From 8ba0c3d50de27ca92d50acb574b830559657b647 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 11 Aug 2014 13:17:44 -0700 Subject: Refs #1301 -- moved constant time code into it's own .c and .h files --- MANIFEST.in | 2 ++ cryptography/hazmat/primitives/constant_time.py | 29 +++++----------------- cryptography/hazmat/primitives/src/constant_time.c | 18 ++++++++++++++ cryptography/hazmat/primitives/src/constant_time.h | 2 ++ 4 files changed, 28 insertions(+), 23 deletions(-) create mode 100644 cryptography/hazmat/primitives/src/constant_time.c create mode 100644 cryptography/hazmat/primitives/src/constant_time.h diff --git a/MANIFEST.in b/MANIFEST.in index e12e430a..2f2bca7e 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -5,6 +5,8 @@ include LICENSE include README.rst recursive-include docs * +recursive-include cryptography/hazmat/primitives/src *.c +recursive-include cryptography/hazmat/primitives/src *.h prune docs/_build recursive-include tests *.py recursive-exclude vectors * diff --git a/cryptography/hazmat/primitives/constant_time.py b/cryptography/hazmat/primitives/constant_time.py index 9789851a..d75528a8 100644 --- a/cryptography/hazmat/primitives/constant_time.py +++ b/cryptography/hazmat/primitives/constant_time.py @@ -14,37 +14,20 @@ from __future__ import absolute_import, division, print_function import hmac +import os import sys import cffi from cryptography.hazmat.bindings.utils import _create_modulename -TYPES = """ -uint8_t Cryptography_constant_time_bytes_eq(uint8_t *, size_t, uint8_t *, - size_t); -""" -FUNCTIONS = """ -uint8_t Cryptography_constant_time_bytes_eq(uint8_t *a, size_t len_a, - uint8_t *b, size_t len_b) { - size_t i = 0; - uint8_t mismatch = 0; - if (len_a != len_b) { - return 0; - } - for (i = 0; i < len_a; i++) { - mismatch |= a[i] ^ b[i]; - } +with open(os.path.join(os.path.dirname(__file__), "src/constant_time.h")) as f: + TYPES = f.read() + +with open(os.path.join(os.path.dirname(__file__), "src/constant_time.c")) as f: + FUNCTIONS = f.read() - /* Make sure any bits set are copied to the lowest bit */ - mismatch |= mismatch >> 4; - mismatch |= mismatch >> 2; - mismatch |= mismatch >> 1; - /* Now check the low bit to see if it's set */ - return (mismatch & 1) == 0; -} -""" _ffi = cffi.FFI() _ffi.cdef(TYPES) diff --git a/cryptography/hazmat/primitives/src/constant_time.c b/cryptography/hazmat/primitives/src/constant_time.c new file mode 100644 index 00000000..aaed11a0 --- /dev/null +++ b/cryptography/hazmat/primitives/src/constant_time.c @@ -0,0 +1,18 @@ +uint8_t Cryptography_constant_time_bytes_eq(uint8_t *a, size_t len_a, + uint8_t *b, size_t len_b) { + size_t i = 0; + uint8_t mismatch = 0; + if (len_a != len_b) { + return 0; + } + for (i = 0; i < len_a; i++) { + mismatch |= a[i] ^ b[i]; + } + + /* Make sure any bits set are copied to the lowest bit */ + mismatch |= mismatch >> 4; + mismatch |= mismatch >> 2; + mismatch |= mismatch >> 1; + /* Now check the low bit to see if it's set */ + return (mismatch & 1) == 0; +} diff --git a/cryptography/hazmat/primitives/src/constant_time.h b/cryptography/hazmat/primitives/src/constant_time.h new file mode 100644 index 00000000..2cc25802 --- /dev/null +++ b/cryptography/hazmat/primitives/src/constant_time.h @@ -0,0 +1,2 @@ +uint8_t Cryptography_constant_time_bytes_eq(uint8_t *, size_t, uint8_t *, + size_t); -- cgit v1.2.3 From 363d284a246e48f90c6d6bca7cfbfba15a3918a1 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 11 Aug 2014 13:19:58 -0700 Subject: Simplify, thanks @dstufft --- MANIFEST.in | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/MANIFEST.in b/MANIFEST.in index 2f2bca7e..07e3f97a 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -5,8 +5,7 @@ include LICENSE include README.rst recursive-include docs * -recursive-include cryptography/hazmat/primitives/src *.c -recursive-include cryptography/hazmat/primitives/src *.h +recursive-include cryptography/hazmat/primitives/src *.c *.h prune docs/_build recursive-include tests *.py recursive-exclude vectors * -- cgit v1.2.3 From e23dd3ac541b45efaf314e49c503e2f3b92317d0 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 11 Aug 2014 13:51:54 -0700 Subject: Fix? --- setup.py | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.py b/setup.py index 6a7642ff..347dbe82 100644 --- a/setup.py +++ b/setup.py @@ -179,6 +179,7 @@ setup( ], packages=find_packages(exclude=["tests", "tests.