1 | /* SHA3 module |
2 | * |
3 | * This module provides an interface to the SHA3 algorithm |
4 | * |
5 | * See below for information about the original code this module was |
6 | * based upon. Additional work performed by: |
7 | * |
8 | * Andrew Kuchling ([email protected]) |
9 | * Greg Stein ([email protected]) |
10 | * Trevor Perrin ([email protected]) |
11 | * Gregory P. Smith ([email protected]) |
12 | * |
13 | * Copyright (C) 2012-2016 Christian Heimes ([email protected]) |
14 | * Licensed to PSF under a Contributor Agreement. |
15 | * |
16 | */ |
17 | |
18 | #include "Python.h" |
19 | #include "pystrhex.h" |
20 | #include "../hashlib.h" |
21 | |
22 | /* ************************************************************************** |
23 | * SHA-3 (Keccak) and SHAKE |
24 | * |
25 | * The code is based on KeccakCodePackage from 2016-04-23 |
26 | * commit 647f93079afc4ada3d23737477a6e52511ca41fd |
27 | * |
28 | * The reference implementation is altered in this points: |
29 | * - C++ comments are converted to ANSI C comments. |
30 | * - all function names are mangled |
31 | * - typedef for UINT64 is commented out. |
32 | * - brg_endian.h is removed |
33 | * |
34 | * *************************************************************************/ |
35 | |
36 | #ifdef __sparc |
37 | /* opt64 uses un-aligned memory access that causes a BUS error with msg |
38 | * 'invalid address alignment' on SPARC. */ |
39 | #define KeccakOpt 32 |
40 | #elif PY_BIG_ENDIAN |
41 | /* opt64 is not yet supported on big endian platforms */ |
42 | #define KeccakOpt 32 |
43 | #elif SIZEOF_VOID_P == 8 |
44 | /* opt64 works only on little-endian 64bit platforms with unsigned int64 */ |
45 | #define KeccakOpt 64 |
46 | #else |
47 | /* opt32 is used for the remaining 32 and 64bit platforms */ |
48 | #define KeccakOpt 32 |
49 | #endif |
50 | |
51 | #if KeccakOpt == 64 |
52 | /* 64bit platforms with unsigned int64 */ |
53 | typedef uint64_t UINT64; |
54 | typedef unsigned char UINT8; |
55 | #endif |
56 | |
57 | /* replacement for brg_endian.h */ |
58 | #define IS_LITTLE_ENDIAN 1234 |
59 | #define IS_BIG_ENDIAN 4321 |
60 | #if PY_LITTLE_ENDIAN |
61 | #define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN |
62 | #endif |
63 | #if PY_BIG_ENDIAN |
64 | #define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN |
65 | #endif |
66 | |
67 | /* Prevent bus errors on platforms requiring aligned accesses such ARM. */ |
68 | #if HAVE_ALIGNED_REQUIRED && !defined(NO_MISALIGNED_ACCESSES) |
69 | #define NO_MISALIGNED_ACCESSES |
70 | #endif |
71 | |
72 | /* mangle names */ |
73 | #define KeccakF1600_FastLoop_Absorb _PySHA3_KeccakF1600_FastLoop_Absorb |
74 | #define Keccak_HashFinal _PySHA3_Keccak_HashFinal |
75 | #define Keccak_HashInitialize _PySHA3_Keccak_HashInitialize |
76 | #define Keccak_HashSqueeze _PySHA3_Keccak_HashSqueeze |
77 | #define Keccak_HashUpdate _PySHA3_Keccak_HashUpdate |
78 | #define KeccakP1600_AddBytes _PySHA3_KeccakP1600_AddBytes |
79 | #define KeccakP1600_AddBytesInLane _PySHA3_KeccakP1600_AddBytesInLane |
80 | #define KeccakP1600_AddLanes _PySHA3_KeccakP1600_AddLanes |
81 | #define KeccakP1600_ExtractAndAddBytes _PySHA3_KeccakP1600_ExtractAndAddBytes |
82 | #define KeccakP1600_ExtractAndAddBytesInLane _PySHA3_KeccakP1600_ExtractAndAddBytesInLane |
83 | #define KeccakP1600_ExtractAndAddLanes _PySHA3_KeccakP1600_ExtractAndAddLanes |
84 | #define _PySHA3_KeccakP1600_ExtractBytes |
85 | #define _PySHA3_KeccakP1600_ExtractBytesInLane |
86 | #define _PySHA3_KeccakP1600_ExtractLanes |
87 | #define KeccakP1600_Initialize _PySHA3_KeccakP1600_Initialize |
88 | #define KeccakP1600_OverwriteBytes _PySHA3_KeccakP1600_OverwriteBytes |
