diff options
| -rw-r--r-- | MANIFEST.in | 2 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/constant_time.py | 29 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/src/constant_time.c | 18 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/src/constant_time.h | 2 |
4 files changed, 28 insertions, 23 deletions
diff --git a/MANIFEST.in b/MANIFEST.in index e12e430a..2f2bca7e 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -5,6 +5,8 @@ include LICENSE include README.rst recursive-include docs * +recursive-include cryptography/hazmat/primitives/src *.c +recursive-include cryptography/hazmat/primitives/src *.h prune docs/_build recursive-include tests *.py recursive-exclude vectors * diff --git a/cryptography/hazmat/primitives/constant_time.py b/cryptography/hazmat/primitives/constant_time.py index 9789851a..d75528a8 100644 --- a/cryptography/hazmat/primitives/constant_time.py +++ b/cryptography/hazmat/primitives/constant_time.py @@ -14,37 +14,20 @@ from __future__ import absolute_import, division, print_function import hmac +import os import sys import cffi from cryptography.hazmat.bindings.utils import _create_modulename -TYPES = """ -uint8_t Cryptography_constant_time_bytes_eq(uint8_t *, size_t, uint8_t *, - size_t); -""" -FUNCTIONS = """ -uint8_t Cryptography_constant_time_bytes_eq(uint8_t *a, size_t len_a, - uint8_t *b, size_t len_b) { - size_t i = 0; - uint8_t mismatch = 0; - if (len_a != len_b) { - return 0; - } - for (i = 0; i < len_a; i++) { - mismatch |= a[i] ^ b[i]; - } +with open(os.path.join(os.path.dirname(__file__), "src/constant_time.h")) as f: + TYPES = f.read() + +with open(os.path.join(os.path.dirname(__file__), "src/constant_time.c")) as f: + FUNCTIONS = f.read() - /* Make sure any bits set are copied to the lowest bit */ - mismatch |= mismatch >> 4; - mismatch |= mismatch >> 2; - mismatch |= mismatch >> 1; - /* Now check the low bit to see if it's set */ - return (mismatch & 1) == 0; -} -""" _ffi = cffi.FFI() _ffi.cdef(TYPES) diff --git a/cryptography/hazmat/primitives/src/constant_time.c b/cryptography/hazmat/primitives/src/constant_time.c new file mode 100644 index 00000000..aaed11a0 --- /dev/null +++ b/cryptography/hazmat/primitives/src/constant_time.c @@ -0,0 +1,18 @@ +uint8_t Cryptography_constant_time_bytes_eq(uint8_t *a, size_t len_a, + uint8_t *b, size_t len_b) { + size_t i = 0; + uint8_t mismatch = 0; + if (len_a != len_b) { + return 0; + } + for (i = 0; i < len_a; i++) { + mismatch |= a[i] ^ b[i]; + } + + /* Make sure any bits set are copied to the lowest bit */ + mismatch |= mismatch >> 4; + mismatch |= mismatch >> 2; + mismatch |= mismatch >> 1; + /* Now check the low bit to see if it's set */ + return (mismatch & 1) == 0; +} diff --git a/cryptography/hazmat/primitives/src/constant_time.h b/cryptography/hazmat/primitives/src/constant_time.h new file mode 100644 index 00000000..2cc25802 --- /dev/null +++ b/cryptography/hazmat/primitives/src/constant_time.h @@ -0,0 +1,2 @@ +uint8_t Cryptography_constant_time_bytes_eq(uint8_t *, size_t, uint8_t *, + size_t); |