123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247 |
- # ===================================================================
- #
- # Copyright (c) 2014, Legrandin <helderijs@gmail.com>
- # All rights reserved.
- #
- # Redistribution and use in source and binary forms, with or without
- # modification, are permitted provided that the following conditions
- # are met:
- #
- # 1. Redistributions of source code must retain the above copyright
- # notice, this list of conditions and the following disclaimer.
- # 2. Redistributions in binary form must reproduce the above copyright
- # notice, this list of conditions and the following disclaimer in
- # the documentation and/or other materials provided with the
- # distribution.
- #
- # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- # FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- # COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
- # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- # POSSIBILITY OF SUCH DAMAGE.
- # ===================================================================
- from binascii import unhexlify
- from tls.Crypto.Util.py3compat import bord, tobytes
- from tls.Crypto.Random import get_random_bytes
- from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
- VoidPointer, SmartPointer,
- create_string_buffer,
- get_raw_buffer, c_size_t,
- c_uint8_ptr)
- _raw_blake2b_lib = load_pycryptodome_raw_lib("Crypto.Hash._BLAKE2b",
- """
- int blake2b_init(void **state,
- const uint8_t *key,
- size_t key_size,
- size_t digest_size);
- int blake2b_destroy(void *state);
- int blake2b_update(void *state,
- const uint8_t *buf,
- size_t len);
- int blake2b_digest(const void *state,
- uint8_t digest[64]);
- int blake2b_copy(const void *src, void *dst);
- """)
- class BLAKE2b_Hash(object):
- """A BLAKE2b hash object.
- Do not instantiate directly. Use the :func:`new` function.
- :ivar oid: ASN.1 Object ID
- :vartype oid: string
- :ivar block_size: the size in bytes of the internal message block,
- input to the compression function
- :vartype block_size: integer
- :ivar digest_size: the size in bytes of the resulting hash
- :vartype digest_size: integer
- """
- # The internal block size of the hash algorithm in bytes.
- block_size = 64
- def __init__(self, data, key, digest_bytes, update_after_digest):
- # The size of the resulting hash in bytes.
- self.digest_size = digest_bytes
- self._update_after_digest = update_after_digest
- self._digest_done = False
- # See https://tools.ietf.org/html/rfc7693
- if digest_bytes in (20, 32, 48, 64) and not key:
- self.oid = "1.3.6.1.4.1.1722.12.2.1." + str(digest_bytes)
- state = VoidPointer()
- result = _raw_blake2b_lib.blake2b_init(state.address_of(),
- c_uint8_ptr(key),
- c_size_t(len(key)),
- c_size_t(digest_bytes)
- )
- if result:
- raise ValueError("Error %d while instantiating BLAKE2b" % result)
- self._state = SmartPointer(state.get(),
- _raw_blake2b_lib.blake2b_destroy)
- if data:
- self.update(data)
- def update(self, data):
- """Continue hashing of a message by consuming the next chunk of data.
- Args:
- data (bytes/bytearray/memoryview): The next chunk of the message being hashed.
- """
- if self._digest_done and not self._update_after_digest:
- raise TypeError("You can only call 'digest' or 'hexdigest' on this object")
- result = _raw_blake2b_lib.blake2b_update(self._state.get(),
- c_uint8_ptr(data),
- c_size_t(len(data)))
- if result:
- raise ValueError("Error %d while hashing BLAKE2b data" % result)
- return self
- def digest(self):
- """Return the **binary** (non-printable) digest of the message that has been hashed so far.
- :return: The hash digest, computed over the data processed so far.
- Binary form.
- :rtype: byte string
- """
- bfr = create_string_buffer(64)
- result = _raw_blake2b_lib.blake2b_digest(self._state.get(),
- bfr)
- if result:
- raise ValueError("Error %d while creating BLAKE2b digest" % result)
- self._digest_done = True
- return get_raw_buffer(bfr)[:self.digest_size]
- def hexdigest(self):
- """Return the **printable** digest of the message that has been hashed so far.
- :return: The hash digest, computed over the data processed so far.
- Hexadecimal encoded.
- :rtype: string
- """
- return "".join(["%02x" % bord(x) for x in tuple(self.digest())])
- def verify(self, mac_tag):
- """Verify that a given **binary** MAC (computed by another party)
- is valid.
- Args:
- mac_tag (bytes/bytearray/memoryview): the expected MAC of the message.
- Raises:
- ValueError: if the MAC does not match. It means that the message
- has been tampered with or that the MAC key is incorrect.
- """
- secret = get_random_bytes(16)
- mac1 = new(digest_bits=160, key=secret, data=mac_tag)
- mac2 = new(digest_bits=160, key=secret, data=self.digest())
- if mac1.digest() != mac2.digest():
- raise ValueError("MAC check failed")
- def hexverify(self, hex_mac_tag):
- """Verify that a given **printable** MAC (computed by another party)
- is valid.
- Args:
- hex_mac_tag (string): the expected MAC of the message, as a hexadecimal string.
- Raises:
- ValueError: if the MAC does not match. It means that the message
- has been tampered with or that the MAC key is incorrect.
- """
- self.verify(unhexlify(tobytes(hex_mac_tag)))
- def new(self, **kwargs):
- """Return a new instance of a BLAKE2b hash object.
- See :func:`new`.
- """
- if "digest_bytes" not in kwargs and "digest_bits" not in kwargs:
- kwargs["digest_bytes"] = self.digest_size
- return new(**kwargs)
- def new(**kwargs):
- """Create a new hash object.
- Args:
- data (bytes/bytearray/memoryview):
- Optional. The very first chunk of the message to hash.
- It is equivalent to an early call to :meth:`BLAKE2b_Hash.update`.
- digest_bytes (integer):
- Optional. The size of the digest, in bytes (1 to 64). Default is 64.
- digest_bits (integer):
- Optional and alternative to ``digest_bytes``.
- The size of the digest, in bits (8 to 512, in steps of 8).
- Default is 512.
- key (bytes/bytearray/memoryview):
- Optional. The key to use to compute the MAC (1 to 64 bytes).
- If not specified, no key will be used.
- update_after_digest (boolean):
- Optional. By default, a hash object cannot be updated anymore after
- the digest is computed. When this flag is ``True``, such check
- is no longer enforced.
- Returns:
- A :class:`BLAKE2b_Hash` hash object
- """
- data = kwargs.pop("data", None)
- update_after_digest = kwargs.pop("update_after_digest", False)
- digest_bytes = kwargs.pop("digest_bytes", None)
- digest_bits = kwargs.pop("digest_bits", None)
- if None not in (digest_bytes, digest_bits):
- raise TypeError("Only one digest parameter must be provided")
- if (None, None) == (digest_bytes, digest_bits):
- digest_bytes = 64
- if digest_bytes is not None:
- if not (1 <= digest_bytes <= 64):
- raise ValueError("'digest_bytes' not in range 1..64")
- else:
- if not (8 <= digest_bits <= 512) or (digest_bits % 8):
- raise ValueError("'digest_bytes' not in range 8..512, "
- "with steps of 8")
- digest_bytes = digest_bits // 8
- key = kwargs.pop("key", b"")
- if len(key) > 64:
- raise ValueError("BLAKE2s key cannot exceed 64 bytes")
- if kwargs:
- raise TypeError("Unknown parameters: " + str(kwargs))
- return BLAKE2b_Hash(data, key, digest_bytes, update_after_digest)
|