89 | #define KeccakP1600_OverwriteBytesInLane _PySHA3_KeccakP1600_OverwriteBytesInLane |
90 | #define KeccakP1600_OverwriteLanes _PySHA3_KeccakP1600_OverwriteLanes |
91 | #define KeccakP1600_OverwriteWithZeroes _PySHA3_KeccakP1600_OverwriteWithZeroes |
92 | #define KeccakP1600_Permute_12rounds _PySHA3_KeccakP1600_Permute_12rounds |
93 | #define KeccakP1600_Permute_24rounds _PySHA3_KeccakP1600_Permute_24rounds |
94 | #define KeccakWidth1600_Sponge _PySHA3_KeccakWidth1600_Sponge |
95 | #define KeccakWidth1600_SpongeAbsorb _PySHA3_KeccakWidth1600_SpongeAbsorb |
96 | #define KeccakWidth1600_SpongeAbsorbLastFewBits _PySHA3_KeccakWidth1600_SpongeAbsorbLastFewBits |
97 | #define KeccakWidth1600_SpongeInitialize _PySHA3_KeccakWidth1600_SpongeInitialize |
98 | #define KeccakWidth1600_SpongeSqueeze _PySHA3_KeccakWidth1600_SpongeSqueeze |
99 | #if KeccakOpt == 32 |
100 | #define KeccakP1600_AddByte _PySHA3_KeccakP1600_AddByte |
101 | #define KeccakP1600_Permute_Nrounds _PySHA3_KeccakP1600_Permute_Nrounds |
102 | #define KeccakP1600_SetBytesInLaneToZero _PySHA3_KeccakP1600_SetBytesInLaneToZero |
103 | #endif |
104 | |
105 | /* we are only interested in KeccakP1600 */ |
106 | #define KeccakP200_excluded 1 |
107 | #define KeccakP400_excluded 1 |
108 | #define KeccakP800_excluded 1 |
109 | |
110 | /* inline all Keccak dependencies */ |
111 | #include "kcp/KeccakHash.h" |
112 | #include "kcp/KeccakSponge.h" |
113 | #include "kcp/KeccakHash.c" |
114 | #include "kcp/KeccakSponge.c" |
115 | #if KeccakOpt == 64 |
116 | #include "kcp/KeccakP-1600-opt64.c" |
117 | #elif KeccakOpt == 32 |
118 | #include "kcp/KeccakP-1600-inplace32BI.c" |
119 | #endif |
120 | |
121 | #define SHA3_MAX_DIGESTSIZE 64 /* 64 Bytes (512 Bits) for 224 to 512 */ |
122 | #define SHA3_LANESIZE (20 * 8) /* ExtractLane needs max uint64_t[20] extra. */ |
123 | #define SHA3_state Keccak_HashInstance |
124 | #define SHA3_init Keccak_HashInitialize |
125 | #define SHA3_process Keccak_HashUpdate |
126 | #define SHA3_done Keccak_HashFinal |
127 | #define SHA3_squeeze Keccak_HashSqueeze |
128 | #define SHA3_copystate(dest, src) memcpy(&(dest), &(src), sizeof(SHA3_state)) |
129 | |
130 | typedef struct { |
131 | PyTypeObject *sha3_224_type; |
132 | PyTypeObject *sha3_256_type; |
133 | PyTypeObject *sha3_384_type; |
134 | PyTypeObject *sha3_512_type; |
135 | #ifdef PY_WITH_KECCAK |
136 | PyTypeObject *keccak_224_type; |
137 | PyTypeObject *keccak_256_type; |
138 | PyTypeObject *keccak_384_type; |
139 | PyTypeObject *keccak_512_type; |
140 | #endif |
141 | PyTypeObject *shake_128_type; |
142 | PyTypeObject *shake_256_type; |
143 | } SHA3State; |
144 | |
145 | static inline SHA3State* |
146 | sha3_get_state(PyObject *module) |
147 | { |
148 | void *state = PyModule_GetState(module); |
149 | assert(state != NULL); |
150 | return (SHA3State *)state; |
151 | } |
152 | |
153 | /*[clinic input] |
154 | module _sha3 |
155 | class _sha3.sha3_224 "SHA3object *" "&SHA3_224typ" |
156 | class _sha3.sha3_256 "SHA3object *" "&SHA3_256typ" |
157 | class _sha3.sha3_384 "SHA3object *" "&SHA3_384typ" |
158 | class _sha3.sha3_512 "SHA3object *" "&SHA3_512typ" |
159 | class _sha3.shake_128 "SHA3object *" "&SHAKE128type" |
160 | class _sha3.shake_256 "SHA3object *" "&SHAKE256type" |
161 | [clinic start generated code]*/ |
162 | /*[clinic end generated code: output=da39a3ee5e6b4b0d input=b8a53680f370285a]*/ |
163 | |
164 | /* The structure for storing SHA3 info */ |
165 | |
166 | typedef struct { |
167 | PyObject_HEAD |
168 | SHA3_state hash_state; |
169 | PyThread_type_lock lock; |
170 | } SHA3object; |
171 | |
172 | #include "clinic/sha3module.c.h" |
