poly1305 support (#4802)

* poly1305 support * some more tests * have I mentioned how bad the spellchecker is? * doc improvements * EVP_PKEY_new_raw_private_key copies the key but that's not documented Let's assume that might change and be very defensive * review feedback * add a test that fails on a tag of the correct length but wrong value * docs improvements
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2019-03-10 10:12:00 +0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2019-03-09 21:12:00 -0500
commit: b73ed5a6a3067c832413a6b4c987667a9d545153 (patch)
tree: e8d2881b29c41bc7967c2e24805de506fc996468 /src
parent: 3a300e6c8ed64503f3ef6cc22e5dda403fe8751a (diff)
download: cryptography-b73ed5a6a3067c832413a6b4c987667a9d545153.tar.gz
cryptography-b73ed5a6a3067c832413a6b4c987667a9d545153.tar.bz2
cryptography-b73ed5a6a3067c832413a6b4c987667a9d545153.zip
4 files changed, 117 insertions, 0 deletions
diff --git a/src/cryptography/exceptions.py b/src/cryptography/exceptions.py
index 648cf9df..1d52d7dc 100644
--- a/src/cryptography/exceptions.py
+++ b/src/cryptography/exceptions.py
@@ -19,6 +19,7 @@ class _Reasons(Enum):
     UNSUPPORTED_X509 = 8
     UNSUPPORTED_EXCHANGE_ALGORITHM = 9
     UNSUPPORTED_DIFFIE_HELLMAN = 10
+    UNSUPPORTED_MAC = 11
 
 
 class UnsupportedAlgorithm(Exception):
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index b040b809..15eff837 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -55,6 +55,9 @@ from cryptography.hazmat.backends.openssl.hmac import _HMACContext
 from cryptography.hazmat.backends.openssl.ocsp import (
     _OCSPRequest, _OCSPResponse
 )
+from cryptography.hazmat.backends.openssl.poly1305 import (
+    _POLY1305_KEY_SIZE, _Poly1305Context
+)
 from cryptography.hazmat.backends.openssl.rsa import (
     _RSAPrivateKey, _RSAPublicKey
 )
@@ -2401,6 +2404,16 @@ class Backend(object):
 
         return (key, cert, additional_certificates)
 
+    def poly1305_supported(self):
+        return self._lib.Cryptography_HAS_POLY1305 == 1
+
+    def create_poly1305_ctx(self, key):
+        utils._check_byteslike("key", key)
+        if len(key) != _POLY1305_KEY_SIZE:
+            raise ValueError("A poly1305 key is 32 bytes long")
+
+        return _Poly1305Context(self, key)
+
 
 class GetCipherByName(object):
     def __init__(self, fmt):
diff --git a/src/cryptography/hazmat/backends/openssl/poly1305.py b/src/cryptography/hazmat/backends/openssl/poly1305.py
new file mode 100644
index 00000000..25448dd0
--- /dev/null
+++ b/src/cryptography/hazmat/backends/openssl/poly1305.py
@@ -0,0 +1,60 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+
+from cryptography.exceptions import InvalidSignature
+from cryptography.hazmat.primitives import constant_time
+
+
+_POLY1305_TAG_SIZE = 16
+_POLY1305_KEY_SIZE = 32
+
+
+class _Poly1305Context(object):
+    def __init__(self, backend, key):
+        self._backend = backend
+
+        key_ptr = self._backend._ffi.from_buffer(key)
+        # This function copies the key into OpenSSL-owned memory so we don't
+        # need to retain it ourselves
+        evp_pkey = self._backend._lib.EVP_PKEY_new_raw_private_key(
+            self._backend._lib.NID_poly1305,
+            self._backend._ffi.NULL, key_ptr, len(key)
+        )
+        self._backend.openssl_assert(evp_pkey != self._backend._ffi.NULL)
+        self._evp_pkey = self._backend._ffi.gc(
+            evp_pkey, self._backend._lib.EVP_PKEY_free
+        )
+        ctx = self._backend._lib.Cryptography_EVP_MD_CTX_new()
+        self._backend.openssl_assert(ctx != self._backend._ffi.NULL)
+        self._ctx = self._backend._ffi.gc(
+            ctx, self._backend._lib.Cryptography_EVP_MD_CTX_free
+        )
+        res = self._backend._lib.EVP_DigestSignInit(
+            self._ctx, self._backend._ffi.NULL, self._backend._ffi.NULL,
+            self._backend._ffi.NULL, self._evp_pkey
+        )
+        self._backend.openssl_assert(res == 1)
+
+    def update(self, data):
+        data_ptr = self._backend._ffi.from_buffer(data)
+        res = self._backend._lib.EVP_DigestSignUpdate(
+            self._ctx, data_ptr, len(data)
+        )
+        self._backend.openssl_assert(res != 0)
+
+    def finalize(self):
+        buf = self._backend._ffi.new("unsigned char[]", _POLY1305_TAG_SIZE)
+        outlen = self._backend._ffi.new("size_t *")
+        res = self._backend._lib.EVP_DigestSignFinal(self._ctx, buf, outlen)
+        self._backend.openssl_assert(res != 0)
+        self._backend.openssl_assert(outlen[0] == _POLY1305_TAG_SIZE)
+        return self._backend._ffi.buffer(buf)[:outlen[0]]
+
+    def verify(self, tag):
+        mac = self.finalize()
+        if not constant_time.bytes_eq(mac, tag):
+            raise InvalidSignature("Value did not match computed tag.")
diff --git a/src/cryptography/hazmat/primitives/poly1305.py b/src/cryptography/hazmat/primitives/poly1305.py
new file mode 100644
index 00000000..02b6629d
--- /dev/null
+++ b/src/cryptography/hazmat/primitives/poly1305.py
@@ -0,0 +1,43 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+
+from cryptography import utils
+from cryptography.exceptions import (
+    AlreadyFinalized, UnsupportedAlgorithm, _Reasons
+)
+
+
+class Poly1305(object):
+    def __init__(self, key):
+        from cryptography.hazmat.backends.openssl.backend import backend
+        if not backend.poly1305_supported():
+            raise UnsupportedAlgorithm(
+                "poly1305 is not supported by this version of OpenSSL.",
+                _Reasons.UNSUPPORTED_MAC
+            )
+        self._ctx = backend.create_poly1305_ctx(key)
+
+    def update(self, data):
+        if self._ctx is None:
+            raise AlreadyFinalized("Context was already finalized.")
+        utils._check_byteslike("data", data)
+        self._ctx.update(data)
+
+    def finalize(self):
+        if self._ctx is None:
+            raise AlreadyFinalized("Context was already finalized.")
+        mac = self._ctx.finalize()
+        self._ctx = None
+        return mac
+
+    def verify(self, tag):
+        utils._check_bytes("tag", tag)
+        if self._ctx is None:
+            raise AlreadyFinalized("Context was already finalized.")
+
+        ctx, self._ctx = self._ctx, None
+        ctx.verify(tag)
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2019-03-10 10:12:00 +0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2019-03-09 21:12:00 -0500
commit	b73ed5a6a3067c832413a6b4c987667a9d545153 (patch)
tree	e8d2881b29c41bc7967c2e24805de506fc996468 /src
parent	3a300e6c8ed64503f3ef6cc22e5dda403fe8751a (diff)
download	cryptography-b73ed5a6a3067c832413a6b4c987667a9d545153.tar.gz cryptography-b73ed5a6a3067c832413a6b4c987667a9d545153.tar.bz2 cryptography-b73ed5a6a3067c832413a6b4c987667a9d545153.zip