1 /* SHA3 module
2 *
3 * This module provides an interface to the SHA3 algorithm
4 *
5 * See below for information about the original code this module was
6 * based upon. Additional work performed by:
7 *
8 * Andrew Kuchling (amk@amk.ca)
9 * Greg Stein (gstein@lyra.org)
10 * Trevor Perrin (trevp@trevp.net)
11 * Gregory P. Smith (greg@krypto.org)
12 *
13 * Copyright (C) 2012-2016 Christian Heimes (christian@python.org)
14 * Licensed to PSF under a Contributor Agreement.
15 *
16 */
17
18 #include "Python.h"
19 #include "pystrhex.h"
20 #include "../hashlib.h"
21
22 /* **************************************************************************
23 * SHA-3 (Keccak) and SHAKE
24 *
25 * The code is based on KeccakCodePackage from 2016-04-23
26 * commit 647f93079afc4ada3d23737477a6e52511ca41fd
27 *
28 * The reference implementation is altered in this points:
29 * - C++ comments are converted to ANSI C comments.
30 * - all function names are mangled
31 * - typedef for UINT64 is commented out.
32 * - brg_endian.h is removed
33 *
34 * *************************************************************************/
35
36 #ifdef __sparc
37 /* opt64 uses un-aligned memory access that causes a BUS error with msg
38 * 'invalid address alignment' on SPARC. */
39 #define KeccakOpt 32
40 #elif PY_BIG_ENDIAN
41 /* opt64 is not yet supported on big endian platforms */
42 #define KeccakOpt 32
43 #elif SIZEOF_VOID_P == 8
44 /* opt64 works only on little-endian 64bit platforms with unsigned int64 */
45 #define KeccakOpt 64
46 #else
47 /* opt32 is used for the remaining 32 and 64bit platforms */
48 #define KeccakOpt 32
49 #endif
50
51 #if KeccakOpt == 64
52 /* 64bit platforms with unsigned int64 */
53 typedef uint64_t UINT64;
54 typedef unsigned char UINT8;
55 #endif
56
57 /* replacement for brg_endian.h */
58 #define IS_LITTLE_ENDIAN 1234
59 #define IS_BIG_ENDIAN 4321
60 #if PY_LITTLE_ENDIAN
61 #define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
62 #endif
63 #if PY_BIG_ENDIAN
64 #define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
65 #endif
66
67 /* Prevent bus errors on platforms requiring aligned accesses such ARM. */
68 #if HAVE_ALIGNED_REQUIRED && !defined(NO_MISALIGNED_ACCESSES)
69 #define NO_MISALIGNED_ACCESSES
70 #endif
71
72 /* mangle names */
73 #define KeccakF1600_FastLoop_Absorb _PySHA3_KeccakF1600_FastLoop_Absorb
74 #define Keccak_HashFinal _PySHA3_Keccak_HashFinal
75 #define Keccak_HashInitialize _PySHA3_Keccak_HashInitialize
76 #define Keccak_HashSqueeze _PySHA3_Keccak_HashSqueeze
77 #define Keccak_HashUpdate _PySHA3_Keccak_HashUpdate
78 #define KeccakP1600_AddBytes _PySHA3_KeccakP1600_AddBytes
79 #define KeccakP1600_AddBytesInLane _PySHA3_KeccakP1600_AddBytesInLane
80 #define KeccakP1600_AddLanes _PySHA3_KeccakP1600_AddLanes
81 #define KeccakP1600_ExtractAndAddBytes _PySHA3_KeccakP1600_ExtractAndAddBytes
82 #define KeccakP1600_ExtractAndAddBytesInLane _PySHA3_KeccakP1600_ExtractAndAddBytesInLane
83 #define KeccakP1600_ExtractAndAddLanes _PySHA3_KeccakP1600_ExtractAndAddLanes
84 #define KeccakP1600_ExtractBytes _PySHA3_KeccakP1600_ExtractBytes
85 #define KeccakP1600_ExtractBytesInLane _PySHA3_KeccakP1600_ExtractBytesInLane
86 #define KeccakP1600_ExtractLanes _PySHA3_KeccakP1600_ExtractLanes
87 #define KeccakP1600_Initialize _PySHA3_KeccakP1600_Initialize
88 #define KeccakP1600_OverwriteBytes _PySHA3_KeccakP1600_OverwriteBytes
89 #define KeccakP1600_OverwriteBytesInLane _PySHA3_KeccakP1600_OverwriteBytesInLane
90 #define KeccakP1600_OverwriteLanes _PySHA3_KeccakP1600_OverwriteLanes