173 | |
174 | static SHA3object * |
175 | newSHA3object(PyTypeObject *type) |
176 | { |
177 | SHA3object *newobj; |
178 | newobj = (SHA3object *)PyObject_New(SHA3object, type); |
179 | if (newobj == NULL) { |
180 | return NULL; |
181 | } |
182 | newobj->lock = NULL; |
183 | return newobj; |
184 | } |
185 | |
186 | /*[clinic input] |
187 | @classmethod |
188 | _sha3.sha3_224.__new__ as py_sha3_new |
189 | data: object(c_default="NULL") = b'' |
190 | / |
191 | * |
192 | usedforsecurity: bool = True |
193 | |
194 | Return a new BLAKE2b hash object. |
195 | [clinic start generated code]*/ |
196 | |
197 | static PyObject * |
198 | py_sha3_new_impl(PyTypeObject *type, PyObject *data, int usedforsecurity) |
199 | /*[clinic end generated code: output=90409addc5d5e8b0 input=bcfcdf2e4368347a]*/ |
200 | { |
201 | HashReturn res; |
202 | Py_buffer buf = {NULL, NULL}; |
203 | SHA3State *state = PyType_GetModuleState(type); |
204 | SHA3object *self = newSHA3object(type); |
205 | if (self == NULL) { |
206 | goto error; |
207 | } |
208 | |
209 | assert(state != NULL); |
210 | |
211 | if (type == state->sha3_224_type) { |
212 | res = Keccak_HashInitialize_SHA3_224(&self->hash_state); |
213 | } else if (type == state->sha3_256_type) { |
214 | res = Keccak_HashInitialize_SHA3_256(&self->hash_state); |
215 | } else if (type == state->sha3_384_type) { |
216 | res = Keccak_HashInitialize_SHA3_384(&self->hash_state); |
217 | } else if (type == state->sha3_512_type) { |
218 | res = Keccak_HashInitialize_SHA3_512(&self->hash_state); |
219 | #ifdef PY_WITH_KECCAK |
220 | } else if (type == state->keccak_224_type) { |
221 | res = Keccak_HashInitialize(&self->hash_state, 1152, 448, 224, 0x01); |
222 | } else if (type == state->keccak_256_type) { |
223 | res = Keccak_HashInitialize(&self->hash_state, 1088, 512, 256, 0x01); |
224 | } else if (type == state->keccak_384_type) { |
225 | res = Keccak_HashInitialize(&self->hash_state, 832, 768, 384, 0x01); |
226 | } else if (type == state->keccak_512_type) { |
227 | res = Keccak_HashInitialize(&self->hash_state, 576, 1024, 512, 0x01); |
228 | #endif |
229 | } else if (type == state->shake_128_type) { |
230 | res = Keccak_HashInitialize_SHAKE128(&self->hash_state); |
231 | } else if (type == state->shake_256_type) { |
232 | res = Keccak_HashInitialize_SHAKE256(&self->hash_state); |
233 | } else { |
234 | PyErr_BadInternalCall(); |
235 | goto error; |
236 | } |
237 | |
238 | if (res != SUCCESS) { |
239 | PyErr_SetString(PyExc_RuntimeError, |
240 | "internal error in SHA3 initialize()" ); |
241 | goto error; |
242 | } |
243 | |
244 | if (data) { |
245 | GET_BUFFER_VIEW_OR_ERROR(data, &buf, goto error); |
246 | if (buf.len >= HASHLIB_GIL_MINSIZE) { |
247 | /* invariant: New objects can't be accessed by other code yet, |
248 | * thus it's safe to release the GIL without locking the object. |
249 | */ |
250 | Py_BEGIN_ALLOW_THREADS |
251 | res = SHA3_process(&self->hash_state, buf.buf, buf.len * 8); |
252 | Py_END_ALLOW_THREADS |
253 | } |
254 | else { |
255 | res = SHA3_process(&self->hash_state, buf.buf, buf.len * 8); |
256 | } |
257 | if (res != SUCCESS) { |
258 | PyErr_SetString(PyExc_RuntimeError, |
259 | "internal error in SHA3 Update()" ); |
260 | goto error; |
261 | } |
262 | PyBuffer_Release(&buf); |
263 | } |
264 | |
265 | return (PyObject *)self; |
266 | |
267 | error: |
268 | if (self) { |
269 | Py_DECREF(self); |
270 | } |
271 | if (data && buf.obj) { |
272 | PyBuffer_Release(&buf); |
273 | } |
274 | return NULL; |
275 | } |
276 | |
277 | |
278 | /* Internal methods for a hash object */ |
279 | |
280 | static void |
281 | SHA3_dealloc(SHA3object *self) |
282 | { |
