diff options
Diffstat (limited to 'src/cryptography/hazmat/primitives/constant_time.py')
-rw-r--r-- | src/cryptography/hazmat/primitives/constant_time.py | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/primitives/constant_time.py b/src/cryptography/hazmat/primitives/constant_time.py new file mode 100644 index 00000000..a14eda85 --- /dev/null +++ b/src/cryptography/hazmat/primitives/constant_time.py @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import hmac +import os + +from cryptography.hazmat.bindings.utils import LazyLibrary, build_ffi + + +with open(os.path.join(os.path.dirname(__file__), "src/constant_time.h")) as f: + TYPES = f.read() + +with open(os.path.join(os.path.dirname(__file__), "src/constant_time.c")) as f: + FUNCTIONS = f.read() + + +_ffi = build_ffi(cdef_source=TYPES, verify_source=FUNCTIONS) +_lib = LazyLibrary(_ffi) + + +if hasattr(hmac, "compare_digest"): + def bytes_eq(a, b): + if not isinstance(a, bytes) or not isinstance(b, bytes): + raise TypeError("a and b must be bytes.") + + return hmac.compare_digest(a, b) + +else: + def bytes_eq(a, b): + if not isinstance(a, bytes) or not isinstance(b, bytes): + raise TypeError("a and b must be bytes.") + + return _lib.Cryptography_constant_time_bytes_eq( + a, len(a), b, len(b) + ) == 1 |