91 #define KeccakP1600_OverwriteWithZeroes _PySHA3_KeccakP1600_OverwriteWithZeroes
92 #define KeccakP1600_Permute_12rounds _PySHA3_KeccakP1600_Permute_12rounds
93 #define KeccakP1600_Permute_24rounds _PySHA3_KeccakP1600_Permute_24rounds
94 #define KeccakWidth1600_Sponge _PySHA3_KeccakWidth1600_Sponge
95 #define KeccakWidth1600_SpongeAbsorb _PySHA3_KeccakWidth1600_SpongeAbsorb
96 #define KeccakWidth1600_SpongeAbsorbLastFewBits _PySHA3_KeccakWidth1600_SpongeAbsorbLastFewBits
97 #define KeccakWidth1600_SpongeInitialize _PySHA3_KeccakWidth1600_SpongeInitialize
98 #define KeccakWidth1600_SpongeSqueeze _PySHA3_KeccakWidth1600_SpongeSqueeze
99 #if KeccakOpt == 32
100 #define KeccakP1600_AddByte _PySHA3_KeccakP1600_AddByte
101 #define KeccakP1600_Permute_Nrounds _PySHA3_KeccakP1600_Permute_Nrounds
102 #define KeccakP1600_SetBytesInLaneToZero _PySHA3_KeccakP1600_SetBytesInLaneToZero
103 #endif
104
105 /* we are only interested in KeccakP1600 */
106 #define KeccakP200_excluded 1
107 #define KeccakP400_excluded 1
108 #define KeccakP800_excluded 1
109
110 /* inline all Keccak dependencies */
111 #include "kcp/KeccakHash.h"
112 #include "kcp/KeccakSponge.h"
113 #include "kcp/KeccakHash.c"
114 #include "kcp/KeccakSponge.c"
115 #if KeccakOpt == 64
116 #include "kcp/KeccakP-1600-opt64.c"
117 #elif KeccakOpt == 32
118 #include "kcp/KeccakP-1600-inplace32BI.c"
119 #endif
120
121 #define SHA3_MAX_DIGESTSIZE 64 /* 64 Bytes (512 Bits) for 224 to 512 */
122 #define SHA3_LANESIZE (20 * 8) /* ExtractLane needs max uint64_t[20] extra. */
123 #define SHA3_state Keccak_HashInstance
124 #define SHA3_init Keccak_HashInitialize
125 #define SHA3_process Keccak_HashUpdate
126 #define SHA3_done Keccak_HashFinal
127 #define SHA3_squeeze Keccak_HashSqueeze
128 #define SHA3_copystate(dest, src) memcpy(&(dest), &(src), sizeof(SHA3_state))
129
130 typedef struct {
131 PyTypeObject *sha3_224_type;
132 PyTypeObject *sha3_256_type;
133 PyTypeObject *sha3_384_type;
134 PyTypeObject *sha3_512_type;
135 #ifdef PY_WITH_KECCAK
136 PyTypeObject *keccak_224_type;
137 PyTypeObject *keccak_256_type;
138 PyTypeObject *keccak_384_type;
139 PyTypeObject *keccak_512_type;
140 #endif
141 PyTypeObject *shake_128_type;
142 PyTypeObject *shake_256_type;
143 } SHA3State;
144
145 static inline SHA3State*
sha3_get_state(PyObject * module)146 sha3_get_state(PyObject *module)
147 {
148 void *state = PyModule_GetState(module);
149 assert(state != NULL);
150 return (SHA3State *)state;
151 }
152
153 /*[clinic input]
154 module _sha3
155 class _sha3.sha3_224 "SHA3object *" "&SHA3_224typ"
156 class _sha3.sha3_256 "SHA3object *" "&SHA3_256typ"
157 class _sha3.sha3_384 "SHA3object *" "&SHA3_384typ"
158 class _sha3.sha3_512 "SHA3object *" "&SHA3_512typ"
159 class _sha3.shake_128 "SHA3object *" "&SHAKE128type"
160 class _sha3.shake_256 "SHA3object *" "&SHAKE256type"
161 [clinic start generated code]*/
162 /*[clinic end generated code: output=da39a3ee5e6b4b0d input=b8a53680f370285a]*/
163
164 /* The structure for storing SHA3 info */
165
166 typedef struct {
167 PyObject_HEAD
168 SHA3_state hash_state;
169 PyThread_type_lock lock;
170 } SHA3object;
171
172 #include "clinic/sha3module.c.h"
173
174 static SHA3object *
newSHA3object(PyTypeObject * type)175 newSHA3object(PyTypeObject *type)
176 {
177 SHA3object *newobj;
178 newobj = (SHA3object *)PyObject_New(SHA3object, type);
179 if (newobj == NULL) {
180 return NULL;
181 }
182 newobj->lock = NULL;
183 return newobj;
184 }
185
186 /*[clinic input]
187 @classmethod
188 _sha3.sha3_224.__new__ as py_sha3_new
189 data: object(c_default="NULL") = b''
