mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-07-07 19:35:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

gh-99108: Implement HACL* HMAC (#130157)

Browse source 
A new extension module, `_hmac`, now exposes the HACL* HMAC (formally verified) implementation.

The HACL* implementation is used as a fallback implementation when the OpenSSL implementation of HMAC
is not available or disabled. For now, only named hash algorithms are recognized and SIMD support provided
by HACL* for the BLAKE2 hash functions is not yet used.
This commit is contained in:
Bénédikt Tran 2025-04-04 19:04:00 +02:00 committed by GitHub
parent 7099c75550
commit 0a97427ee5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
29 changed files with 7702 additions and 103 deletions
Download patch file Download diff file Expand all files Collapse all files

16
Doc/whatsnew/3.14.rst
View file

@ -455,6 +455,13 @@ Other language changes
The testbed can also be used to run the test suite of projects other than
CPython itself. (Contributed by Russell Keith-Magee in :gh:`127592`.)
* Add a built-in implementation for HMAC (:rfc:`2104`) using formally verified
code from the `HACL* <https://github.com/hacl-star/hacl-star/>`__ project.
This implementation is used as a fallback when the OpenSSL implementation
of HMAC is not available.
(Contributed by Bénédikt Tran in :gh:`99108`.)
.. _whatsnew314-pep765:
PEP 765: Disallow return/break/continue that exit a finally block
@ -464,6 +471,7 @@ The compiler emits a :exc:`SyntaxWarning` when a :keyword:`return`, :keyword:`br
:keyword:`continue` statements appears where it exits a :keyword:`finally` block.
This change is specified in :pep:`765`.
New modules
===========
@ -705,6 +713,14 @@ graphlib
(Contributed by Daniel Pope in :gh:`130914`)
hmac
----
* Add a built-in implementation for HMAC (:rfc:`2104`) using formally verified
code from the `HACL* <https://github.com/hacl-star/hacl-star/>`__ project.
(Contributed by Bénédikt Tran in :gh:`99108`.)
http
----

96
Lib/hmac.py
View file

@ -3,7 +3,6 @@
Implements the HMAC algorithm as described by RFC 2104.
"""
import warnings as _warnings
try:
import _hashlib as _hashopenssl
except ImportError:
@ -14,7 +13,10 @@ else:
compare_digest = _hashopenssl.compare_digest
_functype = type(_hashopenssl.openssl_sha256) # builtin type
import hashlib as _hashlib
try:
import _hmac
except ImportError:
_hmac = None
trans_5C = bytes((x ^ 0x5C) for x in range(256))
trans_36 = bytes((x ^ 0x36) for x in range(256))
@ -24,11 +26,27 @@ trans_36 = bytes((x ^ 0x36) for x in range(256))
digest_size = None
def _get_digest_constructor(digest_like):
if callable(digest_like):
return digest_like
if isinstance(digest_like, str):
def digest_wrapper(d=b''):
import hashlib
return hashlib.new(digest_like, d)
else:
def digest_wrapper(d=b''):
return digest_like.new(d)
return digest_wrapper
class HMAC:
"""RFC 2104 HMAC class. Also complies with RFC 4231.
This supports the API for Cryptographic Hash Functions (PEP 247).
"""
# Note: self.blocksize is the default blocksize; self.block_size
# is effective block size as well as the public API attribute.
blocksize = 64 # 512-bit HMAC; can be changed in subclasses.
__slots__ = (
@ -50,32 +68,47 @@ class HMAC:
"""
if not isinstance(key, (bytes, bytearray)):
raise TypeError("key: expected bytes or bytearray, but got %r" % type(key).__name__)
raise TypeError(f"key: expected bytes or bytearray, "
f"but got {type(key).__name__!r}")
if not digestmod:
raise TypeError("Missing required argument 'digestmod'.")
self.__init(key, msg, digestmod)
def __init(self, key, msg, digestmod):
if _hashopenssl and isinstance(digestmod, (str, _functype)):
try:
self._init_hmac(key, msg, digestmod)
self._init_openssl_hmac(key, msg, digestmod)
return
except _hashopenssl.UnsupportedDigestmodError:
self._init_old(key, msg, digestmod)
else:
self._init_old(key, msg, digestmod)
pass
if _hmac and isinstance(digestmod, str):
try:
self._init_builtin_hmac(key, msg, digestmod)
return
except _hmac.UnknownHashError:
pass
self._init_old(key, msg, digestmod)
def _init_hmac(self, key, msg, digestmod):
def _init_openssl_hmac(self, key, msg, digestmod):
self._hmac = _hashopenssl.hmac_new(key, msg, digestmod=digestmod)
self._inner = self._outer = None # because the slots are defined
self.digest_size = self._hmac.digest_size
self.block_size = self._hmac.block_size
_init_hmac = _init_openssl_hmac # for backward compatibility (if any)
def _init_builtin_hmac(self, key, msg, digestmod):
self._hmac = _hmac.new(key, msg, digestmod=digestmod)
self._inner = self._outer = None # because the slots are defined
self.digest_size = self._hmac.digest_size
self.block_size = self._hmac.block_size
def _init_old(self, key, msg, digestmod):
if callable(digestmod):
digest_cons = digestmod
elif isinstance(digestmod, str):
digest_cons = lambda d=b'': _hashlib.new(digestmod, d)
else:
digest_cons = lambda d=b'': digestmod.new(d)
import warnings
digest_cons = _get_digest_constructor(digestmod)
self._hmac = None
self._outer = digest_cons()
@ -85,21 +118,19 @@ class HMAC:
if hasattr(self._inner, 'block_size'):
blocksize = self._inner.block_size
if blocksize < 16:
_warnings.warn('block_size of %d seems too small; using our '
'default of %d.' % (blocksize, self.blocksize),
RuntimeWarning, 2)
warnings.warn(f"block_size of {blocksize} seems too small; "
f"using our default of {self.blocksize}.",
RuntimeWarning, 2)
blocksize = self.blocksize
else:
_warnings.warn('No block_size attribute on given digest object; '
'Assuming %d.' % (self.blocksize),
RuntimeWarning, 2)
warnings.warn("No block_size attribute on given digest object; "
f"Assuming {self.blocksize}.",
RuntimeWarning, 2)
blocksize = self.blocksize
if len(key) > blocksize:
key = digest_cons(key).digest()
# self.blocksize is the default blocksize. self.block_size is
# effective block size as well as the public API attribute.
self.block_size = blocksize
key = key.ljust(blocksize, b'\0')
@ -165,6 +196,7 @@ class HMAC:
h = self._current()
return h.hexdigest()
def new(key, msg=None, digestmod=''):
"""Create a new hashing object and return it.
@ -194,25 +226,29 @@ def digest(key, msg, digest):
A hashlib constructor returning a new hash object. *OR*
A module supporting PEP 247.
"""
if _hashopenssl is not None and isinstance(digest, (str, _functype)):
if _hashopenssl and isinstance(digest, (str, _functype)):
try:
return _hashopenssl.hmac_digest(key, msg, digest)
except _hashopenssl.UnsupportedDigestmodError:
pass
if callable(digest):
digest_cons = digest
elif isinstance(digest, str):
digest_cons = lambda d=b'': _hashlib.new(digest, d)
else:
digest_cons = lambda d=b'': digest.new(d)
if _hmac and isinstance(digest, str):
try:
return _hmac.compute_digest(key, msg, digest)
except (OverflowError, _hmac.UnknownHashError):
pass
return _compute_digest_fallback(key, msg, digest)
def _compute_digest_fallback(key, msg, digest):
digest_cons = _get_digest_constructor(digest)
inner = digest_cons()
outer = digest_cons()
blocksize = getattr(inner, 'block_size', 64)
if len(key) > blocksize:
key = digest_cons(key).digest()
key = key + b'\x00' * (blocksize - len(key))
key = key.ljust(blocksize, b'\0')
inner.update(key.translate(trans_36))
outer.update(key.translate(trans_5C))
inner.update(msg)

9
Lib/test/support/hashlib_helper.py
View file

@ -8,11 +8,20 @@ try:
except ImportError:
_hashlib = None
try:
import _hmac
except ImportError:
_hmac = None
def requires_hashlib():
return unittest.skipIf(_hashlib is None, "requires _hashlib")
def requires_builtin_hmac():
return unittest.skipIf(_hmac is None, "requires _hmac")
def _decorate_func_or_class(func_or_class, decorator_func):
if not isinstance(func_or_class, type):
return decorator_func(func_or_class)