283 | if (self->lock) { |
284 | PyThread_free_lock(self->lock); |
285 | } |
286 | |
287 | PyTypeObject *tp = Py_TYPE(self); |
288 | PyObject_Free(self); |
289 | Py_DECREF(tp); |
290 | } |
291 | |
292 | |
293 | /* External methods for a hash object */ |
294 | |
295 | |
296 | /*[clinic input] |
297 | _sha3.sha3_224.copy |
298 | |
299 | Return a copy of the hash object. |
300 | [clinic start generated code]*/ |
301 | |
302 | static PyObject * |
303 | _sha3_sha3_224_copy_impl(SHA3object *self) |
304 | /*[clinic end generated code: output=6c537411ecdcda4c input=93a44aaebea51ba8]*/ |
305 | { |
306 | SHA3object *newobj; |
307 | |
308 | if ((newobj = newSHA3object(Py_TYPE(self))) == NULL) { |
309 | return NULL; |
310 | } |
311 | ENTER_HASHLIB(self); |
312 | SHA3_copystate(newobj->hash_state, self->hash_state); |
313 | LEAVE_HASHLIB(self); |
314 | return (PyObject *)newobj; |
315 | } |
316 | |
317 | |
318 | /*[clinic input] |
319 | _sha3.sha3_224.digest |
320 | |
321 | Return the digest value as a bytes object. |
322 | [clinic start generated code]*/ |
323 | |
324 | static PyObject * |
325 | _sha3_sha3_224_digest_impl(SHA3object *self) |
326 | /*[clinic end generated code: output=fd531842e20b2d5b input=5b2a659536bbd248]*/ |
327 | { |
328 | unsigned char digest[SHA3_MAX_DIGESTSIZE + SHA3_LANESIZE]; |
329 | SHA3_state temp; |
330 | HashReturn res; |
331 | |
332 | ENTER_HASHLIB(self); |
333 | SHA3_copystate(temp, self->hash_state); |
334 | LEAVE_HASHLIB(self); |
335 | res = SHA3_done(&temp, digest); |
336 | if (res != SUCCESS) { |
337 | PyErr_SetString(PyExc_RuntimeError, "internal error in SHA3 Final()" ); |
338 | return NULL; |
339 | } |
340 | return PyBytes_FromStringAndSize((const char *)digest, |
341 | self->hash_state.fixedOutputLength / 8); |
342 | } |
343 | |
344 | |
345 | /*[clinic input] |
346 | _sha3.sha3_224.hexdigest |
347 | |
348 | Return the digest value as a string of hexadecimal digits. |
349 | [clinic start generated code]*/ |
350 | |
351 | static PyObject * |
352 | _sha3_sha3_224_hexdigest_impl(SHA3object *self) |
353 | /*[clinic end generated code: output=75ad03257906918d input=2d91bb6e0d114ee3]*/ |
354 | { |
355 | unsigned char digest[SHA3_MAX_DIGESTSIZE + SHA3_LANESIZE]; |
356 | SHA3_state temp; |
357 | HashReturn res; |
358 | |
359 | /* Get the raw (binary) digest value */ |
360 | ENTER_HASHLIB(self); |
361 | SHA3_copystate(temp, self->hash_state); |
362 | LEAVE_HASHLIB(self); |
363 | res = SHA3_done(&temp, digest); |
364 | if (res != SUCCESS) { |
365 | PyErr_SetString(PyExc_RuntimeError, "internal error in SHA3 Final()" ); |
366 | return NULL; |
367 | } |
368 | return _Py_strhex((const char *)digest, |
369 | self->hash_state.fixedOutputLength / 8); |
370 | } |
371 | |
372 | |
373 | /*[clinic input] |
374 | _sha3.sha3_224.update |
375 | |
376 | data: object |
377 | / |
378 | |
379 | Update this hash object's state with the provided bytes-like object. |
380 | [clinic start generated code]*/ |
381 | |
382 | static PyObject * |
383 | _sha3_sha3_224_update(SHA3object *self, PyObject *data) |
384 | /*[clinic end generated code: output=d3223352286ed357 input=a887f54dcc4ae227]*/ |
385 | { |
386 | Py_buffer buf; |
387 | HashReturn res; |
388 | |
389 | GET_BUFFER_VIEW_OR_ERROUT(data, &buf); |
390 | |
391 | /* add new data, the function takes the length in bits not bytes */ |
392 | if (self->lock == NULL && buf.len >= HASHLIB_GIL_MINSIZE) { |
393 | self->lock = PyThread_allocate_lock(); |
394 | } |
395 | /* Once a lock exists all code paths must be synchronized. We have to |
396 | * release the GIL even for small buffers as acquiring the lock may take |