190 /
191 *
192 usedforsecurity: bool = True
193
194 Return a new BLAKE2b hash object.
195 [clinic start generated code]*/
196
197 static PyObject *
py_sha3_new_impl(PyTypeObject * type,PyObject * data,int usedforsecurity)198 py_sha3_new_impl(PyTypeObject *type, PyObject *data, int usedforsecurity)
199 /*[clinic end generated code: output=90409addc5d5e8b0 input=bcfcdf2e4368347a]*/
200 {
201 HashReturn res;
202 Py_buffer buf = {NULL, NULL};
203 SHA3State *state = PyType_GetModuleState(type);
204 SHA3object *self = newSHA3object(type);
205 if (self == NULL) {
206 goto error;
207 }
208
209 assert(state != NULL);
210
211 if (type == state->sha3_224_type) {
212 res = Keccak_HashInitialize_SHA3_224(&self->hash_state);
213 } else if (type == state->sha3_256_type) {
214 res = Keccak_HashInitialize_SHA3_256(&self->hash_state);
215 } else if (type == state->sha3_384_type) {
216 res = Keccak_HashInitialize_SHA3_384(&self->hash_state);
217 } else if (type == state->sha3_512_type) {
218 res = Keccak_HashInitialize_SHA3_512(&self->hash_state);
219 #ifdef PY_WITH_KECCAK
220 } else if (type == state->keccak_224_type) {
221 res = Keccak_HashInitialize(&self->hash_state, 1152, 448, 224, 0x01);
222 } else if (type == state->keccak_256_type) {
223 res = Keccak_HashInitialize(&self->hash_state, 1088, 512, 256, 0x01);
224 } else if (type == state->keccak_384_type) {
225 res = Keccak_HashInitialize(&self->hash_state, 832, 768, 384, 0x01);
226 } else if (type == state->keccak_512_type) {
227 res = Keccak_HashInitialize(&self->hash_state, 576, 1024, 512, 0x01);
228 #endif
229 } else if (type == state->shake_128_type) {
230 res = Keccak_HashInitialize_SHAKE128(&self->hash_state);
231 } else if (type == state->shake_256_type) {
232 res = Keccak_HashInitialize_SHAKE256(&self->hash_state);
233 } else {
234 PyErr_BadInternalCall();
235 goto error;
236 }
237
238 if (res != SUCCESS) {
239 PyErr_SetString(PyExc_RuntimeError,
240 "internal error in SHA3 initialize()");
241 goto error;
242 }
243
244 if (data) {
245 GET_BUFFER_VIEW_OR_ERROR(data, &buf, goto error);
246 if (buf.len >= HASHLIB_GIL_MINSIZE) {
247 /* invariant: New objects can't be accessed by other code yet,
248 * thus it's safe to release the GIL without locking the object.
249 */
250 Py_BEGIN_ALLOW_THREADS
251 res = SHA3_process(&self->hash_state, buf.buf, buf.len * 8);
252 Py_END_ALLOW_THREADS
253 }
254 else {
255 res = SHA3_process(&self->hash_state, buf.buf, buf.len * 8);
256 }
257 if (res != SUCCESS) {
258 PyErr_SetString(PyExc_RuntimeError,
259 "internal error in SHA3 Update()");
260 goto error;
261 }
262 PyBuffer_Release(&buf);
263 }
264
265 return (PyObject *)self;
266
267 error:
268 if (self) {
269 Py_DECREF(self);
270 }
271 if (data && buf.obj) {
272 PyBuffer_Release(&buf);
273 }
274 return NULL;
275 }
276
277
278 /* Internal methods for a hash object */
279
280 static void
SHA3_dealloc(SHA3object * self)281 SHA3_dealloc(SHA3object *self)
282 {
283 if (self->lock) {
284 PyThread_free_lock(self->lock);
285 }
286
287 PyTypeObject *tp = Py_TYPE(self);
288 PyObject_Free(self);
289 Py_DECREF(tp);
290 }
291
292
293 /* External methods for a hash object */
294
295
296 /*[clinic input]