147
Lib/test/test_hmac.py
View file

@ -4,6 +4,7 @@ import hmac
import hashlib
import random
import test.support.hashlib_helper as hashlib_helper
import types
import unittest
import unittest.mock
import warnings
@ -47,7 +48,7 @@ class PyModuleMixin(ModuleMixin):
cls.hmac = import_fresh_module('hmac', blocked=['_hashlib', '_hmac'])
@unittest.skip("no builtin implementation for HMAC for now")
@hashlib_helper.requires_builtin_hmac()
class BuiltinModuleMixin(ModuleMixin):
"""Built-in HACL* implementation of HMAC."""
@ -128,6 +129,16 @@ class ThroughOpenSSLAPIMixin(CreatorMixin, DigestMixin):
return _hashlib.hmac_digest(key, msg, digest=digestmod)
class ThroughBuiltinAPIMixin(BuiltinModuleMixin, CreatorMixin, DigestMixin):
"""Mixin delegating to _hmac.new() and _hmac.compute_digest()."""
def hmac_new(self, key, msg=None, digestmod=None):
return self.hmac.new(key, msg, digestmod=digestmod)
def hmac_digest(self, key, msg=None, digestmod=None):
return self.hmac.compute_digest(key, msg, digest=digestmod)
class ObjectCheckerMixin:
"""Mixin for checking HMAC objects (pure Python, OpenSSL or built-in)."""
@ -205,6 +216,10 @@ class AssertersMixin(CreatorMixin, DigestMixin, ObjectCheckerMixin):
self.assert_hmac_hexdigest(
key, msg, hexdigest, digestmod, digest_size
)
self.assert_hmac_common_cases(
key, msg, hexdigest, digestmod,
hashname, digest_size, block_size
)
self.assert_hmac_extra_cases(
key, msg, hexdigest, digestmod,
hashname, digest_size, block_size
@ -224,7 +239,7 @@ class AssertersMixin(CreatorMixin, DigestMixin, ObjectCheckerMixin):
This test uses the `hmac_new()` method to create HMAC objects.
"""
self._check_hmac_new(
self.check_hmac_new(
key, msg, hexdigest, hashname, digest_size, block_size,
hmac_new_func=self.hmac_new,
hmac_new_kwds={'digestmod': digestmod},
@ -237,15 +252,15 @@ class AssertersMixin(CreatorMixin, DigestMixin, ObjectCheckerMixin):
This test uses the `hmac_new_by_name()` method to create HMAC objects.
"""
self._check_hmac_new(
self.check_hmac_new(
key, msg, hexdigest, hashname, digest_size, block_size,
hmac_new_func=self.hmac_new_by_name,
hmac_new_kwds={'hashname': hashname},
)
def _check_hmac_new(
def check_hmac_new(
self, key, msg, hexdigest, hashname, digest_size, block_size,
hmac_new_func, hmac_new_kwds,
hmac_new_func, hmac_new_kwds=types.MappingProxyType({}),
):
"""Check that HMAC(key, msg) == digest.
@ -272,7 +287,7 @@ class AssertersMixin(CreatorMixin, DigestMixin, ObjectCheckerMixin):
self, key, msg, hexdigest, digestmod, digest_size,
):
"""Check a HMAC digest computed by hmac_digest()."""
self._check_hmac_hexdigest(
self.check_hmac_hexdigest(
key, msg, hexdigest, digest_size,
hmac_digest_func=self.hmac_digest,
hmac_digest_kwds={'digestmod': digestmod},
@ -283,40 +298,50 @@ class AssertersMixin(CreatorMixin, DigestMixin, ObjectCheckerMixin):
):
"""Check a HMAC digest computed by hmac_digest_by_name()."""
self.assertIsInstance(hashname, str)
self._check_hmac_hexdigest(
self.check_hmac_hexdigest(
key, msg, hexdigest, digest_size,
hmac_digest_func=self.hmac_digest_by_name,
hmac_digest_kwds={'hashname': hashname},
)
def _check_hmac_hexdigest(
def check_hmac_hexdigest(
self, key, msg, hexdigest, digest_size,
hmac_digest_func, hmac_digest_kwds,
hmac_digest_func, hmac_digest_kwds=types.MappingProxyType({}),
):
"""Check and return a HMAC digest computed by hmac_digest_func().
This HMAC digest is computed by:
hmac_digest_func(key, msg, **hmac_digest_kwds)
This is typically useful for checking one-shot HMAC functions.
"""
d = hmac_digest_func(key, msg, **hmac_digest_kwds)
self.assertEqual(len(d), digest_size)
self.assertEqual(d, binascii.unhexlify(hexdigest))
return d
def assert_hmac_extra_cases(
def assert_hmac_common_cases(
self, key, msg, hexdigest, digestmod, hashname, digest_size, block_size
):
"""Extra tests that can be added in subclasses."""
"""Common tests executed by all subclasses."""
h1 = self.hmac_new_by_name(key, hashname=hashname)
h2 = h1.copy()
h2.update(b"test update should not affect original")
h1.update(msg)
self.check_object(h1, hexdigest, hashname, digest_size, block_size)
def assert_hmac_extra_cases(
self, key, msg, hexdigest, digestmod, hashname, digest_size, block_size
):
"""Extra tests that can be added in subclasses."""
class PyAssertersMixin(PyModuleMixin, AssertersMixin):
def assert_hmac_extra_cases(
self, key, msg, hexdigest, digestmod, hashname, digest_size, block_size
):
super().assert_hmac_extra_cases(
key, msg, hexdigest, digestmod, hashname, digest_size, block_size
)
h = self.hmac.HMAC.__new__(self.hmac.HMAC)
h._init_old(key, msg, digestmod=digestmod)
self.check_object(h, hexdigest, hashname, digest_size, block_size)
@ -335,6 +360,10 @@ class OpenSSLAssertersMixin(ThroughOpenSSLAPIMixin, AssertersMixin):
return self.hmac_digest(key, msg, digestmod=openssl_func)
class BuiltinAssertersMixin(ThroughBuiltinAPIMixin, AssertersMixin):
pass
class HashFunctionsTrait:
"""Trait class for 'hashfunc' in hmac_new() and hmac_digest()."""
@ -719,6 +748,24 @@ class OpenSSLRFCTestCase(OpenSSLAssertersMixin,
"""
class BuiltinRFCTestCase(BuiltinAssertersMixin,
WithNamedHashFunctions, RFCTestCaseMixin,
unittest.TestCase):
"""Built-in HACL* implementation of HMAC.
The underlying hash functions are also HACL*-based.
"""
def assert_hmac_extra_cases(
self, key, msg, hexdigest, digestmod, hashname, digest_size, block_size
):
# assert one-shot HMAC at the same time
with self.subTest(key=key, msg=msg, hashname=hashname):
func = getattr(self.hmac, f'compute_{hashname}')
self.assertTrue(callable(func))
self.check_hmac_hexdigest(key, msg, hexdigest, digest_size, func)
# TODO(picnixz): once we have a HACL* HMAC, we should also test the Python
# implementation of HMAC with a HACL*-based hash function. For now, we only
# test it partially via the '_sha2' module, but for completeness we could
@ -726,7 +773,7 @@ class OpenSSLRFCTestCase(OpenSSLAssertersMixin,
class DigestModTestCaseMixin(CreatorMixin, DigestMixin):
"""Tests for the 'digestmod' parameter."""
"""Tests for the 'digestmod' parameter for hmac_new() and hmac_digest()."""
def assert_raises_missing_digestmod(self):
"""A context manager catching errors when a digestmod is missing."""
@ -869,11 +916,15 @@ class PyModuleConstructorTestCase(ThroughModuleAPIMixin, PyConstructorBaseMixin,
class ExtensionConstructorTestCaseMixin(DigestModTestCaseMixin,
ConstructorTestCaseMixin):
# The underlying C class.
obj_type = None
@property
def obj_type(self):
"""The underlying (non-instantiable) C class."""
raise NotImplementedError
# The exact exception class raised when a 'digestmod' parameter is invalid.
exc_type = None
@property
def exc_type(self):
"""The exact exception class raised upon invalid 'digestmod' values."""
raise NotImplementedError
def test_internal_types(self):
# internal C types are immutable and cannot be instantiated
@ -920,6 +971,24 @@ class OpenSSLConstructorTestCase(ThroughOpenSSLAPIMixin,
self.hmac_digest(b'key', b'msg', value)
class BuiltinConstructorTestCase(ThroughBuiltinAPIMixin,
ExtensionConstructorTestCaseMixin,
unittest.TestCase):
@property
def obj_type(self):
return self.hmac.HMAC
@property
def exc_type(self):
return self.hmac.UnknownHashError
def test_hmac_digest_digestmod_parameter(self):
for value in [object, 'unknown', 1234, None]:
with self.subTest(value=value), self.assert_digestmod_error():
self.hmac_digest(b'key', b'msg', value)
class SanityTestCaseMixin(CreatorMixin):
"""Sanity checks for HMAC objects and their object interface.
@ -975,6 +1044,20 @@ class OpenSSLSanityTestCase(ThroughOpenSSLAPIMixin, SanityTestCaseMixin,
self.assertStartsWith(repr(h), f"<{self.digestname} HMAC object @")
class BuiltinSanityTestCase(ThroughBuiltinAPIMixin, SanityTestCaseMixin,
unittest.TestCase):
@classmethod
def setUpClass(cls):
super().setUpClass()
cls.hmac_class = cls.hmac.HMAC
cls.digestname = 'sha256'
def test_repr(self):
h = self.hmac_new(b"my secret key", digestmod=self.digestname)
self.assertStartsWith(repr(h), f"<{self.digestname} HMAC object @")
class UpdateTestCaseMixin:
"""Tests for the update() method (streaming HMAC)."""
@ -1006,7 +1089,7 @@ class PyUpdateTestCase(UpdateTestCaseMixin, unittest.TestCase):
@classmethod
def setUpClass(cls):
super().setUpClass()
cls.hmac = import_fresh_module('hmac', blocked=['_hashlib'])
cls.hmac = import_fresh_module('hmac', blocked=['_hashlib', '_hmac'])
def HMAC(self, key, msg=None):
return self.hmac.HMAC(key, msg, digestmod='sha256')
@ -1016,7 +1099,16 @@ class PyUpdateTestCase(UpdateTestCaseMixin, unittest.TestCase):
class OpenSSLUpdateTestCase(UpdateTestCaseMixin, unittest.TestCase):
def HMAC(self, key, msg=None):
return hmac.new(key, msg, digestmod='sha256')
return _hashlib.hmac_new(key, msg, digestmod='sha256')
class BuiltinUpdateTestCase(BuiltinModuleMixin,
UpdateTestCaseMixin, unittest.TestCase):
def HMAC(self, key, msg=None):
# Even if Python does not build '_sha2', the HACL* sources
# are still built, making it possible to use SHA-2 hashes.
return self.hmac.new(key, msg, digestmod='sha256')
class CopyBaseTestCase:
@ -1107,7 +1199,16 @@ class ExtensionCopyTestCase(CopyBaseTestCase):
class OpenSSLCopyTestCase(ExtensionCopyTestCase, unittest.TestCase):
def init(self, h):
h._init_hmac(b"key", b"msg", digestmod="sha256")
h._init_openssl_hmac(b"key", b"msg", digestmod="sha256")
@hashlib_helper.requires_builtin_hmac()
class BuiltinCopyTestCase(ExtensionCopyTestCase, unittest.TestCase):
def init(self, h):
# Even if Python does not build '_sha2', the HACL* sources
# are still built, making it possible to use SHA-2 hashes.
h._init_builtin_hmac(b"key", b"msg", digestmod="sha256")
class CompareDigestMixin:

123
Makefile.pre.in
View file

@ -227,8 +227,12 @@ ENSUREPIP= @ENSUREPIP@
# Internal static libraries
LIBMPDEC_A= Modules/_decimal/libmpdec/libmpdec.a
LIBEXPAT_A= Modules/expat/libexpat.a
LIBHACL_MD5_A= Modules/_hacl/libHacl_Hash_MD5.a
LIBHACL_SHA1_A= Modules/_hacl/libHacl_Hash_SHA1.a
LIBHACL_SHA2_A= Modules/_hacl/libHacl_Hash_SHA2.a
LIBHACL_SHA3_A= Modules/_hacl/libHacl_Hash_SHA3.a
LIBHACL_BLAKE2_A= Modules/_hacl/libHacl_Hash_Blake2.a
LIBHACL_HMAC_A= Modules/_hacl/libHacl_HMAC.a
LIBHACL_CFLAGS=@LIBHACL_CFLAGS@
LIBHACL_SIMD128_FLAGS=@LIBHACL_SIMD128_FLAGS@
LIBHACL_SIMD256_FLAGS=@LIBHACL_SIMD256_FLAGS@
@ -656,30 +660,65 @@ LIBEXPAT_HEADERS= \
##########################################################################
# hashlib's HACL* library
LIBHACL_MD5_OBJS= \
Modules/_hacl/Hacl_Hash_MD5.o
LIBHACL_SHA1_OBJS= \
Modules/_hacl/Hacl_Hash_SHA1.o
LIBHACL_SHA2_OBJS= \
Modules/_hacl/Hacl_Hash_SHA2.o
Modules/_hacl/Hacl_Hash_SHA2.o
LIBHACL_SHA3_OBJS= \
Modules/_hacl/Hacl_Hash_SHA3.o
LIBHACL_BLAKE2_OBJS= \
Modules/_hacl/Hacl_Hash_Blake2s.o \
Modules/_hacl/Hacl_Hash_Blake2b.o \
Modules/_hacl/Lib_Memzero0.o \
Modules/_hacl/Hacl_Hash_Blake2s.o \
Modules/_hacl/Hacl_Hash_Blake2b.o \
Modules/_hacl/Lib_Memzero0.o \
$(LIBHACL_SIMD128_OBJS) \
$(LIBHACL_SIMD256_OBJS)
LIBHACL_HMAC_OBJS= \
Modules/_hacl/Hacl_HMAC.o \
Modules/_hacl/Hacl_Streaming_HMAC.o \
$(LIBHACL_MD5_OBJS) \
$(LIBHACL_SHA1_OBJS) \
$(LIBHACL_SHA2_OBJS) \
$(LIBHACL_SHA3_OBJS) \
$(LIBHACL_BLAKE2_OBJS)
LIBHACL_HEADERS= \
Modules/_hacl/include/krml/FStar_UInt128_Verified.h \
Modules/_hacl/include/krml/FStar_UInt_8_16_32_64.h \
Modules/_hacl/include/krml/fstar_uint128_struct_endianness.h \
Modules/_hacl/include/krml/internal/compat.h \
Modules/_hacl/include/krml/internal/target.h \
Modules/_hacl/include/krml/internal/types.h \
Modules/_hacl/include/krml/lowstar_endianness.h \
Modules/_hacl/include/krml/FStar_UInt128_Verified.h \
Modules/_hacl/include/krml/FStar_UInt_8_16_32_64.h \
Modules/_hacl/include/krml/fstar_uint128_struct_endianness.h \
Modules/_hacl/include/krml/internal/compat.h \
Modules/_hacl/include/krml/internal/target.h \
Modules/_hacl/include/krml/internal/types.h \
Modules/_hacl/include/krml/lowstar_endianness.h \
Modules/_hacl/Hacl_Streaming_Types.h \
Modules/_hacl/python_hacl_namespaces.h
Modules/_hacl/internal/Hacl_Streaming_Types.h \
Modules/_hacl/libintvector.h \
Modules/_hacl/python_hacl_namespaces.h
LIBHACL_MD5_HEADERS= \
Modules/_hacl/Hacl_Hash_MD5.h \
Modules/_hacl/internal/Hacl_Hash_MD5.h \
$(LIBHACL_HEADERS)
LIBHACL_SHA1_HEADERS= \
Modules/_hacl/Hacl_Hash_SHA1.h \
Modules/_hacl/internal/Hacl_Hash_SHA1.h \
$(LIBHACL_HEADERS)
LIBHACL_SHA2_HEADERS= \
Modules/_hacl/Hacl_Hash_SHA2.h \
Modules/_hacl/internal/Hacl_Hash_SHA2.h \
Modules/_hacl/Hacl_Hash_SHA2.h \
Modules/_hacl/internal/Hacl_Hash_SHA2.h \
$(LIBHACL_HEADERS)
LIBHACL_SHA3_HEADERS= \
Modules/_hacl/Hacl_Hash_SHA3.h \
Modules/_hacl/internal/Hacl_Hash_SHA3.h \
$(LIBHACL_HEADERS)
LIBHACL_BLAKE2_HEADERS= \
@ -695,6 +734,19 @@ LIBHACL_BLAKE2_HEADERS= \
Modules/_hacl/internal/Hacl_Streaming_Types.h \
$(LIBHACL_HEADERS)
LIBHACL_HMAC_HEADERS= \
Modules/_hacl/Hacl_HMAC.h \
Modules/_hacl/Hacl_Streaming_HMAC.h \
Modules/_hacl/internal/Hacl_HMAC.h \
Modules/_hacl/internal/Hacl_Streaming_HMAC.h \
Modules/_hacl/libintvector-shim.h \
$(LIBHACL_MD5_HEADERS) \
$(LIBHACL_SHA1_HEADERS) \
$(LIBHACL_SHA2_HEADERS) \
$(LIBHACL_SHA3_HEADERS) \
$(LIBHACL_BLAKE2_HEADERS) \
$(LIBHACL_HEADERS)
#########################################################################
# Rules
@ -1408,10 +1460,25 @@ $(LIBEXPAT_A): $(LIBEXPAT_OBJS)
$(AR) $(ARFLAGS) $@ $(LIBEXPAT_OBJS)
##########################################################################
# Build HACL* static libraries for hashlib: libHacl_Hash_SHA2.a, and
# libHacl_Blake2.a -- the contents of the latter vary depending on whether we
# Build HACL* static libraries for hashlib and HACL* HMAC.
#
# The contents of libHacl_Blake2.a vary depending on whether we
# have the ability to compile vectorized versions
Modules/_hacl/Hacl_Hash_MD5.o: $(srcdir)/Modules/_hacl/Hacl_Hash_MD5.c $(LIBHACL_MD5_HEADERS)
$(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Hash_MD5.c
$(LIBHACL_MD5_A): $(LIBHACL_MD5_OBJS)
-rm -f $@
$(AR) $(ARFLAGS) $@ $(LIBHACL_MD5_OBJS)
Modules/_hacl/Hacl_Hash_SHA1.o: $(srcdir)/Modules/_hacl/Hacl_Hash_SHA1.c $(LIBHACL_SHA1_HEADERS)
$(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Hash_SHA1.c
$(LIBHACL_SHA1_A): $(LIBHACL_SHA1_OBJS)
-rm -f $@
$(AR) $(ARFLAGS) $@ $(LIBHACL_SHA1_OBJS)
Modules/_hacl/Hacl_Hash_SHA2.o: $(srcdir)/Modules/_hacl/Hacl_Hash_SHA2.c $(LIBHACL_SHA2_HEADERS)
$(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Hash_SHA2.c
@ -1419,6 +1486,13 @@ $(LIBHACL_SHA2_A): $(LIBHACL_SHA2_OBJS)
-rm -f $@
$(AR) $(ARFLAGS) $@ $(LIBHACL_SHA2_OBJS)
Modules/_hacl/Hacl_Hash_SHA3.o: $(srcdir)/Modules/_hacl/Hacl_Hash_SHA3.c $(LIBHACL_SHA3_HEADERS)
$(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Hash_SHA3.c
$(LIBHACL_SHA3_A): $(LIBHACL_SHA3_OBJS)
-rm -f $@
$(AR) $(ARFLAGS) $@ $(LIBHACL_SHA3_OBJS)
Modules/_hacl/Hacl_Hash_Blake2s.o: $(srcdir)/Modules/_hacl/Hacl_Hash_Blake2s.c $(LIBHACL_BLAKE2_HEADERS)
$(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Hash_Blake2s.c
@ -1444,6 +1518,16 @@ $(LIBHACL_BLAKE2_A): $(LIBHACL_BLAKE2_OBJS)
-rm -f $@
$(AR) $(ARFLAGS) $@ $(LIBHACL_BLAKE2_OBJS)
Modules/_hacl/Hacl_HMAC.o: $(srcdir)/Modules/_hacl/Hacl_HMAC.c $(LIBHACL_HMAC_HEADERS)
$(CC) -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_HMAC.c
Modules/_hacl/Hacl_Streaming_HMAC.o: $(srcdir)/Modules/_hacl/Hacl_Streaming_HMAC.c $(LIBHACL_HMAC_HEADERS)
$(CC) -Wno-unused-variable -c $(LIBHACL_CFLAGS) -o $@ $(srcdir)/Modules/_hacl/Hacl_Streaming_HMAC.c
$(LIBHACL_HMAC_A): $(LIBHACL_HMAC_OBJS)
-rm -f $@
$(AR) $(ARFLAGS) $@ $(LIBHACL_HMAC_OBJS)
# create relative links from build/lib.platform/egg.so to Modules/egg.so
# pybuilddir.txt is created too late. We cannot use it in Makefile
# targets. ln --relative is not portable.
@ -3216,11 +3300,12 @@ MODULE__DECIMAL_DEPS=$(srcdir)/Modules/_decimal/docstrings.h @LIBMPDEC_INTERNAL@
MODULE__ELEMENTTREE_DEPS=$(srcdir)/Modules/pyexpat.c @LIBEXPAT_INTERNAL@
MODULE__HASHLIB_DEPS=$(srcdir)/Modules/hashlib.h
MODULE__IO_DEPS=$(srcdir)/Modules/_io/_iomodule.h
MODULE__MD5_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HEADERS) Modules/_hacl/Hacl_Hash_MD5.h Modules/_hacl/internal/Hacl_Hash_MD5.h Modules/_hacl/Hacl_Hash_MD5.c
MODULE__SHA1_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HEADERS) Modules/_hacl/Hacl_Hash_SHA1.h Modules/_hacl/internal/Hacl_Hash_SHA1.h Modules/_hacl/Hacl_Hash_SHA1.c
MODULE__MD5_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_MD5_HEADERS) $(LIBHACL_MD5_A)
MODULE__SHA1_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_SHA1_HEADERS) $(LIBHACL_SHA1_A)
MODULE__SHA2_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_SHA2_HEADERS) $(LIBHACL_SHA2_A)
MODULE__SHA3_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HEADERS) Modules/_hacl/Hacl_Hash_SHA3.h Modules/_hacl/internal/Hacl_Hash_SHA3.h Modules/_hacl/Hacl_Hash_SHA3.c
MODULE__SHA3_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_SHA3_HEADERS) $(LIBHACL_SHA3_A)
MODULE__BLAKE2_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_BLAKE2_HEADERS) $(LIBHACL_BLAKE2_A)
MODULE__HMAC_DEPS=$(srcdir)/Modules/hashlib.h $(LIBHACL_HMAC_HEADERS) $(LIBHACL_HMAC_A)
MODULE__SOCKET_DEPS=$(srcdir)/Modules/socketmodule.h $(srcdir)/Modules/addrinfo.h $(srcdir)/Modules/getaddrinfo.c $(srcdir)/Modules/getnameinfo.c
MODULE__SSL_DEPS=$(srcdir)/Modules/_ssl.h $(srcdir)/Modules/_ssl/cert.c $(srcdir)/Modules/_ssl/debughelpers.c $(srcdir)/Modules/_ssl/misc.c $(srcdir)/Modules/_ssl_data_111.h $(srcdir)/Modules/_ssl_data_300.h $(srcdir)/Modules/socketmodule.h
MODULE__TESTCAPI_DEPS=$(srcdir)/Modules/_testcapi/parts.h $(srcdir)/Modules/_testcapi/util.h

2
Misc/NEWS.d/next/Core_and_Builtins/2025-02-15-14-36-32.gh-issue-99108.u6CfmK.rst Normal file
View file

@ -0,0 +1,2 @@
Add support for built-in implementation of HMAC (:rfc:`2104`) based on
HACL*. Patch by Bénédikt Tran.

137
Misc/sbom.spdx.json generated
View file

@ -281,6 +281,34 @@
],
"fileName": "Modules/expat/xmltok_ns.c"
},
{
"SPDXID": "SPDXRef-FILE-Modules-hacl-Hacl-HMAC.c",
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "705dc7220dad725881592749f7febaf6135cc9fd"
},
{
"algorithm": "SHA256",
"checksumValue": "142adb769ff02b8a5327f0eb837e1f9a797bdf9a1684d21acd749dbb5b2e5be2"
}
],
"fileName": "Modules/_hacl/Hacl_HMAC.c"
},
{
"SPDXID": "SPDXRef-FILE-Modules-hacl-Hacl-HMAC.h",
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "de7179fe6970e2b5d281dfed977ed91be635b8d2"
},
{
"algorithm": "SHA256",
"checksumValue": "c0ba888d87775c7d7f7d8a08dac7b3988fed81e11bb52396d90f762a8e90a7eb"
}
],
"fileName": "Modules/_hacl/Hacl_HMAC.h"
},
{
"SPDXID": "SPDXRef-FILE-Modules-hacl-Hacl-Hash-Blake2b.c",
"checksums": [
@ -533,6 +561,34 @@
],
"fileName": "Modules/_hacl/Hacl_Hash_SHA3.h"
},
{
"SPDXID": "SPDXRef-FILE-Modules-hacl-Hacl-Streaming-HMAC.c",
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "8140310f505bb2619a749777a91487d666237bcf"
},
{
"algorithm": "SHA256",
"checksumValue": "9d95e6a651c22185d9b7c38f363d30159f810e6fcdc2208f29492837ed891e82"
}
],
"fileName": "Modules/_hacl/Hacl_Streaming_HMAC.c"
},
{
"SPDXID": "SPDXRef-FILE-Modules-hacl-Hacl-Streaming-HMAC.h",
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "49523144583a15d96ba1646af02dc292e633bf8f"
},
{
"algorithm": "SHA256",
"checksumValue": "78345519bf6789264f6792b809ee97a9ecf7cb5829c674c61e2d99bfdfdc36fc"
}
],
"fileName": "Modules/_hacl/Hacl_Streaming_HMAC.h"
},
{
"SPDXID": "SPDXRef-FILE-Modules-hacl-Hacl-Streaming-Types.h",
"checksums": [
@ -659,6 +715,20 @@
],
"fileName": "Modules/_hacl/include/krml/lowstar_endianness.h"
},
{
"SPDXID": "SPDXRef-FILE-Modules-hacl-internal-Hacl-HMAC.h",
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "aaa656e25a92ba83655e1398a97efa6981f60fc4"
},
{
"algorithm": "SHA256",
"checksumValue": "a59abc6e9b3019cb18976a15e634f5146bd965fc9babf4ccbf2b531164a34f85"
}
],
"fileName": "Modules/_hacl/internal/Hacl_HMAC.h"
},
{
"SPDXID": "SPDXRef-FILE-Modules-hacl-internal-Hacl-Hash-Blake2b.h",
"checksums": [
@ -785,6 +855,20 @@
],
"fileName": "Modules/_hacl/internal/Hacl_Impl_Blake2_Constants.h"
},
{
"SPDXID": "SPDXRef-FILE-Modules-hacl-internal-Hacl-Streaming-HMAC.h",
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "2048f3cd61dbda2df862a2982ebaf24b6815ed51"
},
{
"algorithm": "SHA256",
"checksumValue": "b0f5a79c98525b0cb1659238e095641328b7da16a94cb57a0793e635d1da3653"
}
],
"fileName": "Modules/_hacl/internal/Hacl_Streaming_HMAC.h"
},
{
"SPDXID": "SPDXRef-FILE-Modules-hacl-internal-Hacl-Streaming-Types.h",
"checksums": [
@ -813,6 +897,20 @@
],
"fileName": "Modules/_hacl/lib_memzero0.h"
},
{
"SPDXID": "SPDXRef-FILE-Modules-hacl-libintvector-shim.h",
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "a28d706b06985c14f01a5527e568beb28f28109e"
},
{
"algorithm": "SHA256",
"checksumValue": "f26e8339da7e0db3d6c8f70247300bd5876110a30e1fb883e59370da48e38f9e"
}
],
"fileName": "Modules/_hacl/libintvector-shim.h"
},
{
"SPDXID": "SPDXRef-FILE-Modules-hacl-libintvector.h",
"checksums": [
@ -832,11 +930,11 @@
"checksums": [
{
"algorithm": "SHA1",
"checksumValue": "37e3eb63c5c6f8ae671748bfde642c180b96d2de"
"checksumValue": "dbed915328619b1159012649a427c6928033dd90"
},
{
"algorithm": "SHA256",
"checksumValue": "0b5c7892cc25a2b3467936c1f346a6186d9d0a257d1bd5671beda253b66e0f68"
"checksumValue": "0297ea0a5d1117e001d5dbb90f99d47ee9e0f9d3dd45da02ba5dc477e551cb5a"
}
],
"fileName": "Modules/_hacl/python_hacl_namespaces.h"
@ -1817,6 +1915,16 @@
"relationshipType": "CONTAINS",
"spdxElementId": "SPDXRef-PACKAGE-expat"
},
{
"relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-Hacl-HMAC.c",
"relationshipType": "CONTAINS",
"spdxElementId": "SPDXRef-PACKAGE-hacl-star"
},
{
"relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-Hacl-HMAC.h",
"relationshipType": "CONTAINS",
"spdxElementId": "SPDXRef-PACKAGE-hacl-star"
},
{
"relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-Hacl-Hash-Blake2b.c",
"relationshipType": "CONTAINS",
@ -1907,6 +2015,16 @@
"relationshipType": "CONTAINS",
"spdxElementId": "SPDXRef-PACKAGE-hacl-star"
},
{
"relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-Hacl-Streaming-HMAC.c",
"relationshipType": "CONTAINS",
"spdxElementId": "SPDXRef-PACKAGE-hacl-star"
},
{
"relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-Hacl-Streaming-HMAC.h",
"relationshipType": "CONTAINS",
"spdxElementId": "SPDXRef-PACKAGE-hacl-star"
},
{
"relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-Hacl-Streaming-Types.h",
"relationshipType": "CONTAINS",
@ -1952,6 +2070,11 @@
"relationshipType": "CONTAINS",
"spdxElementId": "SPDXRef-PACKAGE-hacl-star"
},
{
"relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-internal-Hacl-HMAC.h",
"relationshipType": "CONTAINS",
"spdxElementId": "SPDXRef-PACKAGE-hacl-star"
},
{
"relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-internal-Hacl-Hash-Blake2b.h",
"relationshipType": "CONTAINS",
@ -1997,6 +2120,11 @@
"relationshipType": "CONTAINS",
"spdxElementId": "SPDXRef-PACKAGE-hacl-star"
},
{
"relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-internal-Hacl-Streaming-HMAC.h",
"relationshipType": "CONTAINS",
"spdxElementId": "SPDXRef-PACKAGE-hacl-star"
},
{
"relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-internal-Hacl-Streaming-Types.h",
"relationshipType": "CONTAINS",
@ -2007,6 +2135,11 @@
"relationshipType": "CONTAINS",
"spdxElementId": "SPDXRef-PACKAGE-hacl-star"
},
{
"relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-libintvector-shim.h",
"relationshipType": "CONTAINS",
"spdxElementId": "SPDXRef-PACKAGE-hacl-star"
},
{
"relatedSpdxElement": "SPDXRef-FILE-Modules-hacl-libintvector.h",
"relationshipType": "CONTAINS",