397 | * an unlimited amount of time when another thread updates this object |
398 | * with lots of data. */ |
399 | if (self->lock) { |
400 | Py_BEGIN_ALLOW_THREADS |
401 | PyThread_acquire_lock(self->lock, 1); |
402 | res = SHA3_process(&self->hash_state, buf.buf, buf.len * 8); |
403 | PyThread_release_lock(self->lock); |
404 | Py_END_ALLOW_THREADS |
405 | } |
406 | else { |
407 | res = SHA3_process(&self->hash_state, buf.buf, buf.len * 8); |
408 | } |
409 | |
410 | if (res != SUCCESS) { |
411 | PyBuffer_Release(&buf); |
412 | PyErr_SetString(PyExc_RuntimeError, |
413 | "internal error in SHA3 Update()" ); |
414 | return NULL; |
415 | } |
416 | |
417 | PyBuffer_Release(&buf); |
418 | Py_RETURN_NONE; |
419 | } |
420 | |
421 | |
422 | static PyMethodDef SHA3_methods[] = { |
423 | _SHA3_SHA3_224_COPY_METHODDEF |
424 | _SHA3_SHA3_224_DIGEST_METHODDEF |
425 | _SHA3_SHA3_224_HEXDIGEST_METHODDEF |
426 | _SHA3_SHA3_224_UPDATE_METHODDEF |
427 | {NULL, NULL} /* sentinel */ |
428 | }; |
429 | |
430 | |
431 | static PyObject * |
432 | SHA3_get_block_size(SHA3object *self, void *closure) |
433 | { |
434 | int rate = self->hash_state.sponge.rate; |
435 | return PyLong_FromLong(rate / 8); |
436 | } |
437 | |
438 | |
439 | static PyObject * |
440 | SHA3_get_name(SHA3object *self, void *closure) |
441 | { |
442 | PyTypeObject *type = Py_TYPE(self); |
443 | |
444 | SHA3State *state = PyType_GetModuleState(type); |
445 | assert(state != NULL); |
446 | |
447 | if (type == state->sha3_224_type) { |
448 | return PyUnicode_FromString("sha3_224" ); |
449 | } else if (type == state->sha3_256_type) { |
450 | return PyUnicode_FromString("sha3_256" ); |
451 | } else if (type == state->sha3_384_type) { |
452 | return PyUnicode_FromString("sha3_384" ); |
453 | } else if (type == state->sha3_512_type) { |
454 | return PyUnicode_FromString("sha3_512" ); |
455 | #ifdef PY_WITH_KECCAK |
456 | } else if (type == state->keccak_224_type) { |
457 | return PyUnicode_FromString("keccak_224" ); |
458 | } else if (type == state->keccak_256_type) { |
459 | return PyUnicode_FromString("keccak_256" ); |
460 | } else if (type == state->keccak_384_type) { |
461 | return PyUnicode_FromString("keccak_384" ); |
462 | } else if (type == state->keccak_512_type) { |
463 | return PyUnicode_FromString("keccak_512" ); |
464 | #endif |
465 | } else if (type == state->shake_128_type) { |
466 | return PyUnicode_FromString("shake_128" ); |
467 | } else if (type == state->shake_256_type) { |
468 | return PyUnicode_FromString("shake_256" ); |
469 | } else { |
470 | PyErr_BadInternalCall(); |
471 | return NULL; |
472 | } |
473 | } |
474 | |
475 | |
476 | static PyObject * |
477 | SHA3_get_digest_size(SHA3object *self, void *closure) |
478 | { |
479 | return PyLong_FromLong(self->hash_state.fixedOutputLength / 8); |
480 | } |
481 | |
482 | |
483 | static PyObject * |
484 | SHA3_get_capacity_bits(SHA3object *self, void *closure) |
485 | { |
486 | int capacity = 1600 - self->hash_state.sponge.rate; |
487 | return PyLong_FromLong(capacity); |
488 | } |
489 | |
490 | |
491 | static PyObject * |
492 | SHA3_get_rate_bits(SHA3object *self, void *closure) |
493 | { |
494 | unsigned int rate = self->hash_state.sponge.rate; |
495 | return PyLong_FromLong(rate); |
496 | } |
497 | |
498 | static PyObject * |
499 | SHA3_get_suffix(SHA3object *self, void *closure) |
500 | { |
501 | unsigned char suffix[2]; |
502 | suffix[0] = self->hash_state.delimitedSuffix; |
503 | suffix[1] = 0; |
504 | return PyBytes_FromStringAndSize((const char *)suffix, 1); |
505 | } |
506 | |
507 | static PyGetSetDef SHA3_getseters[] = { |
508 | {"block_size" , (getter)SHA3_get_block_size, NULL, NULL, NULL}, |