297 _sha3.sha3_224.copy
298
299 Return a copy of the hash object.
300 [clinic start generated code]*/
301
302 static PyObject *
_sha3_sha3_224_copy_impl(SHA3object * self)303 _sha3_sha3_224_copy_impl(SHA3object *self)
304 /*[clinic end generated code: output=6c537411ecdcda4c input=93a44aaebea51ba8]*/
305 {
306 SHA3object *newobj;
307
308 if ((newobj = newSHA3object(Py_TYPE(self))) == NULL) {
309 return NULL;
310 }
311 ENTER_HASHLIB(self);
312 SHA3_copystate(newobj->hash_state, self->hash_state);
313 LEAVE_HASHLIB(self);
314 return (PyObject *)newobj;
315 }
316
317
318 /*[clinic input]
319 _sha3.sha3_224.digest
320
321 Return the digest value as a bytes object.
322 [clinic start generated code]*/
323
324 static PyObject *
_sha3_sha3_224_digest_impl(SHA3object * self)325 _sha3_sha3_224_digest_impl(SHA3object *self)
326 /*[clinic end generated code: output=fd531842e20b2d5b input=5b2a659536bbd248]*/
327 {
328 unsigned char digest[SHA3_MAX_DIGESTSIZE + SHA3_LANESIZE];
329 SHA3_state temp;
330 HashReturn res;
331
332 ENTER_HASHLIB(self);
333 SHA3_copystate(temp, self->hash_state);
334 LEAVE_HASHLIB(self);
335 res = SHA3_done(&temp, digest);
336 if (res != SUCCESS) {
337 PyErr_SetString(PyExc_RuntimeError, "internal error in SHA3 Final()");
338 return NULL;
339 }
340 return PyBytes_FromStringAndSize((const char *)digest,
341 self->hash_state.fixedOutputLength / 8);
342 }
343
344
345 /*[clinic input]
346 _sha3.sha3_224.hexdigest
347
348 Return the digest value as a string of hexadecimal digits.
349 [clinic start generated code]*/
350
351 static PyObject *
_sha3_sha3_224_hexdigest_impl(SHA3object * self)352 _sha3_sha3_224_hexdigest_impl(SHA3object *self)
353 /*[clinic end generated code: output=75ad03257906918d input=2d91bb6e0d114ee3]*/
354 {
355 unsigned char digest[SHA3_MAX_DIGESTSIZE + SHA3_LANESIZE];
356 SHA3_state temp;
357 HashReturn res;
358
359 /* Get the raw (binary) digest value */
360 ENTER_HASHLIB(self);
361 SHA3_copystate(temp, self->hash_state);
362 LEAVE_HASHLIB(self);
363 res = SHA3_done(&temp, digest);
364 if (res != SUCCESS) {
365 PyErr_SetString(PyExc_RuntimeError, "internal error in SHA3 Final()");
366 return NULL;
367 }
368 return _Py_strhex((const char *)digest,
369 self->hash_state.fixedOutputLength / 8);
370 }
371
372
373 /*[clinic input]