11
Modules/Setup
View file

@ -165,11 +165,12 @@ PYTHONPATH=$(COREPYTHONPATH)
#pyexpat pyexpat.c
# hashing builtins
#_blake2 blake2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_Blake2.a
#_md5 md5module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_MD5.c -D_BSD_SOURCE -D_DEFAULT_SOURCE
#_sha1 sha1module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_SHA1.c -D_BSD_SOURCE -D_DEFAULT_SOURCE
#_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA2.a
#_sha3 sha3module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_SHA3.c -D_BSD_SOURCE -D_DEFAULT_SOURCE
#_blake2 blake2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_Blake2.a -D_BSD_SOURCE -D_DEFAULT_SOURCE
#_md5 md5module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_MD5.a -D_BSD_SOURCE -D_DEFAULT_SOURCE
#_sha1 sha1module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA1.a -D_BSD_SOURCE -D_DEFAULT_SOURCE
#_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA2.a -D_BSD_SOURCE -D_DEFAULT_SOURCE
#_sha3 sha3module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA3.a -D_BSD_SOURCE -D_DEFAULT_SOURCE
#_hmac hmacmodule.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_HMAC.a -D_BSD_SOURCE -D_DEFAULT_SOURCE
# text encodings and unicode
#_codecs_cn cjkcodecs/_codecs_cn.c

12
Modules/Setup.stdlib.in
View file

@ -78,11 +78,13 @@
@MODULE_READLINE_TRUE@readline readline.c
# hashing builtins, can be disabled with --without-builtin-hashlib-hashes
@MODULE__MD5_TRUE@_md5 md5module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_MD5.c -D_BSD_SOURCE -D_DEFAULT_SOURCE
@MODULE__SHA1_TRUE@_sha1 sha1module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_SHA1.c -D_BSD_SOURCE -D_DEFAULT_SOURCE
@MODULE__SHA2_TRUE@_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA2.a
@MODULE__SHA3_TRUE@_sha3 sha3module.c -I$(srcdir)/Modules/_hacl/include _hacl/Hacl_Hash_SHA3.c -D_BSD_SOURCE -D_DEFAULT_SOURCE
@MODULE__BLAKE2_TRUE@_blake2 blake2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_Blake2.a
@MODULE__MD5_TRUE@_md5 md5module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_MD5.a -D_BSD_SOURCE -D_DEFAULT_SOURCE
@MODULE__SHA1_TRUE@_sha1 sha1module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA1.a -D_BSD_SOURCE -D_DEFAULT_SOURCE
@MODULE__SHA2_TRUE@_sha2 sha2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA2.a -D_BSD_SOURCE -D_DEFAULT_SOURCE
@MODULE__SHA3_TRUE@_sha3 sha3module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_SHA3.a -D_BSD_SOURCE -D_DEFAULT_SOURCE
@MODULE__BLAKE2_TRUE@_blake2 blake2module.c -I$(srcdir)/Modules/_hacl/include Modules/_hacl/libHacl_Hash_Blake2.a -D_BSD_SOURCE -D_DEFAULT_SOURCE
@MODULE__HMAC_TRUE@_hmac hmacmodule.c
############################################################################
# XML and text

1567
Modules/_hacl/Hacl_HMAC.c Normal file
View file

File diff suppressed because it is too large Load diff

224
Modules/_hacl/Hacl_HMAC.h Normal file
View file

@ -0,0 +1,224 @@
/* MIT License
*
* Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
* Copyright (c) 2022-2023 HACL* Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#ifndef __Hacl_HMAC_H
#define __Hacl_HMAC_H
#if defined(__cplusplus)
extern "C" {
#endif
#include <string.h>
#include "python_hacl_namespaces.h"
#include "krml/internal/types.h"
#include "krml/lowstar_endianness.h"
#include "krml/internal/target.h"
/**
Write the HMAC-MD5 MAC of a message (`data`) by using a key (`key`) into `dst`.
The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 byte.
`dst` must point to 16 bytes of memory.
*/
void
Hacl_HMAC_compute_md5(
uint8_t *dst,
uint8_t *key,
uint32_t key_len,
uint8_t *data,
uint32_t data_len
);
/**
Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`.
The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 byte.
`dst` must point to 20 bytes of memory.
*/
void
Hacl_HMAC_compute_sha1(
uint8_t *dst,
uint8_t *key,
uint32_t key_len,
uint8_t *data,
uint32_t data_len
);
/**
Write the HMAC-SHA-2-224 MAC of a message (`data`) by using a key (`key`) into `dst`.
The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes.
`dst` must point to 28 bytes of memory.
*/
void
Hacl_HMAC_compute_sha2_224(
uint8_t *dst,
uint8_t *key,
uint32_t key_len,
uint8_t *data,
uint32_t data_len
);
/**
Write the HMAC-SHA-2-256 MAC of a message (`data`) by using a key (`key`) into `dst`.
The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes.
`dst` must point to 32 bytes of memory.
*/
void
Hacl_HMAC_compute_sha2_256(
uint8_t *dst,
uint8_t *key,
uint32_t key_len,
uint8_t *data,
uint32_t data_len
);
/**
Write the HMAC-SHA-2-384 MAC of a message (`data`) by using a key (`key`) into `dst`.
The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.
`dst` must point to 48 bytes of memory.
*/
void
Hacl_HMAC_compute_sha2_384(
uint8_t *dst,
uint8_t *key,
uint32_t key_len,
uint8_t *data,
uint32_t data_len
);
/**
Write the HMAC-SHA-2-512 MAC of a message (`data`) by using a key (`key`) into `dst`.
The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.
`dst` must point to 64 bytes of memory.
*/
void
Hacl_HMAC_compute_sha2_512(
uint8_t *dst,
uint8_t *key,
uint32_t key_len,
uint8_t *data,
uint32_t data_len
);
/**
Write the HMAC-SHA-3-224 MAC of a message (`data`) by using a key (`key`) into `dst`.
The key can be any length and will be hashed if it is longer and padded if it is shorter than 144 bytes.
`dst` must point to 28 bytes of memory.
*/
void
Hacl_HMAC_compute_sha3_224(
uint8_t *dst,
uint8_t *key,
uint32_t key_len,
uint8_t *data,
uint32_t data_len
);
/**
Write the HMAC-SHA-3-256 MAC of a message (`data`) by using a key (`key`) into `dst`.
The key can be any length and will be hashed if it is longer and padded if it is shorter than 136 bytes.
`dst` must point to 32 bytes of memory.
*/
void
Hacl_HMAC_compute_sha3_256(
uint8_t *dst,
uint8_t *key,
uint32_t key_len,
uint8_t *data,
uint32_t data_len
);
/**
Write the HMAC-SHA-3-384 MAC of a message (`data`) by using a key (`key`) into `dst`.
The key can be any length and will be hashed if it is longer and padded if it is shorter than 104 bytes.
`dst` must point to 48 bytes of memory.
*/
void
Hacl_HMAC_compute_sha3_384(
uint8_t *dst,
uint8_t *key,
uint32_t key_len,
uint8_t *data,
uint32_t data_len
);
/**
Write the HMAC-SHA-3-512 MAC of a message (`data`) by using a key (`key`) into `dst`.
The key can be any length and will be hashed if it is longer and padded if it is shorter than 72 bytes.
`dst` must point to 64 bytes of memory.
*/
void
Hacl_HMAC_compute_sha3_512(
uint8_t *dst,
uint8_t *key,
uint32_t key_len,
uint8_t *data,
uint32_t data_len
);
/**
Write the HMAC-BLAKE2s MAC of a message (`data`) by using a key (`key`) into `dst`.
The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes.
`dst` must point to 32 bytes of memory.
*/
void
Hacl_HMAC_compute_blake2s_32(
uint8_t *dst,
uint8_t *key,
uint32_t key_len,
uint8_t *data,
uint32_t data_len
);
/**
Write the HMAC-BLAKE2b MAC of a message (`data`) by using a key (`key`) into `dst`.
The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.
`dst` must point to 64 bytes of memory.
*/
void
Hacl_HMAC_compute_blake2b_32(
uint8_t *dst,
uint8_t *key,
uint32_t key_len,
uint8_t *data,
uint32_t data_len
);
#if defined(__cplusplus)
}
#endif
#define __Hacl_HMAC_H_DEFINED
#endif

