diff options
| author | Alex Stapleton <alexs@prol.etari.at> | 2014-08-24 10:29:15 +0100 |
|---|---|---|
| committer | Alex Stapleton <alexs@prol.etari.at> | 2014-08-24 10:29:15 +0100 |
| commit | f1b0bcd2cdf71a474b832d4ce3df125bd03271f7 (patch) | |
| tree | 0295ea9234888dc0cc4cbd5ab14ff279dfc61c49 | |
| parent | 567d82e867845049aea81d06fe6abc2849aed279 (diff) | |
| parent | 9226ac40ce675494afe298a931f527aba6f9db08 (diff) | |
| download | cryptography-f1b0bcd2cdf71a474b832d4ce3df125bd03271f7.tar.gz cryptography-f1b0bcd2cdf71a474b832d4ce3df125bd03271f7.tar.bz2 cryptography-f1b0bcd2cdf71a474b832d4ce3df125bd03271f7.zip | |
Merge pull request #1302 from alex/move-to-files
Refs #1301 -- moved constant time code into it's own .c and .h files
| -rw-r--r-- | MANIFEST.in | 1 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/constant_time.py | 29 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/src/constant_time.c | 31 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/src/constant_time.h | 16 | ||||
| -rw-r--r-- | setup.py | 1 |
5 files changed, 55 insertions, 23 deletions
diff --git a/MANIFEST.in b/MANIFEST.in index e12e430a..07e3f97a 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -5,6 +5,7 @@ include LICENSE include README.rst recursive-include docs * +recursive-include cryptography/hazmat/primitives/src *.c *.h prune docs/_build recursive-include tests *.py recursive-exclude vectors * diff --git a/cryptography/hazmat/primitives/constant_time.py b/cryptography/hazmat/primitives/constant_time.py index 9789851a..d75528a8 100644 --- a/cryptography/hazmat/primitives/constant_time.py +++ b/cryptography/hazmat/primitives/constant_time.py @@ -14,37 +14,20 @@ from __future__ import absolute_import, division, print_function import hmac +import os import sys import cffi from cryptography.hazmat.bindings.utils import _create_modulename -TYPES = """ -uint8_t Cryptography_constant_time_bytes_eq(uint8_t *, size_t, uint8_t *, - size_t); -""" -FUNCTIONS = """ -uint8_t Cryptography_constant_time_bytes_eq(uint8_t *a, size_t len_a, - uint8_t *b, size_t len_b) { - size_t i = 0; - uint8_t mismatch = 0; - if (len_a != len_b) { - return 0; - } - for (i = 0; i < len_a; i++) { - mismatch |= a[i] ^ b[i]; - } +with open(os.path.join(os.path.dirname(__file__), "src/constant_time.h")) as f: + TYPES = f.read() + +with open(os.path.join(os.path.dirname(__file__), "src/constant_time.c")) as f: + FUNCTIONS = f.read() - /* Make sure any bits set are copied to the lowest bit */ - mismatch |= mismatch >> 4; - mismatch |= mismatch >> 2; - mismatch |= mismatch >> 1; - /* Now check the low bit to see if it's set */ - return (mismatch & 1) == 0; -} -""" _ffi = cffi.FFI() _ffi.cdef(TYPES) diff --git a/cryptography/hazmat/primitives/src/constant_time.c b/cryptography/hazmat/primitives/src/constant_time.c new file mode 100644 index 00000000..13ac4ab9 --- /dev/null +++ b/cryptography/hazmat/primitives/src/constant_time.c @@ -0,0 +1,31 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +// implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +uint8_t Cryptography_constant_time_bytes_eq(uint8_t *a, size_t len_a, + uint8_t *b, size_t len_b) { + size_t i = 0; + uint8_t mismatch = 0; + if (len_a != len_b) { + return 0; + } + for (i = 0; i < len_a; i++) { + mismatch |= a[i] ^ b[i]; + } + + /* Make sure any bits set are copied to the lowest bit */ + mismatch |= mismatch >> 4; + mismatch |= mismatch >> 2; + mismatch |= mismatch >> 1; + /* Now check the low bit to see if it's set */ + return (mismatch & 1) == 0; +} diff --git a/cryptography/hazmat/primitives/src/constant_time.h b/cryptography/hazmat/primitives/src/constant_time.h new file mode 100644 index 00000000..4f41034e --- /dev/null +++ b/cryptography/hazmat/primitives/src/constant_time.h @@ -0,0 +1,16 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +// implied. +// See the License for the specific language governing permissions and +// limitations under the License. + + +uint8_t Cryptography_constant_time_bytes_eq(uint8_t *, size_t, uint8_t *, + size_t); @@ -179,6 +179,7 @@ setup( ], packages=find_packages(exclude=["tests", "tests.*"]), + include_package_data=True, install_requires=requirements, setup_requires=requirements, |