374 _sha3.sha3_224.update
375
376 data: object
377 /
378
379 Update this hash object's state with the provided bytes-like object.
380 [clinic start generated code]*/
381
382 static PyObject *
_sha3_sha3_224_update(SHA3object * self,PyObject * data)383 _sha3_sha3_224_update(SHA3object *self, PyObject *data)
384 /*[clinic end generated code: output=d3223352286ed357 input=a887f54dcc4ae227]*/
385 {
386 Py_buffer buf;
387 HashReturn res;
388
389 GET_BUFFER_VIEW_OR_ERROUT(data, &buf);
390
391 /* add new data, the function takes the length in bits not bytes */
392 if (self->lock == NULL && buf.len >= HASHLIB_GIL_MINSIZE) {
393 self->lock = PyThread_allocate_lock();
394 }
395 /* Once a lock exists all code paths must be synchronized. We have to
396 * release the GIL even for small buffers as acquiring the lock may take
397 * an unlimited amount of time when another thread updates this object
398 * with lots of data. */
399 if (self->lock) {
400 Py_BEGIN_ALLOW_THREADS
401 PyThread_acquire_lock(self->lock, 1);
402 res = SHA3_process(&self->hash_state, buf.buf, buf.len * 8);
403 PyThread_release_lock(self->lock);
404 Py_END_ALLOW_THREADS
405 }
406 else {
407 res = SHA3_process(&self->hash_state, buf.buf, buf.len * 8);
408 }
409
410 if (res != SUCCESS) {
411 PyBuffer_Release(&buf);
412 PyErr_SetString(PyExc_RuntimeError,
413 "internal error in SHA3 Update()");
414 return NULL;
415 }
416
417 PyBuffer_Release(&buf);
418 Py_RETURN_NONE;
419 }
420
421
422 static PyMethodDef SHA3_methods[] = {
423 _SHA3_SHA3_224_COPY_METHODDEF
424 _SHA3_SHA3_224_DIGEST_METHODDEF
425 _SHA3_SHA3_224_HEXDIGEST_METHODDEF
426 _SHA3_SHA3_224_UPDATE_METHODDEF
427 {NULL, NULL} /* sentinel */
428 };
429
430
431 static PyObject *
SHA3_get_block_size(SHA3object * self,void * closure)432 SHA3_get_block_size(SHA3object *self, void *closure)
433 {
434 int rate = self->hash_state.sponge.rate;
435 return PyLong_FromLong(rate / 8);
436 }
437
438
439 static PyObject *
SHA3_get_name(SHA3object * self,void * closure)440 SHA3_get_name(SHA3object *self, void *closure)
441 {
442 PyTypeObject *type = Py_TYPE(self);
443
444 SHA3State *state = PyType_GetModuleState(type);
445 assert(state != NULL);
446
447 if (type == state->sha3_224_type) {
448 return PyUnicode_FromString("sha3_224");
449 } else if (type == state->sha3_256_type) {
450 return PyUnicode_FromString("sha3_256");
451 } else if (type == state->sha3_384_type) {
452 return PyUnicode_FromString("sha3_384");
453 } else if (type == state->sha3_512_type) {
454 return PyUnicode_FromString("sha3_512");
455 #ifdef PY_WITH_KECCAK
456 } else if (type == state->keccak_224_type) {
457 return PyUnicode_FromString("keccak_224");
458 } else if (type == state->keccak_256_type) {
459 return PyUnicode_FromString("keccak_256");
460 } else if (type == state->keccak_384_type) {
461 return PyUnicode_FromString("keccak_384");
462 } else if (type == state->keccak_512_type) {
463 return PyUnicode_FromString("keccak_512");
464 #endif
465 } else if (type == state->shake_128_type) {
466 return PyUnicode_FromString("shake_128");
467 } else if (type == state->shake_256_type) {
468 return PyUnicode_FromString("shake_256");
469 } else {
470 PyErr_BadInternalCall();
471 return NULL;
472 }
473 }
474
475
476 static PyObject *
SHA3_get_digest_size(SHA3object * self,void * closure)477 SHA3_get_digest_size(SHA3object *self, void *closure)
478 {
479 return PyLong_FromLong(self->hash_state.fixedOutputLength / 8);
480 }
481
482
483 static PyObject *
SHA3_get_capacity_bits(SHA3object * self,void * closure)484 SHA3_get_capacity_bits(SHA3object *self, void *closure)
485 {
486 int capacity = 1600 - self->hash_state.sponge.rate;
487 return PyLong_FromLong(capacity);
488 }
489
490
491 static PyObject *
SHA3_get_rate_bits(SHA3object * self,void * closure)492 SHA3_get_rate_bits(SHA3object *self, void *closure)
493 {
494 unsigned int rate = self->hash_state.sponge.rate;
495 return PyLong_FromLong(rate);
496 }
497
498 static PyObject *
SHA3_get_suffix(SHA3object * self,void * closure)499 SHA3_get_suffix(SHA3object *self, void *closure)
500 {
501 unsigned char suffix[2];
502 suffix[0] = self->hash_state.delimitedSuffix;
503 suffix[1] = 0;
504 return PyBytes_FromStringAndSize((const char *)suffix, 1);
505 }
506
507 static PyGetSetDef SHA3_getseters[] = {
508 {"block_size", (getter)SHA3_get_block_size, NULL, NULL, NULL},
509 {"name", (getter)SHA3_get_name, NULL, NULL, NULL},
510 {"digest_size", (getter)SHA3_get_digest_size, NULL, NULL, NULL},
511 {"_capacity_bits", (getter)SHA3_get_capacity_bits, NULL, NULL, NULL},
512 {"_rate_bits", (getter)SHA3_get_rate_bits, NULL, NULL, NULL},
513 {"_suffix", (getter)SHA3_get_suffix, NULL, NULL, NULL},
514 {NULL} /* Sentinel */
515 };
516
517 #define SHA3_TYPE_SLOTS(type_slots_obj, type_doc, type_methods) \
518 static PyType_Slot type_slots_obj[] = { \
519 {Py_tp_dealloc, SHA3_dealloc}, \
520 {Py_tp_doc, (char*)type_doc}, \
521 {Py_tp_methods, type_methods}, \
522 {Py_tp_getset, SHA3_getseters}, \
523 {Py_tp_new, py_sha3_new}, \
524 {0,0} \
525 }
526
527 // Using PyType_GetModuleState() on these types is safe since they
528 // cannot be subclassed: it does not have the Py_TPFLAGS_BASETYPE flag.