2551
Modules/_hacl/Hacl_Streaming_HMAC.c Normal file
View file

File diff suppressed because it is too large Load diff

134
Modules/_hacl/Hacl_Streaming_HMAC.h Normal file
View file

@ -0,0 +1,134 @@
/* MIT License
*
* Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
* Copyright (c) 2022-2023 HACL* Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#ifndef __Hacl_Streaming_HMAC_H
#define __Hacl_Streaming_HMAC_H
#if defined(__cplusplus)
extern "C" {
#endif
#include <string.h>
#include "python_hacl_namespaces.h"
#include "krml/internal/types.h"
#include "krml/lowstar_endianness.h"
#include "krml/internal/target.h"
#include "Hacl_Streaming_Types.h"
#define Hacl_Agile_Hash_MD5 0
#define Hacl_Agile_Hash_SHA1 1
#define Hacl_Agile_Hash_SHA2_224 2
#define Hacl_Agile_Hash_SHA2_256 3
#define Hacl_Agile_Hash_SHA2_384 4
#define Hacl_Agile_Hash_SHA2_512 5
#define Hacl_Agile_Hash_SHA3_224 6
#define Hacl_Agile_Hash_SHA3_256 7
#define Hacl_Agile_Hash_SHA3_384 8
#define Hacl_Agile_Hash_SHA3_512 9
#define Hacl_Agile_Hash_Blake2S_32 10
#define Hacl_Agile_Hash_Blake2S_128 11
#define Hacl_Agile_Hash_Blake2B_32 12
#define Hacl_Agile_Hash_Blake2B_256 13
typedef uint8_t Hacl_Agile_Hash_impl;
typedef struct Hacl_Agile_Hash_state_s_s Hacl_Agile_Hash_state_s;
typedef struct Hacl_Streaming_HMAC_Definitions_index_s
{
Hacl_Agile_Hash_impl fst;
uint32_t snd;
}
Hacl_Streaming_HMAC_Definitions_index;
typedef struct Hacl_Streaming_HMAC_Definitions_two_state_s
{
uint32_t fst;
Hacl_Agile_Hash_state_s *snd;
Hacl_Agile_Hash_state_s *thd;
}
Hacl_Streaming_HMAC_Definitions_two_state;
Hacl_Agile_Hash_state_s
*Hacl_Streaming_HMAC_s1(
Hacl_Streaming_HMAC_Definitions_index i,
Hacl_Streaming_HMAC_Definitions_two_state s
);
Hacl_Agile_Hash_state_s
*Hacl_Streaming_HMAC_s2(
Hacl_Streaming_HMAC_Definitions_index i,
Hacl_Streaming_HMAC_Definitions_two_state s
);
Hacl_Streaming_HMAC_Definitions_index
Hacl_Streaming_HMAC_index_of_state(Hacl_Streaming_HMAC_Definitions_two_state s);
typedef struct Hacl_Streaming_HMAC_agile_state_s Hacl_Streaming_HMAC_agile_state;
Hacl_Streaming_Types_error_code
Hacl_Streaming_HMAC_malloc_(
Hacl_Agile_Hash_impl impl,
uint8_t *key,
uint32_t key_length,
Hacl_Streaming_HMAC_agile_state **dst
);
Hacl_Streaming_HMAC_Definitions_index
Hacl_Streaming_HMAC_get_impl(Hacl_Streaming_HMAC_agile_state *s);
Hacl_Streaming_Types_error_code
Hacl_Streaming_HMAC_reset(
Hacl_Streaming_HMAC_agile_state *state,
uint8_t *key,
uint32_t key_length
);
Hacl_Streaming_Types_error_code
Hacl_Streaming_HMAC_update(
Hacl_Streaming_HMAC_agile_state *state,
uint8_t *chunk,
uint32_t chunk_len
);
Hacl_Streaming_Types_error_code
Hacl_Streaming_HMAC_digest(
Hacl_Streaming_HMAC_agile_state *state,
uint8_t *output,
uint32_t digest_length
);
void Hacl_Streaming_HMAC_free(Hacl_Streaming_HMAC_agile_state *state);
Hacl_Streaming_HMAC_agile_state
*Hacl_Streaming_HMAC_copy(Hacl_Streaming_HMAC_agile_state *state);
#if defined(__cplusplus)
}
#endif
#define __Hacl_Streaming_HMAC_H_DEFINED
#endif

14
Modules/_hacl/README.md
View file

@ -8,10 +8,10 @@ safety, functional correctness, and secret independence.
## Updating HACL*
Use the `refresh.sh` script in this directory to pull in a new upstream code
version. The upstream git hash used for the most recent code pull is recorded
in the script. Modify the script as needed to bring in more if changes are
needed based on upstream code refactoring.
Use the [refresh.sh](refresh.sh) script in this directory to pull in a new
upstream code version. The upstream git hash used for the most recent code
pull is recorded in the script. Modify the script as needed to bring in more
if changes are needed based on upstream code refactoring.
Never manually edit HACL\* files. Always add transformation shell code to the
`refresh.sh` script to perform any necessary edits. If there are serious code
@ -19,9 +19,9 @@ changes needed, work with the upstream repository.
## Local files
1. `./include/python_hacl_namespaces.h`
1. `./README.md`
1. `./refresh.sh`
* [python_hacl_namespaces.h](python_hacl_namespaces.h)
* [README.md](README.md)
* [refresh.sh](refresh.sh)
## ACKS

52
Modules/_hacl/internal/Hacl_HMAC.h Normal file
View file

@ -0,0 +1,52 @@
/* MIT License
*
* Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
* Copyright (c) 2022-2023 HACL* Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#ifndef __internal_Hacl_HMAC_H
#define __internal_Hacl_HMAC_H
#if defined(__cplusplus)
extern "C" {
#endif
#include <string.h>
#include "krml/internal/types.h"
#include "krml/lowstar_endianness.h"
#include "krml/internal/target.h"
#include "../Hacl_HMAC.h"
typedef struct K___uint32_t_uint32_t_s
{
uint32_t fst;
uint32_t snd;
}
K___uint32_t_uint32_t;
#if defined(__cplusplus)
}
#endif
#define __internal_Hacl_HMAC_H_DEFINED
#endif

94
Modules/_hacl/internal/Hacl_Streaming_HMAC.h Normal file
View file

@ -0,0 +1,94 @@
/* MIT License
*
* Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
* Copyright (c) 2022-2023 HACL* Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#ifndef __internal_Hacl_Streaming_HMAC_H
#define __internal_Hacl_Streaming_HMAC_H
#if defined(__cplusplus)
extern "C" {
#endif
#include <string.h>
#include "krml/internal/types.h"
#include "krml/lowstar_endianness.h"
#include "krml/internal/target.h"
#include "../Hacl_Streaming_HMAC.h"
#include "libintvector-shim.h"
#define Hacl_Agile_Hash_MD5_a 0
#define Hacl_Agile_Hash_SHA1_a 1
#define Hacl_Agile_Hash_SHA2_224_a 2
#define Hacl_Agile_Hash_SHA2_256_a 3
#define Hacl_Agile_Hash_SHA2_384_a 4
#define Hacl_Agile_Hash_SHA2_512_a 5
#define Hacl_Agile_Hash_SHA3_224_a 6
#define Hacl_Agile_Hash_SHA3_256_a 7
#define Hacl_Agile_Hash_SHA3_384_a 8
#define Hacl_Agile_Hash_SHA3_512_a 9
#define Hacl_Agile_Hash_Blake2S_a 10
#define Hacl_Agile_Hash_Blake2S_128_a 11
#define Hacl_Agile_Hash_Blake2B_a 12
#define Hacl_Agile_Hash_Blake2B_256_a 13
typedef uint8_t Hacl_Agile_Hash_state_s_tags;
typedef struct Hacl_Agile_Hash_state_s_s
{
Hacl_Agile_Hash_state_s_tags tag;
union {
uint32_t *case_MD5_a;
uint32_t *case_SHA1_a;
uint32_t *case_SHA2_224_a;
uint32_t *case_SHA2_256_a;
uint64_t *case_SHA2_384_a;
uint64_t *case_SHA2_512_a;
uint64_t *case_SHA3_224_a;
uint64_t *case_SHA3_256_a;
uint64_t *case_SHA3_384_a;
uint64_t *case_SHA3_512_a;
uint32_t *case_Blake2S_a;
Lib_IntVector_Intrinsics_vec128 *case_Blake2S_128_a;
uint64_t *case_Blake2B_a;
Lib_IntVector_Intrinsics_vec256 *case_Blake2B_256_a;
}
;
}
Hacl_Agile_Hash_state_s;
typedef struct Hacl_Streaming_HMAC_agile_state_s
{
Hacl_Streaming_HMAC_Definitions_two_state block_state;
uint8_t *buf;
uint64_t total_len;
}
Hacl_Streaming_HMAC_agile_state;
#if defined(__cplusplus)
}
#endif
#define __internal_Hacl_Streaming_HMAC_H_DEFINED
#endif

35
Modules/_hacl/libintvector-shim.h Normal file
View file

@ -0,0 +1,35 @@
/* Some older compilers do not let you include, e.g., <immintrin.h> unless you also use e.g. -mavx.
* This poses a problem for files like Hacl_Streaming_HMAC.c, which *do* need a vec128 type defined
* in scope (so that their state type can be defined), but which *must not* be compiled with -mavx
* (otherwise it would result in illegal instruction errors on machines without -mavx).
*
* Rather than add another layer of hacks with `[@ CAbstractStruct ]` and another internal
* abstraction barrier between Hacl_Streaming_HMAC and optimized files, we simply define the two
* relevant types to be an incomplete struct (we could also define them to be void). Two
* consequences:
* - these types cannot be constructed, which enforces the abstraction barrier -- you can define the
* Hacl_Streaming_HMAC state type but only if it uses vec128 behind a pointer, which is exactly
* the intent, and
* - the absence of actual operations over these types once again enforces that a client module
* which relies on this header only does type definitions, nothing more, and leaves the actual
* operations to the relevant module (e.g. Hacl_Hash_Blake2b_256) -- that one will include
* libintvector.h
*
* See https://github.com/python/cpython/issues/130213 for a detailed description of the issue
* including actual problematic compilers.
*
* Currently, only Hacl_Streaming_HMAC is crafted carefully enough to do this.
*/
typedef struct __vec128 Lib_IntVector_Intrinsics_vec128;
typedef struct __vec256 Lib_IntVector_Intrinsics_vec256;
/* If a module includes this header, it almost certainly has #ifdef HACL_CAN_COMPILE_XXX all over
* the place, so bring that into scope too via config.h */
#if defined(__has_include)
#if __has_include("config.h")
#include "config.h"
#endif
#endif
#define HACL_INTRINSICS_SHIMMED

27
Modules/_hacl/python_hacl_namespaces.h
View file

@ -209,4 +209,31 @@
#define Hacl_Hash_SHA3_state_free python_hashlib_Hacl_Hash_SHA3_state_free
#define Hacl_Hash_SHA3_state_malloc python_hashlib_Hacl_Hash_SHA3_state_malloc
// Streaming HMAC
#define Hacl_Streaming_HMAC_malloc_ python_hashlib_Hacl_Streaming_HMAC_malloc_
#define Hacl_Streaming_HMAC_get_impl python_hashlib_Hacl_Streaming_HMAC_get_impl
#define Hacl_Streaming_HMAC_reset python_hashlib_Hacl_Streaming_HMAC_reset
#define Hacl_Streaming_HMAC_update python_hashlib_Hacl_Streaming_HMAC_update
#define Hacl_Streaming_HMAC_digest python_hashlib_Hacl_Streaming_HMAC_digest
#define Hacl_Streaming_HMAC_copy python_hashlib_Hacl_Streaming_HMAC_copy
#define Hacl_Streaming_HMAC_free python_hashlib_Hacl_Streaming_HMAC_free
// HMAC-MD5
#define Hacl_HMAC_compute_md5 python_hashlib_Hacl_HMAC_compute_md5
// HMAC-SHA-1
#define Hacl_HMAC_compute_sha1 python_hashlib_Hacl_HMAC_compute_sha1
// HMAC-SHA-2
#define Hacl_HMAC_compute_sha2_224 python_hashlib_Hacl_HMAC_compute_sha2_224
#define Hacl_HMAC_compute_sha2_256 python_hashlib_Hacl_HMAC_compute_sha2_256
#define Hacl_HMAC_compute_sha2_384 python_hashlib_Hacl_HMAC_compute_sha2_384
#define Hacl_HMAC_compute_sha2_512 python_hashlib_Hacl_HMAC_compute_sha2_512
// HMAC-SHA-3
#define Hacl_HMAC_compute_sha3_224 python_hashlib_Hacl_HMAC_compute_sha3_224
#define Hacl_HMAC_compute_sha3_256 python_hashlib_Hacl_HMAC_compute_sha3_256
#define Hacl_HMAC_compute_sha3_384 python_hashlib_Hacl_HMAC_compute_sha3_384
#define Hacl_HMAC_compute_sha3_512 python_hashlib_Hacl_HMAC_compute_sha3_512
// HMAC-BLAKE
#define Hacl_HMAC_compute_blake2s_32 python_hashlib_Hacl_HMAC_compute_blake2s_32
#define Hacl_HMAC_compute_blake2b_32 python_hashlib_Hacl_HMAC_compute_blake2b_32
#endif // _PYTHON_HACL_NAMESPACES_H

