Skip to content

gh-99108: add HACL*-based 1-shot HMAC implementation #126359

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
picnixz wants to merge 38 commits into from
Closed

gh-99108: add HACL*-based 1-shot HMAC implementation #126359

Changes from 1 commit
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
6336160
Pull HACL* HMAC.
picnixz Nov 3, 2024
5a410f8
Update SBOM files
picnixz Nov 3, 2024
c1c7c92
Update HACL (CPython) namespace
picnixz Nov 3, 2024
2901987
Update HACL (CPython) README
picnixz Nov 3, 2024
92a1e76
Update `configure` script
picnixz Nov 3, 2024
027964b
Update Makefile scripts
picnixz Nov 3, 2024
17a2e46
Update MSVC project
picnixz Nov 3, 2024
186094b
Implement HACL* HMAC module
picnixz Nov 3, 2024
b10c729
fix blake2b digest size
picnixz Nov 7, 2024
6a3515f
drop un-necessary `@critical_section`
picnixz Nov 7, 2024
612974e
Improve 1-shot macro
picnixz Nov 7, 2024
e714135
Define HMAC static information
picnixz Nov 7, 2024
9fb6300
reduce the possibility of typos
picnixz Nov 8, 2024
755d6c0
update names
picnixz Nov 8, 2024
89c5f89
cleanup
picnixz Nov 8, 2024
755aca6
cleanup
picnixz Nov 8, 2024
1ddbe26
improve naming
picnixz Nov 8, 2024
12fbfc4
Update HACL* project.
picnixz Nov 8, 2024
448b0ba
Merge remote-tracking branch 'upstream/main' into hacl/HMAC-99108
picnixz Nov 8, 2024
39be4b1
update SBOM files
picnixz Nov 9, 2024
5ae6b6d
cosmetic cleanups
picnixz Nov 9, 2024
49083aa
unconditionally build `_hmac` extension module
picnixz Nov 11, 2024
dd80600
implement hash algorithm resolution
picnixz Nov 11, 2024
542738c
raise OverflowError instead of ValueError in 1-shot HMAC
picnixz Nov 11, 2024
09c631a
reduce import time
picnixz Nov 11, 2024
9bee955
expose 1-shot HMAC
picnixz Nov 11, 2024
d36977f
ensure that openssl is linked
picnixz Nov 11, 2024
b3aa599
update globals
picnixz Nov 11, 2024
49a1294
fix LN_* macro values
picnixz Nov 12, 2024
06b012d
improve OpenSSL name resolution
picnixz Nov 12, 2024
82c610c
update comment
picnixz Nov 12, 2024
ff8cf2f
fix configure?
picnixz Nov 12, 2024
7af7eb6
Merge remote-tracking branch 'upstream/main' into hacl/HMAC-99108
picnixz Nov 15, 2024
fba3778
sbom
picnixz Nov 15, 2024
5c3cbfd
remove unused imports
picnixz Nov 15, 2024
379cbef
cosmetic changes for future resolution
picnixz Nov 19, 2024
960aa73
fix memory leak
picnixz Nov 28, 2024
074f9ab
add #define for error messages
picnixz Nov 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
add #define for error messages
  • Loading branch information
@picnixz
picnixz committed Nov 28, 2024
commit 074f9ab692ac8c3456f0801e38152a3332799831
68 changes: 35 additions & 33 deletions Modules/hmacmodule.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,11 @@
# define Py_EVP_MD_free(MD) do {} while(0)
#endif

// --- Reusable error messages ------------------------------------------------

#define INVALID_KEY_LENGTH "key length exceeds UINT32_MAX"
#define INVALID_MSG_LENGTH "message length exceeds UINT32_MAX"

// --- HMAC underlying hash function static information -----------------------

#define Py_hmac_hash_max_digest_size 64
Expand Down Expand Up @@ -507,39 +512,36 @@ _hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg,
* lest an OverflowError is raised. The Python implementation takes care
* of dispatching to the OpenSSL implementation in this case.
*/
#define Py_HMAC_HACL_ONESHOT(HACL_HID, KEY, MSG) \
do { \
Py_buffer keyview, msgview; \
GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \
if (!has_uint32_t_buffer_length(&keyview)) { \
PyBuffer_Release(&keyview); \
PyErr_SetString(PyExc_OverflowError, \
"key length exceeds UINT32_MAX"); \
return NULL; \
} \
GET_BUFFER_VIEW_OR_ERROR( \
(MSG), &msgview, \
PyBuffer_Release(&keyview); return NULL \
); \
if (!has_uint32_t_buffer_length(&msgview)) { \
PyBuffer_Release(&msgview); \
PyBuffer_Release(&keyview); \
PyErr_SetString(PyExc_OverflowError, \
"message length exceeds UINT32_MAX"); \
return NULL; \
} \
uint8_t out[Py_hmac_## HACL_HID ##_digest_size]; \
Py_hmac_## HACL_HID ##_compute_func( \
out, \
(uint8_t *)keyview.buf, (uint32_t)keyview.len, \
(uint8_t *)msgview.buf, (uint32_t)msgview.len \
); \
PyBuffer_Release(&msgview); \
PyBuffer_Release(&keyview); \
return PyBytes_FromStringAndSize( \
(const char *)out, \
Py_hmac_## HACL_HID ##_digest_size \
); \
#define Py_HMAC_HACL_ONESHOT(HACL_HID, KEY, MSG) \
do { \
Py_buffer keyview, msgview; \
GET_BUFFER_VIEW_OR_ERROUT((KEY), &keyview); \
if (!has_uint32_t_buffer_length(&keyview)) { \
PyBuffer_Release(&keyview); \
PyErr_SetString(PyExc_OverflowError, INVALID_KEY_LENGTH); \
return NULL; \
} \
GET_BUFFER_VIEW_OR_ERROR((MSG), &msgview, \
PyBuffer_Release(&keyview); \
return NULL); \
if (!has_uint32_t_buffer_length(&msgview)) { \
PyBuffer_Release(&msgview); \
PyBuffer_Release(&keyview); \
PyErr_SetString(PyExc_OverflowError, INVALID_MSG_LENGTH); \
return NULL; \
} \
uint8_t out[Py_hmac_## HACL_HID ##_digest_size]; \
Py_hmac_## HACL_HID ##_compute_func( \
out, \
(uint8_t *)keyview.buf, (uint32_t)keyview.len, \
(uint8_t *)msgview.buf, (uint32_t)msgview.len \
); \
PyBuffer_Release(&msgview); \
PyBuffer_Release(&keyview); \
return PyBytes_FromStringAndSize( \
(const char *)out, \
Py_hmac_## HACL_HID ##_digest_size \
); \
} while (0)

/*[clinic input]
Expand Down