529 #define SHA3_TYPE_SPEC(type_spec_obj, type_name, type_slots) \
530 static PyType_Spec type_spec_obj = { \
531 .name = "_sha3." type_name, \
532 .basicsize = sizeof(SHA3object), \
533 .flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_IMMUTABLETYPE, \
534 .slots = type_slots \
535 }
536
537 PyDoc_STRVAR(sha3_224__doc__,
538 "sha3_224([data], *, usedforsecurity=True) -> SHA3 object\n\
539 \n\
540 Return a new SHA3 hash object with a hashbit length of 28 bytes.");
541
542 PyDoc_STRVAR(sha3_256__doc__,
543 "sha3_256([data], *, usedforsecurity=True) -> SHA3 object\n\
544 \n\
545 Return a new SHA3 hash object with a hashbit length of 32 bytes.");
546
547 PyDoc_STRVAR(sha3_384__doc__,
548 "sha3_384([data], *, usedforsecurity=True) -> SHA3 object\n\
549 \n\
550 Return a new SHA3 hash object with a hashbit length of 48 bytes.");
551
552 PyDoc_STRVAR(sha3_512__doc__,
553 "sha3_512([data], *, usedforsecurity=True) -> SHA3 object\n\
554 \n\
555 Return a new SHA3 hash object with a hashbit length of 64 bytes.");
556
557 #ifdef PY_WITH_KECCAK
558 PyDoc_STRVAR(keccak_224__doc__,
559 "keccak_224([data], *, usedforsecurity=True) -> Keccak object\n\
560 \n\
561 Return a new Keccak hash object with a hashbit length of 28 bytes.");
562
563 PyDoc_STRVAR(keccak_256__doc__,
564 "keccak_256([data], *, usedforsecurity=True) -> Keccak object\n\
565 \n\
566 Return a new Keccak hash object with a hashbit length of 32 bytes.");
567
568 PyDoc_STRVAR(keccak_384__doc__,
569 "keccak_384([data], *, usedforsecurity=True) -> Keccak object\n\
570 \n\
571 Return a new Keccak hash object with a hashbit length of 48 bytes.");
572
573 PyDoc_STRVAR(keccak_512__doc__,
574 "keccak_512([data], *, usedforsecurity=True) -> Keccak object\n\
575 \n\
576 Return a new Keccak hash object with a hashbit length of 64 bytes.");
577
578 #endif
579
580 SHA3_TYPE_SLOTS(sha3_224_slots, sha3_224__doc__, SHA3_methods);
581 SHA3_TYPE_SPEC(sha3_224_spec, "sha3_224", sha3_224_slots);
582
583 SHA3_TYPE_SLOTS(sha3_256_slots, sha3_256__doc__, SHA3_methods);
584 SHA3_TYPE_SPEC(sha3_256_spec, "sha3_256", sha3_256_slots);
585
586 SHA3_TYPE_SLOTS(sha3_384_slots, sha3_384__doc__, SHA3_methods);
587 SHA3_TYPE_SPEC(sha3_384_spec, "sha3_384", sha3_384_slots);
588
589 SHA3_TYPE_SLOTS(sha3_512_slots, sha3_512__doc__, SHA3_methods);
590 SHA3_TYPE_SPEC(sha3_512_spec, "sha3_512", sha3_512_slots);
591
592 #ifdef PY_WITH_KECCAK
593 SHA3_TYPE_SLOTS(Keccak_224_slots, keccak_224__doc__, SHA3_methods);
594 SHA3_TYPE_SPEC(Keccak_224_spec, "keccak_224", Keccak_224_slots);
595
596 SHA3_TYPE_SLOTS(Keccak_256_slots, keccak_256__doc__, SHA3_methods);
597 SHA3_TYPE_SPEC(Keccak_256_spec, "keccak_256", Keccak_256_slots);
598
599 SHA3_TYPE_SLOTS(Keccak_384_slots, keccak_384__doc__, SHA3_methods);
600 SHA3_TYPE_SPEC(Keccak_384_spec, "keccak_384", Keccak_384_slots);
601
602 SHA3_TYPE_SLOTS(Keccak_512_slots, keccak_512__doc__, SHA3_methods);
603 SHA3_TYPE_SPEC(Keccak_512_spec, "keccak_512", Keccak_512_slots);
604 #endif
605
606
607 static PyObject *
_SHAKE_digest(SHA3object * self,unsigned long digestlen,int hex)608 _SHAKE_digest(SHA3object *self, unsigned long digestlen, int hex)
609 {
610 unsigned char *digest = NULL;
611 SHA3_state temp;
612 int res;
613 PyObject *result = NULL;
614
615 if (digestlen >= (1 << 29)) {
616 PyErr_SetString(PyExc_ValueError, "length is too large");
617 return NULL;
618 }
619 /* ExtractLane needs at least SHA3_MAX_DIGESTSIZE + SHA3_LANESIZE and
620 * SHA3_LANESIZE extra space.