21
Modules/_hacl/refresh.sh
View file

@ -41,6 +41,8 @@ fi
declare -a dist_files
dist_files=(
Hacl_Streaming_Types.h
internal/Hacl_Streaming_Types.h
# Cryptographic Hash Functions (headers)
Hacl_Hash_MD5.h
Hacl_Hash_SHA1.h
Hacl_Hash_SHA2.h
@ -49,6 +51,10 @@ dist_files=(
Hacl_Hash_Blake2s.h
Hacl_Hash_Blake2b_Simd256.h
Hacl_Hash_Blake2s_Simd128.h
# Cryptographic Primitives (headers)
Hacl_HMAC.h
Hacl_Streaming_HMAC.h
# Cryptographic Hash Functions (internal headers)
internal/Hacl_Hash_MD5.h
internal/Hacl_Hash_SHA1.h
internal/Hacl_Hash_SHA2.h
@ -58,7 +64,10 @@ dist_files=(
internal/Hacl_Hash_Blake2b_Simd256.h
internal/Hacl_Hash_Blake2s_Simd128.h
internal/Hacl_Impl_Blake2_Constants.h
internal/Hacl_Streaming_Types.h
# Cryptographic Primitives (internal headers)
internal/Hacl_HMAC.h
internal/Hacl_Streaming_HMAC.h
# Cryptographic Hash Functions (sources)
Hacl_Hash_MD5.c
Hacl_Hash_SHA1.c
Hacl_Hash_SHA2.c
@ -67,7 +76,12 @@ dist_files=(
Hacl_Hash_Blake2s.c
Hacl_Hash_Blake2b_Simd256.c
Hacl_Hash_Blake2s_Simd128.c
# Cryptographic Primitives (sources)
Hacl_HMAC.c
Hacl_Streaming_HMAC.c
# Miscellaneous
libintvector.h
libintvector-shim.h
lib_memzero0.h
Lib_Memzero0.c
)
@ -126,7 +140,10 @@ $sed -i -z 's!#define KRML_TYPES_H!#define KRML_TYPES_H\n#define KRML_VERIFIED_U
$sed -i 's!#include.*Hacl_Krmllib.h"!!g' "${all_files[@]}"
# Use globally unique names for the Hacl_ C APIs to avoid linkage conflicts.
$sed -i -z 's!#include <string.h>!#include <string.h>\n#include "python_hacl_namespaces.h"!' Hacl_Hash_*.h
$sed -i -z 's!#include <string.h>!#include <string.h>\n#include "python_hacl_namespaces.h"!' \
Hacl_Hash_*.h \
Hacl_HMAC.h \
Hacl_Streaming_HMAC.h
# Step 3: trim whitespace (for the linter)