509 | {"name" , (getter)SHA3_get_name, NULL, NULL, NULL}, |
510 | {"digest_size" , (getter)SHA3_get_digest_size, NULL, NULL, NULL}, |
511 | {"_capacity_bits" , (getter)SHA3_get_capacity_bits, NULL, NULL, NULL}, |
512 | {"_rate_bits" , (getter)SHA3_get_rate_bits, NULL, NULL, NULL}, |
513 | {"_suffix" , (getter)SHA3_get_suffix, NULL, NULL, NULL}, |
514 | {NULL} /* Sentinel */ |
515 | }; |
516 | |
517 | #define SHA3_TYPE_SLOTS(type_slots_obj, type_doc, type_methods) \ |
518 | static PyType_Slot type_slots_obj[] = { \ |
519 | {Py_tp_dealloc, SHA3_dealloc}, \ |
520 | {Py_tp_doc, (char*)type_doc}, \ |
521 | {Py_tp_methods, type_methods}, \ |
522 | {Py_tp_getset, SHA3_getseters}, \ |
523 | {Py_tp_new, py_sha3_new}, \ |
524 | {0,0} \ |
525 | } |
526 | |
527 | // Using PyType_GetModuleState() on these types is safe since they |
528 | // cannot be subclassed: it does not have the Py_TPFLAGS_BASETYPE flag. |
529 | #define SHA3_TYPE_SPEC(type_spec_obj, type_name, type_slots) \ |
530 | static PyType_Spec type_spec_obj = { \ |
531 | .name = "_sha3." type_name, \ |
532 | .basicsize = sizeof(SHA3object), \ |
533 | .flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_IMMUTABLETYPE, \ |
534 | .slots = type_slots \ |
535 | } |
536 | |
537 | PyDoc_STRVAR(sha3_224__doc__, |
538 | "sha3_224([data], *, usedforsecurity=True) -> SHA3 object\n\ |
539 | \n\ |
540 | Return a new SHA3 hash object with a hashbit length of 28 bytes." ); |
541 | |
542 | PyDoc_STRVAR(sha3_256__doc__, |
543 | "sha3_256([data], *, usedforsecurity=True) -> SHA3 object\n\ |
544 | \n\ |
545 | Return a new SHA3 hash object with a hashbit length of 32 bytes." ); |
546 | |
547 | PyDoc_STRVAR(sha3_384__doc__, |
548 | "sha3_384([data], *, usedforsecurity=True) -> SHA3 object\n\ |
549 | \n\ |
550 | Return a new SHA3 hash object with a hashbit length of 48 bytes." ); |
551 | |
552 | PyDoc_STRVAR(sha3_512__doc__, |
553 | "sha3_512([data], *, usedforsecurity=True) -> SHA3 object\n\ |
554 | \n\ |
555 | Return a new SHA3 hash object with a hashbit length of 64 bytes." ); |
556 | |
557 | #ifdef PY_WITH_KECCAK |
558 | PyDoc_STRVAR(keccak_224__doc__, |
559 | "keccak_224([data], *, usedforsecurity=True) -> Keccak object\n\ |
560 | \n\ |
561 | Return a new Keccak hash object with a hashbit length of 28 bytes." ); |
562 | |
563 | PyDoc_STRVAR(keccak_256__doc__, |
564 | "keccak_256([data], *, usedforsecurity=True) -> Keccak object\n\ |
565 | \n\ |
566 | Return a new Keccak hash object with a hashbit length of 32 bytes." ); |
567 | |
568 | PyDoc_STRVAR(keccak_384__doc__, |
569 | "keccak_384([data], *, usedforsecurity=True) -> Keccak object\n\ |
570 | \n\ |
571 | Return a new Keccak hash object with a hashbit length of 48 bytes." ); |
572 | |
573 | PyDoc_STRVAR(keccak_512__doc__, |
574 | "keccak_512([data], *, usedforsecurity=True) -> Keccak object\n\ |
575 | \n\ |
576 | Return a new Keccak hash object with a hashbit length of 64 bytes." ); |
577 | |
578 | #endif |
579 | |
580 | SHA3_TYPE_SLOTS(sha3_224_slots, sha3_224__doc__, SHA3_methods); |
581 | SHA3_TYPE_SPEC(sha3_224_spec, "sha3_224" , sha3_224_slots); |
582 | |
583 | SHA3_TYPE_SLOTS(sha3_256_slots, sha3_256__doc__, SHA3_methods); |
584 | SHA3_TYPE_SPEC(sha3_256_spec, "sha3_256" , sha3_256_slots); |
585 | |
586 | SHA3_TYPE_SLOTS(sha3_384_slots, sha3_384__doc__, SHA3_methods); |
587 | SHA3_TYPE_SPEC(sha3_384_spec, "sha3_384" , sha3_384_slots); |
588 | |
589 | SHA3_TYPE_SLOTS(sha3_512_slots, sha3_512__doc__, SHA3_methods); |
590 | SHA3_TYPE_SPEC(sha3_512_spec, "sha3_512" , sha3_512_slots); |
591 | |
592 | #ifdef PY_WITH_KECCAK |
593 | SHA3_TYPE_SLOTS(Keccak_224_slots, keccak_224__doc__, SHA3_methods); |
