do { \
Py_buffer keyview, msgview; \
GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \
if (!has_uint32_t_buffer_length(&keyview)) { \
PyBuffer_Release(&keyview); \
PyErr_SetString(PyExc_ValueError, \
"key length exceeds UINT32_MAX"); \
return NULL; \
} \
GET_BUFFER_VIEW_OR_ERROUT((MSG), &msgview); \
if (!has_uint32_t_buffer_length(&msgview)) { \
PyBuffer_Release(&msgview); \
PyBuffer_Release(&keyview); \
PyErr_SetString(PyExc_ValueError, \
"message length exceeds UINT32_MAX"); \
return NULL; \
} \
uint8_t out[Py_hmac_## HACL_HID ##_digest_size]; \
Py_hmac_## HACL_HID ##_digest_func( \
out, \
(uint8_t *)keyview.buf, (uint32_t)keyview.len, \
(uint8_t *)msgview.buf, (uint32_t)msgview.len \
); \
PyBuffer_Release(&msgview); \
PyBuffer_Release(&keyview); \
return PyBytes_FromStringAndSize( \
(const char *)out, \
Py_hmac_## HACL_HID ##_digest_size \
); \
} while (0)

/*[clinic input]
Expand All @@ -124,9 +156,7 @@ static PyObject *
_hmac_compute_md5_impl(PyObject *module, PyObject *key, PyObject *msg)
/*[clinic end generated code: output=7837a4ceccbbf636 input=77a4b774c7d61218]*/
{
Py_HACL_HMAC_ONESHOT(Py_hmac_md5_digest_func,
Py_hmac_md5_digest_size,
key, msg);
Py_HACL_HMAC_ONESHOT(md5, key, msg);
}

/*[clinic input]
Expand All @@ -142,9 +172,7 @@ static PyObject *
_hmac_compute_sha1_impl(PyObject *module, PyObject *key, PyObject *msg)
/*[clinic end generated code: output=79fd7689c83691d8 input=3b64dccc6bdbe4ba]*/
{
Py_HACL_HMAC_ONESHOT(Py_hmac_sha1_digest_func,
Py_hmac_sha1_digest_size,
key, msg);
Py_HACL_HMAC_ONESHOT(sha1, key, msg);
}

/*[clinic input]
Expand All @@ -160,9 +188,7 @@ static PyObject *
_hmac_compute_sha2_224_impl(PyObject *module, PyObject *key, PyObject *msg)
/*[clinic end generated code: output=7f21f1613e53979e input=bcaac7a3637484ce]*/
{
Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_224_digest_func,
Py_hmac_sha2_224_digest_size,
key, msg);
Py_HACL_HMAC_ONESHOT(sha2_224, key, msg);
}

/*[clinic input]
Expand All @@ -178,9 +204,7 @@ static PyObject *
_hmac_compute_sha2_256_impl(PyObject *module, PyObject *key, PyObject *msg)
/*[clinic end generated code: output=d4a291f7d9a82459 input=6e2d1f6fe9c56d21]*/
{
Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_256_digest_func,
Py_hmac_sha2_256_digest_size,
key, msg);
Py_HACL_HMAC_ONESHOT(sha2_256, key, msg);
}

/*[clinic input]
Expand All @@ -196,9 +220,7 @@ static PyObject *
_hmac_compute_sha2_384_impl(PyObject *module, PyObject *key, PyObject *msg)
/*[clinic end generated code: output=f211fa26e3700c27 input=9ce8de89dda79e62]*/
{
< 8000 span class='blob-code-inner blob-code-marker js-skip-tagsearch' data-code-marker="-"> Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_384_digest_func,
Py_hmac_sha2_384_digest_size,
key, msg);
Py_HACL_HMAC_ONESHOT(sha2_384, key, msg);
}

/*[clinic input]
Expand All @@ -214,9 +236,7 @@ static PyObject *
_hmac_compute_sha2_512_impl(PyObject *module, PyObject *key, PyObject *msg)
/*[clinic end generated code: output=d5c20373762cecca input=b964bb8487d7debd]*/
{
Py_HACL_HMAC_ONESHOT(Py_hmac_sha2_512_digest_func,
Py_hmac_sha2_512_digest_size,
key, msg);
Py_HACL_HMAC_ONESHOT(sha2_512, key, msg);
}

/*[clinic input]
Expand All @@ -232,9 +252,7 @@ static PyObject *
_hmac_compute_sha3_224_impl(PyObject *module, PyObject *key, PyObject *msg)
/*[clinic end generated code: output=a242ccac9ad9c22b input=d0ab0c7d189c3d87]*/
{
Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_224_digest_func,
Py_hmac_sha3_224_digest_size,
key, msg);
Py_HACL_HMAC_ONESHOT(sha3_224, key, msg);
}

/*[clinic input]
Expand All @@ -250,9 +268,7 @@ static PyObject *
_hmac_compute_sha3_256_impl(PyObject *module, PyObject *key, PyObject *msg)
/*[clinic end generated code: output=b539dbb61af2fe0b input=f05d7b6364b35d02]*/
{
Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_256_digest_func,
Py_hmac_sha3_256_digest_size,
key, msg);
Py_HACL_HMAC_ONESHOT(sha3_256, key, msg);
}

/*[clinic input]
Expand All @@ -268,9 +284,7 @@ static PyObject *
_hmac_compute_sha3_384_impl(PyObject *module, PyObject *key, PyObject *msg)
/*[clinic end generated code: output=5eb372fb5c4ffd3a input=d842d393e7aa05ae]*/
{
Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_384_digest_func,
Py_hmac_sha3_384_digest_size,
key, msg);
Py_HACL_HMAC_ONESHOT(sha3_384, key, msg);
}

/*[clinic input]
Expand All @@ -286,9 +300,7 @@ static PyObject *
_hmac_compute_sha3_512_impl(PyObject *module, PyObject *key, PyObject *msg)
/*[clinic end generated code: output=154bcbf8c2eacac1 input=166fe5baaeaabfde]*/
{
Py_HACL_HMAC_ONESHOT(Py_hmac_sha3_512_digest_func,
Py_hmac_sha3_512_digest_size,
key, msg);
Py_HACL_HMAC_ONESHOT(sha3_512, key, msg);
}

/*[clinic input]
Expand All @@ -304,9 +316,7 @@ static PyObject *
_hmac_compute_blake2s_32_impl(PyObject *module, PyObject *key, PyObject *msg)
/*[clinic end generated code: output=cfc730791bc62361 input=d22c36e7fe31a985]*/
{
Py_HACL_HMAC_ONESHOT(Py_hmac_blake2s_digest_func,
Py_hmac_blake2s_digest_size,
key, msg);
Py_HACL_HMAC_ONESHOT(blake2s_32, key, msg);
}

/*[clinic input]
Expand All @@ -322,9 +332,7 @@ static PyObject *
_hmac_compute_blake2b_32_impl(PyObject *module, PyObject *key, PyObject *msg)
/*[clinic end generated code: output=765c5c4fb9124636 input=4a35ee058d172f4b]*/
{
Py_HACL_HMAC_ONESHOT(Py_hmac_blake2b_digest_func,
Py_hmac_blake2b_digest_size,
key, msg);
Py_HACL_HMAC_ONESHOT(blake2b_32, key, msg);
}

static PyMethodDef hmacmodule_methods[] = {
Expand Down
Loading
0