673
Modules/clinic/hmacmodule.c.h generated Normal file
View file

@ -0,0 +1,673 @@
/*[clinic input]
preserve
[clinic start generated code]*/
#if defined(Py_BUILD_CORE) && !defined(Py_BUILD_CORE_MODULE)
# include "pycore_gc.h" // PyGC_Head
# include "pycore_runtime.h" // _Py_ID()
#endif
#include "pycore_modsupport.h" // _PyArg_UnpackKeywords()
PyDoc_STRVAR(_hmac_new__doc__,
"new($module, /, key, msg=None, digestmod=None)\n"
"--\n"
"\n"
"Return a new HMAC object.");
#define _HMAC_NEW_METHODDEF \
{"new", _PyCFunction_CAST(_hmac_new), METH_FASTCALL|METH_KEYWORDS, _hmac_new__doc__},
static PyObject *
_hmac_new_impl(PyObject *module, PyObject *keyobj, PyObject *msgobj,
PyObject *hash_info_ref);
static PyObject *
_hmac_new(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
#if defined(Py_BUILD_CORE) && !defined(Py_BUILD_CORE_MODULE)
#define NUM_KEYWORDS 3
static struct {
PyGC_Head _this_is_not_used;
PyObject_VAR_HEAD
Py_hash_t ob_hash;
PyObject *ob_item[NUM_KEYWORDS];
} _kwtuple = {
.ob_base = PyVarObject_HEAD_INIT(&PyTuple_Type, NUM_KEYWORDS)
.ob_hash = -1,
.ob_item = { &_Py_ID(key), &_Py_ID(msg), &_Py_ID(digestmod), },
};
#undef NUM_KEYWORDS
#define KWTUPLE (&_kwtuple.ob_base.ob_base)
#else // !Py_BUILD_CORE
# define KWTUPLE NULL
#endif // !Py_BUILD_CORE
static const char * const _keywords[] = {"key", "msg", "digestmod", NULL};
static _PyArg_Parser _parser = {
.keywords = _keywords,
.fname = "new",
.kwtuple = KWTUPLE,
};
#undef KWTUPLE
PyObject *argsbuf[3];
Py_ssize_t noptargs = nargs + (kwnames ? PyTuple_GET_SIZE(kwnames) : 0) - 1;
PyObject *keyobj;
PyObject *msgobj = NULL;
PyObject *hash_info_ref = NULL;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser,
/*minpos*/ 1, /*maxpos*/ 3, /*minkw*/ 0, /*varpos*/ 0, argsbuf);
if (!args) {
goto exit;
}
keyobj = args[0];
if (!noptargs) {
goto skip_optional_pos;
}
if (args[1]) {
msgobj = args[1];
if (!--noptargs) {
goto skip_optional_pos;
}
}
hash_info_ref = args[2];
skip_optional_pos:
return_value = _hmac_new_impl(module, keyobj, msgobj, hash_info_ref);
exit:
return return_value;
}
PyDoc_STRVAR(_hmac_HMAC_copy__doc__,
"copy($self, /)\n"
"--\n"
"\n"
"Return a copy (\"clone\") of the HMAC object.");
#define _HMAC_HMAC_COPY_METHODDEF \
{"copy", _PyCFunction_CAST(_hmac_HMAC_copy), METH_METHOD|METH_FASTCALL|METH_KEYWORDS, _hmac_HMAC_copy__doc__},
static PyObject *
_hmac_HMAC_copy_impl(HMACObject *self, PyTypeObject *cls);
static PyObject *
_hmac_HMAC_copy(PyObject *self, PyTypeObject *cls, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
if (nargs || (kwnames && PyTuple_GET_SIZE(kwnames))) {
PyErr_SetString(PyExc_TypeError, "copy() takes no arguments");
return NULL;
}
return _hmac_HMAC_copy_impl((HMACObject *)self, cls);
}
PyDoc_STRVAR(_hmac_HMAC_update__doc__,
"update($self, /, msg)\n"
"--\n"
"\n"
"Update the HMAC object with the given message.");
#define _HMAC_HMAC_UPDATE_METHODDEF \
{"update", _PyCFunction_CAST(_hmac_HMAC_update), METH_FASTCALL|METH_KEYWORDS, _hmac_HMAC_update__doc__},
static PyObject *
_hmac_HMAC_update_impl(HMACObject *self, PyObject *msgobj);
static PyObject *
_hmac_HMAC_update(PyObject *self, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
#if defined(Py_BUILD_CORE) && !defined(Py_BUILD_CORE_MODULE)
#define NUM_KEYWORDS 1
static struct {
PyGC_Head _this_is_not_used;
PyObject_VAR_HEAD
Py_hash_t ob_hash;
PyObject *ob_item[NUM_KEYWORDS];
} _kwtuple = {
.ob_base = PyVarObject_HEAD_INIT(&PyTuple_Type, NUM_KEYWORDS)
.ob_hash = -1,
.ob_item = { &_Py_ID(msg), },
};
#undef NUM_KEYWORDS
#define KWTUPLE (&_kwtuple.ob_base.ob_base)
#else // !Py_BUILD_CORE
# define KWTUPLE NULL
#endif // !Py_BUILD_CORE
static const char * const _keywords[] = {"msg", NULL};
static _PyArg_Parser _parser = {
.keywords = _keywords,
.fname = "update",
.kwtuple = KWTUPLE,
};
#undef KWTUPLE
PyObject *argsbuf[1];
PyObject *msgobj;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser,
/*minpos*/ 1, /*maxpos*/ 1, /*minkw*/ 0, /*varpos*/ 0, argsbuf);
if (!args) {
goto exit;
}
msgobj = args[0];
return_value = _hmac_HMAC_update_impl((HMACObject *)self, msgobj);
exit:
return return_value;
}
PyDoc_STRVAR(_hmac_HMAC_digest__doc__,
"digest($self, /)\n"
"--\n"
"\n"
"Return the digest of the bytes passed to the update() method so far.\n"
"\n"
"This method may raise a MemoryError.");
#define _HMAC_HMAC_DIGEST_METHODDEF \
{"digest", (PyCFunction)_hmac_HMAC_digest, METH_NOARGS, _hmac_HMAC_digest__doc__},
static PyObject *
_hmac_HMAC_digest_impl(HMACObject *self);
static PyObject *
_hmac_HMAC_digest(PyObject *self, PyObject *Py_UNUSED(ignored))
{
return _hmac_HMAC_digest_impl((HMACObject *)self);
}
PyDoc_STRVAR(_hmac_HMAC_hexdigest__doc__,
"hexdigest($self, /)\n"
"--\n"
"\n"
"Return hexadecimal digest of the bytes passed to the update() method so far.\n"
"\n"
"This may be used to exchange the value safely in email or other non-binary\n"
"environments.\n"
"\n"
"This method may raise a MemoryError.");
#define _HMAC_HMAC_HEXDIGEST_METHODDEF \
{"hexdigest", (PyCFunction)_hmac_HMAC_hexdigest, METH_NOARGS, _hmac_HMAC_hexdigest__doc__},
static PyObject *
_hmac_HMAC_hexdigest_impl(HMACObject *self);
static PyObject *
_hmac_HMAC_hexdigest(PyObject *self, PyObject *Py_UNUSED(ignored))
{
return _hmac_HMAC_hexdigest_impl((HMACObject *)self);
}
#if !defined(_hmac_HMAC_name_DOCSTR)
# define _hmac_HMAC_name_DOCSTR NULL
#endif
#if defined(_HMAC_HMAC_NAME_GETSETDEF)
# undef _HMAC_HMAC_NAME_GETSETDEF
# define _HMAC_HMAC_NAME_GETSETDEF {"name", (getter)_hmac_HMAC_name_get, (setter)_hmac_HMAC_name_set, _hmac_HMAC_name_DOCSTR},
#else
# define _HMAC_HMAC_NAME_GETSETDEF {"name", (getter)_hmac_HMAC_name_get, NULL, _hmac_HMAC_name_DOCSTR},
#endif
static PyObject *
_hmac_HMAC_name_get_impl(HMACObject *self);
static PyObject *
_hmac_HMAC_name_get(PyObject *self, void *Py_UNUSED(context))
{
return _hmac_HMAC_name_get_impl((HMACObject *)self);
}
#if !defined(_hmac_HMAC_block_size_DOCSTR)
# define _hmac_HMAC_block_size_DOCSTR NULL
#endif
#if defined(_HMAC_HMAC_BLOCK_SIZE_GETSETDEF)
# undef _HMAC_HMAC_BLOCK_SIZE_GETSETDEF
# define _HMAC_HMAC_BLOCK_SIZE_GETSETDEF {"block_size", (getter)_hmac_HMAC_block_size_get, (setter)_hmac_HMAC_block_size_set, _hmac_HMAC_block_size_DOCSTR},
#else
# define _HMAC_HMAC_BLOCK_SIZE_GETSETDEF {"block_size", (getter)_hmac_HMAC_block_size_get, NULL, _hmac_HMAC_block_size_DOCSTR},
#endif
static PyObject *
_hmac_HMAC_block_size_get_impl(HMACObject *self);
static PyObject *
_hmac_HMAC_block_size_get(PyObject *self, void *Py_UNUSED(context))
{
return _hmac_HMAC_block_size_get_impl((HMACObject *)self);
}
#if !defined(_hmac_HMAC_digest_size_DOCSTR)
# define _hmac_HMAC_digest_size_DOCSTR NULL
#endif
#if defined(_HMAC_HMAC_DIGEST_SIZE_GETSETDEF)
# undef _HMAC_HMAC_DIGEST_SIZE_GETSETDEF
# define _HMAC_HMAC_DIGEST_SIZE_GETSETDEF {"digest_size", (getter)_hmac_HMAC_digest_size_get, (setter)_hmac_HMAC_digest_size_set, _hmac_HMAC_digest_size_DOCSTR},
#else
# define _HMAC_HMAC_DIGEST_SIZE_GETSETDEF {"digest_size", (getter)_hmac_HMAC_digest_size_get, NULL, _hmac_HMAC_digest_size_DOCSTR},
#endif
static PyObject *
_hmac_HMAC_digest_size_get_impl(HMACObject *self);
static PyObject *
_hmac_HMAC_digest_size_get(PyObject *self, void *Py_UNUSED(context))
{
return _hmac_HMAC_digest_size_get_impl((HMACObject *)self);
}
PyDoc_STRVAR(_hmac_compute_digest__doc__,
"compute_digest($module, /, key, msg, digest)\n"
"--\n"
"\n");
#define _HMAC_COMPUTE_DIGEST_METHODDEF \
{"compute_digest", _PyCFunction_CAST(_hmac_compute_digest), METH_FASTCALL|METH_KEYWORDS, _hmac_compute_digest__doc__},
static PyObject *
_hmac_compute_digest_impl(PyObject *module, PyObject *key, PyObject *msg,
PyObject *digest);
static PyObject *
_hmac_compute_digest(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames)
{
PyObject *return_value = NULL;
#if defined(Py_BUILD_CORE) && !defined(Py_BUILD_CORE_MODULE)
#define NUM_KEYWORDS 3
static struct {
PyGC_Head _this_is_not_used;
PyObject_VAR_HEAD
Py_hash_t ob_hash;
PyObject *ob_item[NUM_KEYWORDS];
} _kwtuple = {
.ob_base = PyVarObject_HEAD_INIT(&PyTuple_Type, NUM_KEYWORDS)
.ob_hash = -1,
.ob_item = { &_Py_ID(key), &_Py_ID(msg), &_Py_ID(digest), },
};
#undef NUM_KEYWORDS
#define KWTUPLE (&_kwtuple.ob_base.ob_base)
#else // !Py_BUILD_CORE
# define KWTUPLE NULL
#endif // !Py_BUILD_CORE
static const char * const _keywords[] = {"key", "msg", "digest", NULL};
static _PyArg_Parser _parser = {
.keywords = _keywords,
.fname = "compute_digest",
.kwtuple = KWTUPLE,
};
#undef KWTUPLE
PyObject *argsbuf[3];
PyObject *key;
PyObject *msg;
PyObject *digest;
args = _PyArg_UnpackKeywords(args, nargs, NULL, kwnames, &_parser,
/*minpos*/ 3, /*maxpos*/ 3, /*minkw*/ 0, /*varpos*/ 0, argsbuf);
if (!args) {
goto exit;
}
key = args[0];
msg = args[1];
digest = args[2];
return_value = _hmac_compute_digest_impl(module, key, msg, digest);
exit:
return return_value;
}
PyDoc_STRVAR(_hmac_compute_md5__doc__,
"compute_md5($module, key, msg, /)\n"
"--\n"
"\n");
#define _HMAC_COMPUTE_MD5_METHODDEF \
{"compute_md5", _PyCFunction_CAST(_hmac_compute_md5), METH_FASTCALL, _hmac_compute_md5__doc__},
static PyObject *
_hmac_compute_md5_impl(PyObject *module, PyObject *key, PyObject *msg);
static PyObject *
_hmac_compute_md5(PyObject *module, PyObject *const *args, Py_ssize_t nargs)
{
PyObject *return_value = NULL;
PyObject *key;
PyObject *msg;
if (!_PyArg_CheckPositional("compute_md5", nargs, 2, 2)) {
goto exit;
}
key = args[0];
msg = args[1];
return_value = _hmac_compute_md5_impl(module, key, msg);
exit:
return return_value;
}
PyDoc_STRVAR(_hmac_compute_sha1__doc__,
"compute_sha1($module, key, msg, /)\n"
"--\n"
"\n");
#define _HMAC_COMPUTE_SHA1_METHODDEF \
{"compute_sha1", _PyCFunction_CAST(_hmac_compute_sha1), METH_FASTCALL, _hmac_compute_sha1__doc__},
static PyObject *
_hmac_compute_sha1_impl(PyObject *module, PyObject *key, PyObject *msg);
static PyObject *
_hmac_compute_sha1(PyObject *module, PyObject *const *args, Py_ssize_t nargs)
{
PyObject *return_value = NULL;
PyObject *key;
PyObject *msg;
if (!_PyArg_CheckPositional("compute_sha1", nargs, 2, 2)) {
goto exit;
}
key = args[0];
msg = args[1];
return_value = _hmac_compute_sha1_impl(module, key, msg);
exit:
return return_value;
}
PyDoc_STRVAR(_hmac_compute_sha2_224__doc__,
"compute_sha224($module, key, msg, /)\n"
"--\n"
"\n");
#define _HMAC_COMPUTE_SHA2_224_METHODDEF \
{"compute_sha224", _PyCFunction_CAST(_hmac_compute_sha2_224), METH_FASTCALL, _hmac_compute_sha2_224__doc__},
static PyObject *
_hmac_compute_sha2_224_impl(PyObject *module, PyObject *key, PyObject *msg);
static PyObject *
_hmac_compute_sha2_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs)
{
PyObject *return_value = NULL;
PyObject *key;
PyObject *msg;
if (!_PyArg_CheckPositional("compute_sha224", nargs, 2, 2)) {
goto exit;
}
key = args[0];
msg = args[1];
return_value = _hmac_compute_sha2_224_impl(module, key, msg);
exit:
return return_value;
}
PyDoc_STRVAR(_hmac_compute_sha2_256__doc__,
"compute_sha256($module, key, msg, /)\n"
"--\n"
"\n");
#define _HMAC_COMPUTE_SHA2_256_METHODDEF \
{"compute_sha256", _PyCFunction_CAST(_hmac_compute_sha2_256), METH_FASTCALL, _hmac_compute_sha2_256__doc__},
static PyObject *
_hmac_compute_sha2_256_impl(PyObject *module, PyObject *key, PyObject *msg);
static PyObject *
_hmac_compute_sha2_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs)
{
PyObject *return_value = NULL;
PyObject *key;
PyObject *msg;
if (!_PyArg_CheckPositional("compute_sha256", nargs, 2, 2)) {
goto exit;
}
key = args[0];
msg = args[1];
return_value = _hmac_compute_sha2_256_impl(module, key, msg);
exit:
return return_value;
}
PyDoc_STRVAR(_hmac_compute_sha2_384__doc__,
"compute_sha384($module, key, msg, /)\n"
"--\n"
"\n");
#define _HMAC_COMPUTE_SHA2_384_METHODDEF \
{"compute_sha384", _PyCFunction_CAST(_hmac_compute_sha2_384), METH_FASTCALL, _hmac_compute_sha2_384__doc__},
static PyObject *
_hmac_compute_sha2_384_impl(PyObject *module, PyObject *key, PyObject *msg);
static PyObject *
_hmac_compute_sha2_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs)
{
PyObject *return_value = NULL;
PyObject *key;
PyObject *msg;
if (!_PyArg_CheckPositional("compute_sha384", nargs, 2, 2)) {
goto exit;
}
key = args[0];
msg = args[1];
return_value = _hmac_compute_sha2_384_impl(module, key, msg);
exit:
return return_value;
}
PyDoc_STRVAR(_hmac_compute_sha2_512__doc__,
"compute_sha512($module, key, msg, /)\n"
"--\n"
"\n");
#define _HMAC_COMPUTE_SHA2_512_METHODDEF \
{"compute_sha512", _PyCFunction_CAST(_hmac_compute_sha2_512), METH_FASTCALL, _hmac_compute_sha2_512__doc__},
static PyObject *
_hmac_compute_sha2_512_impl(PyObject *module, PyObject *key, PyObject *msg);
static PyObject *
_hmac_compute_sha2_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs)
{
PyObject *return_value = NULL;
PyObject *key;
PyObject *msg;
if (!_PyArg_CheckPositional("compute_sha512", nargs, 2, 2)) {
goto exit;
}
key = args[0];
msg = args[1];
return_value = _hmac_compute_sha2_512_impl(module, key, msg);
exit:
return return_value;
}
PyDoc_STRVAR(_hmac_compute_sha3_224__doc__,
"compute_sha3_224($module, key, msg, /)\n"
"--\n"
"\n");
#define _HMAC_COMPUTE_SHA3_224_METHODDEF \
{"compute_sha3_224", _PyCFunction_CAST(_hmac_compute_sha3_224), METH_FASTCALL, _hmac_compute_sha3_224__doc__},
static PyObject *
_hmac_compute_sha3_224_impl(PyObject *module, PyObject *key, PyObject *msg);
static PyObject *
_hmac_compute_sha3_224(PyObject *module, PyObject *const *args, Py_ssize_t nargs)
{
PyObject *return_value = NULL;
PyObject *key;
PyObject *msg;
if (!_PyArg_CheckPositional("compute_sha3_224", nargs, 2, 2)) {
goto exit;
}
key = args[0];
msg = args[1];
return_value = _hmac_compute_sha3_224_impl(module, key, msg);
exit:
return return_value;
}
PyDoc_STRVAR(_hmac_compute_sha3_256__doc__,
"compute_sha3_256($module, key, msg, /)\n"
"--\n"
"\n");
#define _HMAC_COMPUTE_SHA3_256_METHODDEF \
{"compute_sha3_256", _PyCFunction_CAST(_hmac_compute_sha3_256), METH_FASTCALL, _hmac_compute_sha3_256__doc__},
static PyObject *
_hmac_compute_sha3_256_impl(PyObject *module, PyObject *key, PyObject *msg);
static PyObject *
_hmac_compute_sha3_256(PyObject *module, PyObject *const *args, Py_ssize_t nargs)
{
PyObject *return_value = NULL;
PyObject *key;
PyObject *msg;
if (!_PyArg_CheckPositional("compute_sha3_256", nargs, 2, 2)) {
goto exit;
}
key = args[0];
msg = args[1];
return_value = _hmac_compute_sha3_256_impl(module, key, msg);
exit:
return return_value;
}
PyDoc_STRVAR(_hmac_compute_sha3_384__doc__,
"compute_sha3_384($module, key, msg, /)\n"
"--\n"
"\n");
#define _HMAC_COMPUTE_SHA3_384_METHODDEF \
{"compute_sha3_384", _PyCFunction_CAST(_hmac_compute_sha3_384), METH_FASTCALL, _hmac_compute_sha3_384__doc__},
static PyObject *
_hmac_compute_sha3_384_impl(PyObject *module, PyObject *key, PyObject *msg);
static PyObject *
_hmac_compute_sha3_384(PyObject *module, PyObject *const *args, Py_ssize_t nargs)
{
PyObject *return_value = NULL;
PyObject *key;
PyObject *msg;
if (!_PyArg_CheckPositional("compute_sha3_384", nargs, 2, 2)) {
goto exit;
}
key = args[0];
msg = args[1];
return_value = _hmac_compute_sha3_384_impl(module, key, msg);
exit:
return return_value;
}
PyDoc_STRVAR(_hmac_compute_sha3_512__doc__,
"compute_sha3_512($module, key, msg, /)\n"
"--\n"
"\n");
#define _HMAC_COMPUTE_SHA3_512_METHODDEF \
{"compute_sha3_512", _PyCFunction_CAST(_hmac_compute_sha3_512), METH_FASTCALL, _hmac_compute_sha3_512__doc__},
static PyObject *
_hmac_compute_sha3_512_impl(PyObject *module, PyObject *key, PyObject *msg);
static PyObject *
_hmac_compute_sha3_512(PyObject *module, PyObject *const *args, Py_ssize_t nargs)
{
PyObject *return_value = NULL;
PyObject *key;
PyObject *msg;
if (!_PyArg_CheckPositional("compute_sha3_512", nargs, 2, 2)) {
goto exit;
}
key = args[0];
msg = args[1];
return_value = _hmac_compute_sha3_512_impl(module, key, msg);
exit:
return return_value;
}
PyDoc_STRVAR(_hmac_compute_blake2s_32__doc__,
"compute_blake2s_32($module, key, msg, /)\n"
"--\n"
"\n");
#define _HMAC_COMPUTE_BLAKE2S_32_METHODDEF \
{"compute_blake2s_32", _PyCFunction_CAST(_hmac_compute_blake2s_32), METH_FASTCALL, _hmac_compute_blake2s_32__doc__},
static PyObject *
_hmac_compute_blake2s_32_impl(PyObject *module, PyObject *key, PyObject *msg);
static PyObject *
_hmac_compute_blake2s_32(PyObject *module, PyObject *const *args, Py_ssize_t nargs)
{
PyObject *return_value = NULL;
PyObject *key;
PyObject *msg;
if (!_PyArg_CheckPositional("compute_blake2s_32", nargs, 2, 2)) {
goto exit;
}
key = args[0];
msg = args[1];
return_value = _hmac_compute_blake2s_32_impl(module, key, msg);
exit:
return return_value;
}
PyDoc_STRVAR(_hmac_compute_blake2b_32__doc__,
"compute_blake2b_32($module, key, msg, /)\n"
"--\n"
"\n");
#define _HMAC_COMPUTE_BLAKE2B_32_METHODDEF \
{"compute_blake2b_32", _PyCFunction_CAST(_hmac_compute_blake2b_32), METH_FASTCALL, _hmac_compute_blake2b_32__doc__},
static PyObject *
_hmac_compute_blake2b_32_impl(PyObject *module, PyObject *key, PyObject *msg);
static PyObject *
_hmac_compute_blake2b_32(PyObject *module, PyObject *const *args, Py_ssize_t nargs)
{
PyObject *return_value = NULL;
PyObject *key;
PyObject *msg;
if (!_PyArg_CheckPositional("compute_blake2b_32", nargs, 2, 2)) {
goto exit;
}
key = args[0];
msg = args[1];
return_value = _hmac_compute_blake2b_32_impl(module, key, msg);
exit:
return return_value;
}
/*[clinic end generated code: output=30c0614482d963f5 input=a9049054013a1b77]*/