594 | SHA3_TYPE_SPEC(Keccak_224_spec, "keccak_224" , Keccak_224_slots); |
595 | |
596 | SHA3_TYPE_SLOTS(Keccak_256_slots, keccak_256__doc__, SHA3_methods); |
597 | SHA3_TYPE_SPEC(Keccak_256_spec, "keccak_256" , Keccak_256_slots); |
598 | |
599 | SHA3_TYPE_SLOTS(Keccak_384_slots, keccak_384__doc__, SHA3_methods); |
600 | SHA3_TYPE_SPEC(Keccak_384_spec, "keccak_384" , Keccak_384_slots); |
601 | |
602 | SHA3_TYPE_SLOTS(Keccak_512_slots, keccak_512__doc__, SHA3_methods); |
603 | SHA3_TYPE_SPEC(Keccak_512_spec, "keccak_512" , Keccak_512_slots); |
604 | #endif |
605 | |
606 | |
607 | static PyObject * |
608 | _SHAKE_digest(SHA3object *self, unsigned long digestlen, int hex) |
609 | { |
610 | unsigned char *digest = NULL; |
611 | SHA3_state temp; |
612 | int res; |
613 | PyObject *result = NULL; |
614 | |
615 | if (digestlen >= (1 << 29)) { |
616 | PyErr_SetString(PyExc_ValueError, "length is too large" ); |
617 | return NULL; |
618 | } |
619 | /* ExtractLane needs at least SHA3_MAX_DIGESTSIZE + SHA3_LANESIZE and |
620 | * SHA3_LANESIZE extra space. |
621 | */ |
622 | digest = (unsigned char*)PyMem_Malloc(digestlen + SHA3_LANESIZE); |
623 | if (digest == NULL) { |
624 | return PyErr_NoMemory(); |
625 | } |
626 | |
627 | /* Get the raw (binary) digest value */ |
628 | ENTER_HASHLIB(self); |
629 | SHA3_copystate(temp, self->hash_state); |
630 | LEAVE_HASHLIB(self); |
631 | res = SHA3_done(&temp, NULL); |
632 | if (res != SUCCESS) { |
633 | PyErr_SetString(PyExc_RuntimeError, "internal error in SHA3 done()" ); |
634 | goto error; |
635 | } |
636 | res = SHA3_squeeze(&temp, digest, digestlen * 8); |
637 | if (res != SUCCESS) { |
638 | PyErr_SetString(PyExc_RuntimeError, "internal error in SHA3 Squeeze()" ); |
639 | return NULL; |
640 | } |
641 | if (hex) { |
642 | result = _Py_strhex((const char *)digest, digestlen); |
643 | } else { |
644 | result = PyBytes_FromStringAndSize((const char *)digest, |
645 | digestlen); |
646 | } |
647 | error: |
648 | if (digest != NULL) { |
649 | PyMem_Free(digest); |
650 | } |
651 | return result; |
652 | } |
653 | |
654 | |
655 | /*[clinic input] |
656 | _sha3.shake_128.digest |
657 | |
658 | length: unsigned_long |
659 | / |
660 | |
661 | Return the digest value as a bytes object. |
662 | [clinic start generated code]*/ |
663 | |
664 | static PyObject * |
665 | _sha3_shake_128_digest_impl(SHA3object *self, unsigned long length) |
666 | /*[clinic end generated code: output=2313605e2f87bb8f input=418ef6a36d2e6082]*/ |
667 | { |
668 | return _SHAKE_digest(self, length, 0); |
669 | } |
670 | |
671 | |
672 | /*[clinic input] |
673 | _sha3.shake_128.hexdigest |
674 | |
675 | length: unsigned_long |
676 | / |
677 | |
678 | Return the digest value as a string of hexadecimal digits. |
679 | [clinic start generated code]*/ |
680 | |
681 | static PyObject * |
682 | _sha3_shake_128_hexdigest_impl(SHA3object *self, unsigned long length) |
683 | /*[clinic end generated code: output=bf8e2f1e490944a8 input=69fb29b0926ae321]*/ |
684 | { |
685 | return _SHAKE_digest(self, length, 1); |
686 | } |
687 | |
688 | |
689 | static PyMethodDef SHAKE_methods[] = { |
690 | _SHA3_SHA3_224_COPY_METHODDEF |
691 | _SHA3_SHAKE_128_DIGEST_METHODDEF |
692 | _SHA3_SHAKE_128_HEXDIGEST_METHODDEF |
693 | _SHA3_SHA3_224_UPDATE_METHODDEF |
694 | {NULL, NULL} /* sentinel */ |
695 | }; |
696 | |
697 | PyDoc_STRVAR(shake_128__doc__, |
698 | "shake_128([data], *, usedforsecurity=True) -> SHAKE object\n\ |
699 | \n\ |
700 | Return a new SHAKE hash object." ); |
701 | |
702 | PyDoc_STRVAR(shake_256__doc__, |
703 | "shake_256([data], *, usedforsecurity=True) -> SHAKE object\n\ |
704 | \n\ |
