From 1dbe86a14e1d592df3105b2c371de4ebbcc284c9 Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Sun, 24 Jan 2021 20:09:19 +0100 Subject: [PATCH] use blake2b from hashlib --- src/borg/crypto/low_level.pyx | 79 +++-------------------------------- 1 file changed, 6 insertions(+), 73 deletions(-) diff --git a/src/borg/crypto/low_level.pyx b/src/borg/crypto/low_level.pyx index 9c09fe079..1f23a126a 100644 --- a/src/borg/crypto/low_level.pyx +++ b/src/borg/crypto/low_level.pyx @@ -47,14 +47,6 @@ API_VERSION = '1.2_01' cdef extern from "openssl/crypto.h": int CRYPTO_memcmp(const void *a, const void *b, size_t len) -cdef extern from "../algorithms/blake2-libselect.h": - ctypedef struct blake2b_state: - pass - - int blake2b_init(blake2b_state *S, size_t outlen) nogil - int blake2b_update(blake2b_state *S, const void *input, size_t inlen) nogil - int blake2b_final(blake2b_state *S, void *out, size_t outlen) nogil - cdef extern from "openssl/evp.h": ctypedef struct EVP_MD: @@ -439,22 +431,10 @@ cdef class AES256_CTR_BLAKE2b(AES256_CTR_BASE): cdef mac_compute(self, const unsigned char *data1, int data1_len, const unsigned char *data2, int data2_len, unsigned char *mac_buf): - cdef blake2b_state state - cdef int rc - rc = blake2b_init(&state, self.mac_len) - if rc == -1: - raise Exception('blake2b_init() failed') - with nogil: - rc = blake2b_update(&state, self.mac_key, 128) - if rc != -1: - rc = blake2b_update(&state, data1, data1_len) - if rc != -1: - rc = blake2b_update(&state, data2, data2_len) - if rc == -1: - raise Exception('blake2b_update() failed') - rc = blake2b_final(&state, mac_buf, self.mac_len) - if rc == -1: - raise Exception('blake2b_final() failed') + data = self.mac_key[:128] + data1[:data1_len] + data2[:data2_len] + mac = hashlib.blake2b(data, digest_size=self.mac_len).digest() + for i in range(self.mac_len): + mac_buf[i] = mac[i] cdef mac_verify(self, const unsigned char *data1, int data1_len, const unsigned char *data2, int data2_len, @@ -813,59 +793,12 @@ def hmac_sha256(key, data): return PyBytes_FromStringAndSize( &md[0], 32) -cdef blake2b_update_from_buffer(blake2b_state *state, obj): - cdef Py_buffer buf = ro_buffer(obj) - try: - with nogil: - rc = blake2b_update(state, buf.buf, buf.len) - if rc == -1: - raise Exception('blake2b_update() failed') - finally: - PyBuffer_Release(&buf) - - def blake2b_256(key, data): - cdef blake2b_state state - if blake2b_init(&state, 32) == -1: - raise Exception('blake2b_init() failed') - - cdef unsigned char md[32] - cdef unsigned char *key_ptr = key - - # This is secure, because BLAKE2 is not vulnerable to length-extension attacks (unlike SHA-1/2, MD-5 and others). - # See the BLAKE2 paper section 2.9 "Keyed hashing (MAC and PRF)" for details. - # A nice benefit is that this simpler prefix-MAC mode has less overhead than the more complex HMAC mode. - # We don't use the BLAKE2 parameter block (via blake2s_init_key) for this to - # avoid incompatibility with the limited API of OpenSSL. - rc = blake2b_update(&state, key_ptr, len(key)) - if rc == -1: - raise Exception('blake2b_update() failed') - blake2b_update_from_buffer(&state, data) - - rc = blake2b_final(&state, &md[0], 32) - if rc == -1: - raise Exception('blake2b_final() failed') - - return PyBytes_FromStringAndSize( &md[0], 32) + return hashlib.blake2b(key+data, digest_size=32).digest() def blake2b_128(data): - cdef blake2b_state state - cdef unsigned char md[16] - cdef unsigned char *data_ptr = data - - if blake2b_init(&state, 16) == -1: - raise Exception('blake2b_init() failed') - - rc = blake2b_update(&state, data_ptr, len(data)) - if rc == -1: - raise Exception('blake2b_update() failed') - - rc = blake2b_final(&state, &md[0], 16) - if rc == -1: - raise Exception('blake2b_final() failed') - - return PyBytes_FromStringAndSize( &md[0], 16) + return hashlib.blake2b(data, digest_size=16).digest() def hkdf_hmac_sha512(ikm, salt, info, output_length):