diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-08-29 09:36:09 +0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2016-08-28 21:36:09 -0400 |
commit | 306ce512a28cdba29adf98125d894b90bb6bd78b (patch) | |
tree | 369dd5e4ea6b99638f2750e9f4873439f9545551 /src | |
parent | d6871fe568983b46a3b688c3222289357a7f56cd (diff) | |
download | cryptography-306ce512a28cdba29adf98125d894b90bb6bd78b.tar.gz cryptography-306ce512a28cdba29adf98125d894b90bb6bd78b.tar.bz2 cryptography-306ce512a28cdba29adf98125d894b90bb6bd78b.zip |
blake2b/blake2s support (#3116)
* blake2b/blake2s support
Doesn't support keying, personalization, salting, or tree hashes so
the API is pretty simple right now.
* implement digest_size via utils.read_only_property
* un-keyed for spelling's sake
* test copying + digest_size checks
* unkeyed is too a word
* line wrap
* reword the docs
* use the evp algorithm name in the error
This will make BLAKE2 alternate digest size errors a bit less confusing
* add changelog entry and docs about supported digest_size
Diffstat (limited to 'src')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 13 | ||||
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/hashes.py | 6 | ||||
-rw-r--r-- | src/cryptography/hazmat/primitives/hashes.py | 42 |
3 files changed, 57 insertions, 4 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index a1de1a89..7d16e05e 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -185,8 +185,19 @@ class Backend(object): def create_hmac_ctx(self, key, algorithm): return _HMACContext(self, key, algorithm) + def _build_openssl_digest_name(self, algorithm): + if algorithm.name == "blake2b" or algorithm.name == "blake2s": + alg = "{0}{1}".format( + algorithm.name, algorithm.digest_size * 8 + ).encode("ascii") + else: + alg = algorithm.name.encode("ascii") + + return alg + def hash_supported(self, algorithm): - digest = self._lib.EVP_get_digestbyname(algorithm.name.encode("ascii")) + name = self._build_openssl_digest_name(algorithm) + digest = self._lib.EVP_get_digestbyname(name) return digest != self._ffi.NULL def hmac_supported(self, algorithm): diff --git a/src/cryptography/hazmat/backends/openssl/hashes.py b/src/cryptography/hazmat/backends/openssl/hashes.py index 2c8fce1a..92ea53bb 100644 --- a/src/cryptography/hazmat/backends/openssl/hashes.py +++ b/src/cryptography/hazmat/backends/openssl/hashes.py @@ -22,12 +22,12 @@ class _HashContext(object): ctx = self._backend._ffi.gc( ctx, self._backend._lib.Cryptography_EVP_MD_CTX_free ) - evp_md = self._backend._lib.EVP_get_digestbyname( - algorithm.name.encode("ascii")) + name = self._backend._build_openssl_digest_name(algorithm) + evp_md = self._backend._lib.EVP_get_digestbyname(name) if evp_md == self._backend._ffi.NULL: raise UnsupportedAlgorithm( "{0} is not a supported hash on this backend.".format( - algorithm.name), + name), _Reasons.UNSUPPORTED_HASH ) res = self._backend._lib.EVP_DigestInit_ex(ctx, evp_md, diff --git a/src/cryptography/hazmat/primitives/hashes.py b/src/cryptography/hazmat/primitives/hashes.py index 6bc8500b..0714c118 100644 --- a/src/cryptography/hazmat/primitives/hashes.py +++ b/src/cryptography/hazmat/primitives/hashes.py @@ -161,3 +161,45 @@ class MD5(object): name = "md5" digest_size = 16 block_size = 64 + + +@utils.register_interface(HashAlgorithm) +class BLAKE2b(object): + name = "blake2b" + _max_digest_size = 64 + _min_digest_size = 1 + block_size = 128 + + def __init__(self, digest_size): + if ( + digest_size > self._max_digest_size or + digest_size < self._min_digest_size + ): + raise ValueError("Digest size must be {0}-{1}".format( + self._min_digest_size, self._max_digest_size) + ) + + self._digest_size = digest_size + + digest_size = utils.read_only_property("_digest_size") + + +@utils.register_interface(HashAlgorithm) +class BLAKE2s(object): + name = "blake2s" + block_size = 64 + _max_digest_size = 32 + _min_digest_size = 1 + + def __init__(self, digest_size): + if ( + digest_size > self._max_digest_size or + digest_size < self._min_digest_size + ): + raise ValueError("Digest size must be {0}-{1}".format( + self._min_digest_size, self._max_digest_size) + ) + + self._digest_size = digest_size + + digest_size = utils.read_only_property("_digest_size") |