blake2b/blake2s support (#3116)

* blake2b/blake2s support Doesn't support keying, personalization, salting, or tree hashes so the API is pretty simple right now. * implement digest_size via utils.read_only_property * un-keyed for spelling's sake * test copying + digest_size checks * unkeyed is too a word * line wrap * reword the docs * use the evp algorithm name in the error This will make BLAKE2 alternate digest size errors a bit less confusing * add changelog entry and docs about supported digest_size
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2016-08-29 09:36:09 +0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2016-08-28 21:36:09 -0400
commit: 306ce512a28cdba29adf98125d894b90bb6bd78b (patch)
tree: 369dd5e4ea6b99638f2750e9f4873439f9545551 /src
parent: d6871fe568983b46a3b688c3222289357a7f56cd (diff)
download: cryptography-306ce512a28cdba29adf98125d894b90bb6bd78b.tar.gz
cryptography-306ce512a28cdba29adf98125d894b90bb6bd78b.tar.bz2
cryptography-306ce512a28cdba29adf98125d894b90bb6bd78b.zip
3 files changed, 57 insertions, 4 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index a1de1a89..7d16e05e 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -185,8 +185,19 @@ class Backend(object):
     def create_hmac_ctx(self, key, algorithm):
         return _HMACContext(self, key, algorithm)
 
+    def _build_openssl_digest_name(self, algorithm):
+        if algorithm.name == "blake2b" or algorithm.name == "blake2s":
+            alg = "{0}{1}".format(
+                algorithm.name, algorithm.digest_size * 8
+            ).encode("ascii")
+        else:
+            alg = algorithm.name.encode("ascii")
+
+        return alg
+
     def hash_supported(self, algorithm):
-        digest = self._lib.EVP_get_digestbyname(algorithm.name.encode("ascii"))
+        name = self._build_openssl_digest_name(algorithm)
+        digest = self._lib.EVP_get_digestbyname(name)
         return digest != self._ffi.NULL
 
     def hmac_supported(self, algorithm):
diff --git a/src/cryptography/hazmat/backends/openssl/hashes.py b/src/cryptography/hazmat/backends/openssl/hashes.py
index 2c8fce1a..92ea53bb 100644
--- a/src/cryptography/hazmat/backends/openssl/hashes.py
+++ b/src/cryptography/hazmat/backends/openssl/hashes.py
@@ -22,12 +22,12 @@ class _HashContext(object):
             ctx = self._backend._ffi.gc(
                 ctx, self._backend._lib.Cryptography_EVP_MD_CTX_free
             )
-            evp_md = self._backend._lib.EVP_get_digestbyname(
-                algorithm.name.encode("ascii"))
+            name = self._backend._build_openssl_digest_name(algorithm)
+            evp_md = self._backend._lib.EVP_get_digestbyname(name)
             if evp_md == self._backend._ffi.NULL:
                 raise UnsupportedAlgorithm(
                     "{0} is not a supported hash on this backend.".format(
-                        algorithm.name),
+                        name),
                     _Reasons.UNSUPPORTED_HASH
                 )
             res = self._backend._lib.EVP_DigestInit_ex(ctx, evp_md,
diff --git a/src/cryptography/hazmat/primitives/hashes.py b/src/cryptography/hazmat/primitives/hashes.py
index 6bc8500b..0714c118 100644
--- a/src/cryptography/hazmat/primitives/hashes.py
+++ b/src/cryptography/hazmat/primitives/hashes.py
@@ -161,3 +161,45 @@ class MD5(object):
     name = "md5"
     digest_size = 16
     block_size = 64
+
+
+@utils.register_interface(HashAlgorithm)
+class BLAKE2b(object):
+    name = "blake2b"
+    _max_digest_size = 64
+    _min_digest_size = 1
+    block_size = 128
+
+    def __init__(self, digest_size):
+        if (
+            digest_size > self._max_digest_size or
+            digest_size < self._min_digest_size
+        ):
+            raise ValueError("Digest size must be {0}-{1}".format(
+                self._min_digest_size, self._max_digest_size)
+            )
+
+        self._digest_size = digest_size
+
+    digest_size = utils.read_only_property("_digest_size")
+
+
+@utils.register_interface(HashAlgorithm)
+class BLAKE2s(object):
+    name = "blake2s"
+    block_size = 64
+    _max_digest_size = 32
+    _min_digest_size = 1
+
+    def __init__(self, digest_size):
+        if (
+            digest_size > self._max_digest_size or
+            digest_size < self._min_digest_size
+        ):
+            raise ValueError("Digest size must be {0}-{1}".format(
+                self._min_digest_size, self._max_digest_size)
+            )
+
+        self._digest_size = digest_size
+
+    digest_size = utils.read_only_property("_digest_size")
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2016-08-29 09:36:09 +0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2016-08-28 21:36:09 -0400
commit	306ce512a28cdba29adf98125d894b90bb6bd78b (patch)
tree	369dd5e4ea6b99638f2750e9f4873439f9545551 /src
parent	d6871fe568983b46a3b688c3222289357a7f56cd (diff)
download	cryptography-306ce512a28cdba29adf98125d894b90bb6bd78b.tar.gz cryptography-306ce512a28cdba29adf98125d894b90bb6bd78b.tar.bz2 cryptography-306ce512a28cdba29adf98125d894b90bb6bd78b.zip