1758
Modules/hmacmodule.c Normal file
View file

File diff suppressed because it is too large Load diff

30
PC/config.c
View file

@ -14,19 +14,24 @@ extern PyObject* PyInit_faulthandler(void);
extern PyObject* PyInit__tracemalloc(void);
extern PyObject* PyInit_gc(void);
extern PyObject* PyInit_math(void);
extern PyObject* PyInit__md5(void);
extern PyObject* PyInit_nt(void);
extern PyObject* PyInit__operator(void);
extern PyObject* PyInit__signal(void);
extern PyObject* PyInit__sha1(void);
extern PyObject* PyInit__sha2(void);
extern PyObject* PyInit__sha3(void);
extern PyObject* PyInit__statistics(void);
extern PyObject* PyInit__sysconfig(void);
extern PyObject* PyInit__typing(void);
extern PyObject* PyInit__blake2(void);
extern PyObject* PyInit_time(void);
extern PyObject* PyInit__thread(void);
/* cryptographic hash functions */
extern PyObject* PyInit__blake2(void);
extern PyObject* PyInit__md5(void);
extern PyObject* PyInit__sha1(void);
extern PyObject* PyInit__sha2(void);
extern PyObject* PyInit__sha3(void);
/* other cryptographic primitives */
extern PyObject* PyInit__hmac(void);
#ifdef WIN32
extern PyObject* PyInit_msvcrt(void);
extern PyObject* PyInit__locale(void);
@ -98,17 +103,22 @@ struct _inittab _PyImport_Inittab[] = {
{"nt", PyInit_nt}, /* Use the NT os functions, not posix */
{"_operator", PyInit__operator},
{"_signal", PyInit__signal},
{"_md5", PyInit__md5},
{"_sha1", PyInit__sha1},
{"_sha2", PyInit__sha2},
{"_sha3", PyInit__sha3},
{"_blake2", PyInit__blake2},
{"_sysconfig", PyInit__sysconfig},
{"time", PyInit_time},
{"_thread", PyInit__thread},
{"_tokenize", PyInit__tokenize},
{"_typing", PyInit__typing},
{"_statistics", PyInit__statistics},
/* cryptographic hash functions */
{"_blake2", PyInit__blake2},
{"_md5", PyInit__md5},
{"_sha1", PyInit__sha1},
{"_sha2", PyInit__sha2},
{"_sha3", PyInit__sha3},
/* other cryptographic primitives */
{"_hmac", PyInit__hmac},
#ifdef WIN32
{"msvcrt", PyInit_msvcrt},
{"_locale", PyInit__locale},

3
PCbuild/pythoncore.vcxproj
View file

@ -428,6 +428,8 @@
<ClCompile Include="..\Modules\_hacl\Hacl_Hash_SHA1.c" />
<ClCompile Include="..\Modules\_hacl\Hacl_Hash_SHA2.c" />
<ClCompile Include="..\Modules\_hacl\Hacl_Hash_SHA3.c" />
<ClCompile Include="..\Modules\_hacl\Hacl_HMAC.c" />
<ClCompile Include="..\Modules\_hacl\Hacl_Streaming_HMAC.c" />
<ClCompile Include="..\Modules\_hacl\Lib_Memzero0.c" />
<ClCompile Include="..\Modules\_hacl\Hacl_Hash_Blake2b.c" />
<ClCompile Include="..\Modules\_hacl\Hacl_Hash_Blake2s.c" />
@ -464,6 +466,7 @@
<ClCompile Include="..\Modules\faulthandler.c" />
<ClCompile Include="..\Modules\gcmodule.c" />
<ClCompile Include="..\Modules\getbuildinfo.c" />
<ClCompile Include="..\Modules\hmacmodule.c" />
<ClCompile Include="..\Modules\itertoolsmodule.c" />
<ClCompile Include="..\Modules\main.c" />
<ClCompile Include="..\Modules\mathmodule.c" />

12
PCbuild/pythoncore.vcxproj.filters
View file

@ -959,6 +959,12 @@
<ClCompile Include="..\Modules\_hacl\Hacl_Hash_SHA3.c">
<Filter>Modules</Filter>
</ClCompile>
<ClCompile Include="..\Modules\_hacl\Hacl_HMAC.c">
<Filter>Modules</Filter>
</ClCompile>
<ClCompile Include="..\Modules\_hacl\Hacl_Streaming_HMAC.c">
<Filter>Modules</Filter>
</ClCompile>
<ClCompile Include="..\Modules\_heapqmodule.c">
<Filter>Modules</Filter>
</ClCompile>
@ -1013,6 +1019,9 @@
<ClCompile Include="..\Modules\binascii.c">
<Filter>Modules</Filter>
</ClCompile>
<ClCompile Include="..\Modules\blake2module.c">
<Filter>Modules</Filter>
</ClCompile>
<ClCompile Include="..\Modules\cmathmodule.c">
<Filter>Modules</Filter>
</ClCompile>
@ -1028,6 +1037,9 @@
<ClCompile Include="..\Modules\gcmodule.c">
<Filter>Modules</Filter>
</ClCompile>
<ClCompile Include="..\Modules\hmacmodule.c">
<Filter>Modules</Filter>
</ClCompile>
<ClCompile Include="..\Modules\itertoolsmodule.c">
<Filter>Modules</Filter>
</ClCompile>

1
Python/stdlib_module_names.h generated
View file

@ -40,6 +40,7 @@ static const char* _Py_stdlib_module_names[] = {
"_gdbm",
"_hashlib",
"_heapq",
"_hmac",
"_imp",
"_interpchannels",
"_interpqueues",

1
Tools/c-analyzer/cpython/_parser.py
View file

@ -126,6 +126,7 @@ Modules/sha1module.c Modules/_hacl/include
Modules/sha2module.c Modules/_hacl/include
Modules/sha3module.c Modules/_hacl/include
Modules/blake2module.c Modules/_hacl/include
Modules/hmacmodule.c Modules/_hacl/include
Objects/stringlib/*.h Objects
# possible system-installed headers, just in case

1
Tools/c-analyzer/cpython/ignored.tsv
View file

@ -308,6 +308,7 @@ Modules/cmathmodule.c - tanh_special_values -
Modules/config.c - _PyImport_Inittab -
Modules/faulthandler.c - faulthandler_handlers -
Modules/getnameinfo.c - gni_afdl -
Modules/hmacmodule.c - py_hmac_static_hinfo -
Modules/posixmodule.c os_getxattr_impl buffer_sizes -
Modules/posixmodule.c os_listxattr_impl buffer_sizes -
Modules/posixmodule.c - posix_constants_confstr -

Can't render this file because it has a wrong number of fields in line 4.

47
configure generated vendored
View file

@ -706,6 +706,8 @@ MODULE__CURSES_FALSE
MODULE__CURSES_TRUE
MODULE__CTYPES_FALSE
MODULE__CTYPES_TRUE
MODULE__HMAC_FALSE
MODULE__HMAC_TRUE
LIBHACL_SIMD256_OBJS
LIBHACL_SIMD256_FLAGS
LIBHACL_SIMD128_OBJS
@ -32267,6 +32269,47 @@ fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _hmac" >&5
printf %s "checking for stdlib extension module _hmac... " >&6; }
if test "$py_cv_module__hmac" != "n/a"
then :
if true
then :
if true
then :
py_cv_module__hmac=yes
else case e in #(
e) py_cv_module__hmac=missing ;;
esac
fi
else case e in #(
e) py_cv_module__hmac=disabled ;;
esac
fi
fi
as_fn_append MODULE_BLOCK "MODULE__HMAC_STATE=$py_cv_module__hmac$as_nl"
if test "x$py_cv_module__hmac" = xyes
then :
as_fn_append MODULE_BLOCK "MODULE__HMAC_CFLAGS=$LIBHACL_CFLAGS$as_nl"
as_fn_append MODULE_BLOCK "MODULE__HMAC_LDFLAGS=$LIBHACL_CFLAGS Modules/_hacl/libHacl_HMAC.a$as_nl"
fi
if test "$py_cv_module__hmac" = yes; then
MODULE__HMAC_TRUE=
MODULE__HMAC_FALSE='#'
else
MODULE__HMAC_TRUE='#'
MODULE__HMAC_FALSE=
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $py_cv_module__hmac" >&5
printf "%s\n" "$py_cv_module__hmac" >&6; }
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for stdlib extension module _ctypes" >&5
printf %s "checking for stdlib extension module _ctypes... " >&6; }
if test "$py_cv_module__ctypes" != "n/a"
@ -33820,6 +33863,10 @@ if test -z "${MODULE__BLAKE2_TRUE}" && test -z "${MODULE__BLAKE2_FALSE}"; then
as_fn_error $? "conditional \"MODULE__BLAKE2\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${MODULE__HMAC_TRUE}" && test -z "${MODULE__HMAC_FALSE}"; then
as_fn_error $? "conditional \"MODULE__HMAC\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${MODULE__CTYPES_TRUE}" && test -z "${MODULE__CTYPES_FALSE}"; then
as_fn_error $? "conditional \"MODULE__CTYPES\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5

7
configure.ac
View file

@ -7920,6 +7920,13 @@ fi
AC_SUBST([LIBHACL_SIMD256_FLAGS])
AC_SUBST([LIBHACL_SIMD256_OBJS])
dnl HMAC builtin library does not need OpenSSL for now. In the future
dnl we might want to rely on OpenSSL EVP/NID interface or implement
dnl our own for algorithm resolution.
PY_STDLIB_MOD([_hmac], [], [],
[$LIBHACL_CFLAGS],
[$LIBHACL_CFLAGS Modules/_hacl/libHacl_HMAC.a])
PY_STDLIB_MOD([_ctypes],
[], [test "$have_libffi" = yes],
[$NO_STRICT_OVERFLOW_CFLAGS $LIBFFI_CFLAGS], [$LIBFFI_LIBS])