621 */
622 digest = (unsigned char*)PyMem_Malloc(digestlen + SHA3_LANESIZE);
623 if (digest == NULL) {
624 return PyErr_NoMemory();
625 }
626
627 /* Get the raw (binary) digest value */
628 ENTER_HASHLIB(self);
629 SHA3_copystate(temp, self->hash_state);
630 LEAVE_HASHLIB(self);
631 res = SHA3_done(&temp, NULL);
632 if (res != SUCCESS) {
633 PyErr_SetString(PyExc_RuntimeError, "internal error in SHA3 done()");
634 goto error;
635 }
636 res = SHA3_squeeze(&temp, digest, digestlen * 8);
637 if (res != SUCCESS) {
638 PyErr_SetString(PyExc_RuntimeError, "internal error in SHA3 Squeeze()");
639 return NULL;
640 }
641 if (hex) {
642 result = _Py_strhex((const char *)digest, digestlen);
643 } else {
644 result = PyBytes_FromStringAndSize((const char *)digest,
645 digestlen);
646 }
647 error:
648 if (digest != NULL) {
649 PyMem_Free(digest);
650 }
651 return result;
652 }
653
654
655 /*[clinic input]
656 _sha3.shake_128.digest
657
658 length: unsigned_long
659 /
660
661 Return the digest value as a bytes object.
662 [clinic start generated code]*/
663
664 static PyObject *
_sha3_shake_128_digest_impl(SHA3object * self,unsigned long length)665 _sha3_shake_128_digest_impl(SHA3object *self, unsigned long length)
666 /*[clinic end generated code: output=2313605e2f87bb8f input=418ef6a36d2e6082]*/
667 {
668 return _SHAKE_digest(self, length, 0);
669 }
670
671
672 /*[clinic input]
673 _sha3.shake_128.hexdigest
674
675 length: unsigned_long
676 /
677
678 Return the digest value as a string of hexadecimal digits.
679 [clinic start generated code]*/
680
681 static PyObject *
_sha3_shake_128_hexdigest_impl(SHA3object * self,unsigned long length)682 _sha3_shake_128_hexdigest_impl(SHA3object *self, unsigned long length)
683 /*[clinic end generated code: output=bf8e2f1e490944a8 input=69fb29b0926ae321]*/
684 {
685 return _SHAKE_digest(self, length, 1);
686 }
687
688
689 static PyMethodDef SHAKE_methods[] = {
690 _SHA3_SHA3_224_COPY_METHODDEF
691 _SHA3_SHAKE_128_DIGEST_METHODDEF
692 _SHA3_SHAKE_128_HEXDIGEST_METHODDEF
693 _SHA3_SHA3_224_UPDATE_METHODDEF
694 {NULL, NULL} /* sentinel */
695 };
696
697 PyDoc_STRVAR(shake_128__doc__,
698 "shake_128([data], *, usedforsecurity=True) -> SHAKE object\n\
699 \n\
700 Return a new SHAKE hash object.");
701
702 PyDoc_STRVAR(shake_256__doc__,
703 "shake_256([data], *, usedforsecurity=True) -> SHAKE object\n\
704 \n\
705 Return a new SHAKE hash object.");
706
707 SHA3_TYPE_SLOTS(SHAKE128slots, shake_128__doc__, SHAKE_methods);
708 SHA3_TYPE_SPEC(SHAKE128_spec, "shake_128", SHAKE128slots);
709
710 SHA3_TYPE_SLOTS(SHAKE256slots, shake_256__doc__, SHAKE_methods);
711 SHA3_TYPE_SPEC(SHAKE256_spec, "shake_256", SHAKE256slots);
712
713
714 static int
_sha3_traverse(PyObject * module,visitproc visit,void * arg)715 _sha3_traverse(PyObject *module, visitproc visit, void *arg)
716 {
717 SHA3State *state = sha3_get_state(module);
