# =================================================================== # # Copyright (c) 2014, Legrandin # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS # FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE # COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # =================================================================== """BLAKE2b cryptographic hash algorithm. `BLAKE2b`_ is an optimized variant of BLAKE, one of the SHA-3 candidates that made it to the final round of the NIST hash competition. The algorithm uses 64 bit words, and it therefore works best on 64-bit platforms. The digest size ranges from 8 to 512 bits. >>> from Crypto.Hash import BLAKE2b >>> >>> h_obj = BLAKE2b.new(digest_bits=512) >>> h_obj.update(b'Some data') >>> print h_obj.hexdigest() Optionally, BLAKE2b can work as a cryptographic MAC when initialized with a secret key. >>> from Crypto.Hash import BLAKE2b >>> >>> mac = BLAKE2b.new(digest_bits=256, key=b'secret') >>> mac.update(b'Some data') >>> print mac.hexdigest() :undocumented: __package__ .. _BLAKE2b: https://blake2.net/ """ from binascii import unhexlify from Crypto.Util.py3compat import b, bord, tobytes from Crypto.Random import get_random_bytes from Crypto.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer, SmartPointer, create_string_buffer, get_raw_buffer, c_size_t, expect_byte_string) _raw_blake2b_lib = load_pycryptodome_raw_lib("Crypto.Hash._BLAKE2b", """ int blake2b_init(void **state, const uint8_t *key, size_t key_size, size_t digest_size); int blake2b_destroy(void *state); int blake2b_update(void *state, const uint8_t *buf, size_t len); int blake2b_digest(const void *state, uint8_t digest[64]); int blake2b_copy(const void *src, void *dst); """) class BLAKE2b_Hash(object): """Class that implements a BLAKE2b hash """ #: The internal block size of the hash algorithm in bytes. block_size = 64 def __init__(self, data, key, digest_bytes): """ Initialize a BLAKE2b hash object. """ #: The size of the resulting hash in bytes. self.digest_size = digest_bytes # See https://tools.ietf.org/html/draft-saarinen-blake2-02 if digest_bytes in (20, 32, 48, 64) and not key: self.oid = "1.3.6.1.4.1.1722.12.2.1." + str(digest_bytes) expect_byte_string(key) state = VoidPointer() result = _raw_blake2b_lib.blake2b_init(state.address_of(), key, c_size_t(len(key)), c_size_t(digest_bytes) ) if result: raise ValueError("Error %d while instantiating BLAKE2b" % result) self._state = SmartPointer(state.get(), _raw_blake2b_lib.blake2b_destroy) if data: self.update(data) def update(self, data): """Continue hashing of a message by consuming the next chunk of data. Repeated calls are equivalent to a single call with the concatenation of all the arguments. In other words: >>> m.update(a); m.update(b) is equivalent to: >>> m.update(a+b) :Parameters: data : byte string The next chunk of the message being hashed. """ expect_byte_string(data) result = _raw_blake2b_lib.blake2b_update(self._state.get(), data, c_size_t(len(data))) if result: raise ValueError("Error %d while hashing BLAKE2b data" % result) return self def digest(self): """Return the **binary** (non-printable) digest of the message that has been hashed so far. This method does not change the state of the hash object. You can continue updating the object after calling this function. :Return: A byte string of `digest_size` bytes. It may contain non-ASCII characters, including null bytes. """ bfr = create_string_buffer(64) result = _raw_blake2b_lib.blake2b_digest(self._state.get(), bfr) if result: raise ValueError("Error %d while creating BLAKE2b digest" % result) return get_raw_buffer(bfr)[:self.digest_size] def hexdigest(self): """Return the **printable** digest of the message that has been hashed so far. This method does not change the state of the hash object. :Return: A string of 2* `digest_size` characters. It contains only hexadecimal ASCII digits. """ return "".join(["%02x" % bord(x) for x in tuple(self.digest())]) def copy(self): """Return a copy ("clone") of the hash object. The copy will have the same internal state as the original hash object. This can be used to efficiently compute the digests of strings that share a common initial substring. :Return: A hash object of the same type """ clone = BLAKE2b_Hash(None, b(""), self.digest_size) result = _raw_blake2b_lib.blake2b_copy(self._state.get(), clone._state.get()) if result: raise ValueError("Error %d while copying BLAKE2b" % result) return clone def verify(self, mac_tag): """Verify that a given **binary** MAC (computed by another party) is valid. :Parameters: mac_tag : byte string The expected MAC of the message. :Raises ValueError: if the MAC does not match. It means that the message has been tampered with or that the MAC key is incorrect. """ secret = get_random_bytes(16) mac1 = new(digest_bits=160, key=secret, data=mac_tag) mac2 = new(digest_bits=160, key=secret, data=self.digest()) if mac1.digest() != mac2.digest(): raise ValueError("MAC check failed") def hexverify(self, hex_mac_tag): """Verify that a given **printable** MAC (computed by another party) is valid. :Parameters: hex_mac_tag : string The expected MAC of the message, as a hexadecimal string. :Raises ValueError: if the MAC does not match. It means that the message has been tampered with or that the MAC key is incorrect. """ self.verify(unhexlify(tobytes(hex_mac_tag))) def new(self, **kwargs): """Return a new instance of a BLAKE2b hash object.""" if "digest_bytes" not in kwargs and "digest_bits" not in kwargs: kwargs["digest_bytes"] = self.digest_size return new(**kwargs) def new(**kwargs): """Return a new instance of a BLAKE2b hash object. :Keywords: data : byte string The very first chunk of the message to hash. It is equivalent to an early call to `BLAKE2b_Hash.update()`. digest_bytes : integer The size of the digest, in bytes (1 to 64). digest_bits : integer The size of the digest, in bits (8 to 512, in steps of 8). key : byte string The key to use to compute the MAC (1 to 64 bytes). If not specified, no key will be used. :Return: A `BLAKE2b_Hash` object """ data = kwargs.pop("data", None) digest_bytes = kwargs.pop("digest_bytes", None) digest_bits = kwargs.pop("digest_bits", None) if None not in (digest_bytes, digest_bits): raise TypeError("Only one digest parameter must be provided") if (None, None) == (digest_bytes, digest_bits): raise TypeError("Digest size (bits, bytes) not provided") if digest_bytes is not None: if not (1 <= digest_bytes <= 64): raise ValueError("'digest_bytes' not in range 1..64") else: if not (8 <= digest_bits <= 512) or (digest_bits % 8): raise ValueError("'digest_bytes' not in range 8..512, " "with steps of 8") digest_bytes = digest_bits // 8 key = kwargs.pop("key", b("")) if len(key) > 64: raise ValueError("BLAKE2s key cannot exceed 64 bytes") if kwargs: raise TypeError("Unknown parameters: " + str(kwargs)) return BLAKE2b_Hash(data, key, digest_bytes)