705 | Return a new SHAKE hash object." ); |
706 | |
707 | SHA3_TYPE_SLOTS(SHAKE128slots, shake_128__doc__, SHAKE_methods); |
708 | SHA3_TYPE_SPEC(SHAKE128_spec, "shake_128" , SHAKE128slots); |
709 | |
710 | SHA3_TYPE_SLOTS(SHAKE256slots, shake_256__doc__, SHAKE_methods); |
711 | SHA3_TYPE_SPEC(SHAKE256_spec, "shake_256" , SHAKE256slots); |
712 | |
713 | |
714 | static int |
715 | _sha3_traverse(PyObject *module, visitproc visit, void *arg) |
716 | { |
717 | SHA3State *state = sha3_get_state(module); |
718 | Py_VISIT(state->sha3_224_type); |
719 | Py_VISIT(state->sha3_256_type); |
720 | Py_VISIT(state->sha3_384_type); |
721 | Py_VISIT(state->sha3_512_type); |
722 | #ifdef PY_WITH_KECCAK |
723 | Py_VISIT(state->keccak_224_type); |
724 | Py_VISIT(state->keccak_256_type); |
725 | Py_VISIT(state->keccak_384_type); |
726 | Py_VISIT(state->keccak_512_type); |
727 | #endif |
728 | Py_VISIT(state->shake_128_type); |
729 | Py_VISIT(state->shake_256_type); |
730 | return 0; |
731 | } |
732 | |
733 | static int |
734 | _sha3_clear(PyObject *module) |
735 | { |
736 | SHA3State *state = sha3_get_state(module); |
737 | Py_CLEAR(state->sha3_224_type); |
738 | Py_CLEAR(state->sha3_256_type); |
739 | Py_CLEAR(state->sha3_384_type); |
740 | Py_CLEAR(state->sha3_512_type); |
741 | #ifdef PY_WITH_KECCAK |
742 | Py_CLEAR(state->keccak_224_type); |
743 | Py_CLEAR(state->keccak_256_type); |
744 | Py_CLEAR(state->keccak_384_type); |
745 | Py_CLEAR(state->keccak_512_type); |
746 | #endif |
747 | Py_CLEAR(state->shake_128_type); |
748 | Py_CLEAR(state->shake_256_type); |
749 | return 0; |
750 | } |
751 | |
752 | static void |
753 | _sha3_free(void *module) |
754 | { |
755 | _sha3_clear((PyObject *)module); |
756 | } |
757 | |
758 | static int |
759 | _sha3_exec(PyObject *m) |
760 | { |
761 | SHA3State *st = sha3_get_state(m); |
762 | |
763 | #define init_sha3type(type, typespec) \ |
764 | do { \ |
765 | st->type = (PyTypeObject *)PyType_FromModuleAndSpec( \ |
766 | m, &typespec, NULL); \ |
767 | if (st->type == NULL) { \ |
768 | return -1; \ |
769 | } \ |
770 | if (PyModule_AddType(m, st->type) < 0) { \ |
771 | return -1; \ |
772 | } \ |
773 | } while(0) |
774 | |
775 | init_sha3type(sha3_224_type, sha3_224_spec); |
776 | init_sha3type(sha3_256_type, sha3_256_spec); |
777 | init_sha3type(sha3_384_type, sha3_384_spec); |
778 | init_sha3type(sha3_512_type, sha3_512_spec); |
779 | #ifdef PY_WITH_KECCAK |
780 | init_sha3type(keccak_224_type, Keccak_224_spec); |
781 | init_sha3type(keccak_256_type, Keccak_256_spec); |
782 | init_sha3type(keccak_384_type, Keccak_384_spec); |
783 | init_sha3type(keccak_512_type, Keccak_512_spec); |
784 | #endif |
785 | init_sha3type(shake_128_type, SHAKE128_spec); |
786 | init_sha3type(shake_256_type, SHAKE256_spec); |
787 | #undef init_sha3type |
788 | |
789 | if (PyModule_AddIntConstant(m, "keccakopt" , KeccakOpt) < 0) { |
790 | return -1; |
791 | } |
792 | if (PyModule_AddStringConstant(m, "implementation" , |
793 | KeccakP1600_implementation) < 0) { |
794 | return -1; |
795 | } |
796 | |
797 | return 0; |
798 | } |
799 | |
800 | static PyModuleDef_Slot _sha3_slots[] = { |
801 | {Py_mod_exec, _sha3_exec}, |
802 | {0, NULL} |
803 | }; |
804 | |
805 | /* Initialize this module. */ |
806 | static struct PyModuleDef _sha3module = { |
807 | PyModuleDef_HEAD_INIT, |
808 | .m_name = "_sha3" , |
809 | .m_size = sizeof(SHA3State), |
810 | .m_slots = _sha3_slots, |
811 | .m_traverse = _sha3_traverse, |
812 | .m_clear = _sha3_clear, |
813 | .m_free = _sha3_free, |
814 | }; |
815 | |
816 | |
817 | PyMODINIT_FUNC |
818 | PyInit__sha3(void) |
819 | { |
820 | return PyModuleDef_Init(&_sha3module); |
821 | } |
822 | |