718 Py_VISIT(state->sha3_224_type);
719 Py_VISIT(state->sha3_256_type);
720 Py_VISIT(state->sha3_384_type);
721 Py_VISIT(state->sha3_512_type);
722 #ifdef PY_WITH_KECCAK
723 Py_VISIT(state->keccak_224_type);
724 Py_VISIT(state->keccak_256_type);
725 Py_VISIT(state->keccak_384_type);
726 Py_VISIT(state->keccak_512_type);
727 #endif
728 Py_VISIT(state->shake_128_type);
729 Py_VISIT(state->shake_256_type);
730 return 0;
731 }
732
733 static int
_sha3_clear(PyObject * module)734 _sha3_clear(PyObject *module)
735 {
736 SHA3State *state = sha3_get_state(module);
737 Py_CLEAR(state->sha3_224_type);
738 Py_CLEAR(state->sha3_256_type);
739 Py_CLEAR(state->sha3_384_type);
740 Py_CLEAR(state->sha3_512_type);
741 #ifdef PY_WITH_KECCAK
742 Py_CLEAR(state->keccak_224_type);
743 Py_CLEAR(state->keccak_256_type);
744 Py_CLEAR(state->keccak_384_type);
745 Py_CLEAR(state->keccak_512_type);
746 #endif
747 Py_CLEAR(state->shake_128_type);
748 Py_CLEAR(state->shake_256_type);
749 return 0;
750 }
751
752 static void
_sha3_free(void * module)753 _sha3_free(void *module)
754 {
755 _sha3_clear((PyObject *)module);
756 }
757
758 static int
_sha3_exec(PyObject * m)759 _sha3_exec(PyObject *m)
760 {
761 SHA3State *st = sha3_get_state(m);
762
763 #define init_sha3type(type, typespec) \
764 do { \
765 st->type = (PyTypeObject *)PyType_FromModuleAndSpec( \
766 m, &typespec, NULL); \
767 if (st->type == NULL) { \
768 return -1; \
769 } \
770 if (PyModule_AddType(m, st->type) < 0) { \
771 return -1; \
772 } \
773 } while(0)
774
775 init_sha3type(sha3_224_type, sha3_224_spec);
776 init_sha3type(sha3_256_type, sha3_256_spec);
777 init_sha3type(sha3_384_type, sha3_384_spec);
778 init_sha3type(sha3_512_type, sha3_512_spec);
779 #ifdef PY_WITH_KECCAK
780 init_sha3type(keccak_224_type, Keccak_224_spec);
781 init_sha3type(keccak_256_type, Keccak_256_spec);
782 init_sha3type(keccak_384_type, Keccak_384_spec);
783 init_sha3type(keccak_512_type, Keccak_512_spec);
784 #endif
785 init_sha3type(shake_128_type, SHAKE128_spec);
786 init_sha3type(shake_256_type, SHAKE256_spec);
787 #undef init_sha3type
788
789 if (PyModule_AddIntConstant(m, "keccakopt", KeccakOpt) < 0) {
790 return -1;
791 }
792 if (PyModule_AddStringConstant(m, "implementation",
793 KeccakP1600_implementation) < 0) {
794 return -1;
795 }
796
797 return 0;
798 }
799
800 static PyModuleDef_Slot _sha3_slots[] = {
801 {Py_mod_exec, _sha3_exec},
802 {0, NULL}
803 };
804
805 /* Initialize this module. */
806 static struct PyModuleDef _sha3module = {
807 PyModuleDef_HEAD_INIT,
808 .m_name = "_sha3",
809 .m_size = sizeof(SHA3State),
810 .m_slots = _sha3_slots,
811 .m_traverse = _sha3_traverse,
812 .m_clear = _sha3_clear,
813 .m_free = _sha3_free,
814 };
815
816
817 PyMODINIT_FUNC
PyInit__sha3(void)818 PyInit__sha3(void)
819 {
820 return PyModuleDef_Init(&_sha3module);
821 }
822