From bfc6fae472457c37abafb3818b44f0bd639be6cc Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 16 Jan 2019 19:10:48 -0600 Subject: support bytes-like keys in CMAC and HMAC contexts (#4701) --- docs/hazmat/primitives/mac/hmac.rst | 3 ++- src/cryptography/hazmat/backends/openssl/cmac.py | 3 ++- src/cryptography/hazmat/backends/openssl/hmac.py | 3 ++- tests/hazmat/primitives/test_cmac.py | 13 +++++++++++++ tests/hazmat/primitives/test_hmac.py | 10 ++++++++++ 5 files changed, 29 insertions(+), 3 deletions(-) diff --git a/docs/hazmat/primitives/mac/hmac.rst b/docs/hazmat/primitives/mac/hmac.rst index c605e58c..4c2f21c8 100644 --- a/docs/hazmat/primitives/mac/hmac.rst +++ b/docs/hazmat/primitives/mac/hmac.rst @@ -54,7 +54,8 @@ of a message. ... cryptography.exceptions.InvalidSignature: Signature did not match digest. - :param bytes key: Secret key as ``bytes``. + :param key: Secret key as ``bytes``. + :type key: :term:`bytes-like` :param algorithm: An :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` instance such as those described in diff --git a/src/cryptography/hazmat/backends/openssl/cmac.py b/src/cryptography/hazmat/backends/openssl/cmac.py index e20f66d3..bc88f336 100644 --- a/src/cryptography/hazmat/backends/openssl/cmac.py +++ b/src/cryptography/hazmat/backends/openssl/cmac.py @@ -36,8 +36,9 @@ class _CMACContext(object): self._backend.openssl_assert(ctx != self._backend._ffi.NULL) ctx = self._backend._ffi.gc(ctx, self._backend._lib.CMAC_CTX_free) + key_ptr = self._backend._ffi.from_buffer(self._key) res = self._backend._lib.CMAC_Init( - ctx, self._key, len(self._key), + ctx, key_ptr, len(self._key), evp_cipher, self._backend._ffi.NULL ) self._backend.openssl_assert(res == 1) diff --git a/src/cryptography/hazmat/backends/openssl/hmac.py b/src/cryptography/hazmat/backends/openssl/hmac.py index 99c43f2a..b606e111 100644 --- a/src/cryptography/hazmat/backends/openssl/hmac.py +++ b/src/cryptography/hazmat/backends/openssl/hmac.py @@ -32,8 +32,9 @@ class _HMACContext(object): algorithm.name), _Reasons.UNSUPPORTED_HASH ) + key_ptr = self._backend._ffi.from_buffer(key) res = self._backend._lib.HMAC_Init_ex( - ctx, key, len(key), evp_md, self._backend._ffi.NULL + ctx, key_ptr, len(key), evp_md, self._backend._ffi.NULL ) self._backend.openssl_assert(res != 0) diff --git a/tests/hazmat/primitives/test_cmac.py b/tests/hazmat/primitives/test_cmac.py index 2ca05d6d..e319396d 100644 --- a/tests/hazmat/primitives/test_cmac.py +++ b/tests/hazmat/primitives/test_cmac.py @@ -183,6 +183,19 @@ class TestCMAC(object): copy_cmac = cmac.copy() assert cmac.finalize() == copy_cmac.finalize() + @pytest.mark.supported( + only_if=lambda backend: backend.cmac_algorithm_supported( + AES(fake_key)), + skip_message="Does not support CMAC." + ) + def test_buffer_protocol(self, backend): + key = bytearray(b"2b7e151628aed2a6abf7158809cf4f3c") + cmac = CMAC(AES(key), backend) + cmac.update(b"6bc1bee22e409f96e93d7e117393172a") + assert cmac.finalize() == binascii.unhexlify( + b"a21e6e647bfeaf5ca0a5e1bcd957dfad" + ) + def test_invalid_backend(): key = b"2b7e151628aed2a6abf7158809cf4f3c" diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 50aa9cc2..b6d18ff1 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -4,6 +4,8 @@ from __future__ import absolute_import, division, print_function +import binascii + import pytest from cryptography.exceptions import ( @@ -79,6 +81,14 @@ class TestHMAC(object): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): hmac.HMAC(b"key", DummyHashAlgorithm(), backend) + def test_buffer_protocol(self, backend): + key = bytearray(b"2b7e151628aed2a6abf7158809cf4f3c") + h = hmac.HMAC(key, hashes.SHA256(), backend) + h.update(b"6bc1bee22e409f96e93d7e117393172a") + assert h.finalize() == binascii.unhexlify( + b"a1bf7169c56a501c6585190ff4f07cad6e492a3ee187c0372614fb444b9fc3f0" + ) + def test_invalid_backend(): pretend_backend = object() -- cgit v1.2.3