*"]), + include_package_data=True, install_requires=requirements, setup_requires=requirements, -- cgit v1.2.3 From a4902b67fb4ef1e7fd477d27353242da879ca90c Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 11 Aug 2014 14:38:15 -0700 Subject: Added include guards, and license headers --- cryptography/hazmat/primitives/src/constant_time.c | 17 +++++++++++++++++ cryptography/hazmat/primitives/src/constant_time.h | 19 +++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/cryptography/hazmat/primitives/src/constant_time.c b/cryptography/hazmat/primitives/src/constant_time.c index aaed11a0..d9d5cbfa 100644 --- a/cryptography/hazmat/primitives/src/constant_time.c +++ b/cryptography/hazmat/primitives/src/constant_time.c @@ -1,3 +1,20 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +// implied. +// See the License for the specific language governing permissions and +// limitations under the License. + + +#include "constant_time.h" + + uint8_t Cryptography_constant_time_bytes_eq(uint8_t *a, size_t len_a, uint8_t *b, size_t len_b) { size_t i = 0; diff --git a/cryptography/hazmat/primitives/src/constant_time.h b/cryptography/hazmat/primitives/src/constant_time.h index 2cc25802..f8d74503 100644 --- a/cryptography/hazmat/primitives/src/constant_time.h +++ b/cryptography/hazmat/primitives/src/constant_time.h @@ -1,2 +1,21 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +// implied. +// See the License for the specific language governing permissions and +// limitations under the License. + + +#ifndef _PYCA_CRYPTOGRAPHY_CONSTANT_TIME_H +#define _PYCA_CRYPTOGRAPHY_CONSTANT_TIME_H + uint8_t Cryptography_constant_time_bytes_eq(uint8_t *, size_t, uint8_t *, size_t); + +#endif -- cgit v1.2.3 From c6361b3bf4ee838bde9883503354b1aafe53848f Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 11 Aug 2014 14:38:50 -0700 Subject: Revert "Added include guards, and license headers" This reverts commit a4902b67fb4ef1e7fd477d27353242da879ca90c. --- cryptography/hazmat/primitives/src/constant_time.c | 17 ----------------- cryptography/hazmat/primitives/src/constant_time.h | 19 ------------------- 2 files changed, 36 deletions(-) diff --git a/cryptography/hazmat/primitives/src/constant_time.c b/cryptography/hazmat/primitives/src/constant_time.c index d9d5cbfa..aaed11a0 100644 --- a/cryptography/hazmat/primitives/src/constant_time.c +++ b/cryptography/hazmat/primitives/src/constant_time.c @@ -1,20 +1,3 @@ -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -// implied. -// See the License for the specific language governing permissions and -// limitations under the License. - - -#include "constant_time.h" - - uint8_t Cryptography_constant_time_bytes_eq(uint8_t *a, size_t len_a, uint8_t *b, size_t len_b) { size_t i = 0; diff --git a/cryptography/hazmat/primitives/src/constant_time.h b/cryptography/hazmat/primitives/src/constant_time.h index f8d74503..2cc25802 100644 --- a/cryptography/hazmat/primitives/src/constant_time.h +++ b/cryptography/hazmat/primitives/src/constant_time.h @@ -1,21 +1,2 @@ -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -// implied. -// See the License for the specific language governing permissions and -// limitations under the License. - - -#ifndef _PYCA_CRYPTOGRAPHY_CONSTANT_TIME_H -#define _PYCA_CRYPTOGRAPHY_CONSTANT_TIME_H - uint8_t Cryptography_constant_time_bytes_eq(uint8_t *, size_t, uint8_t *, size_t); - -#endif -- cgit v1.2.3 From 9226ac40ce675494afe298a931f527aba6f9db08 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 11 Aug 2014 14:39:30 -0700 Subject: Added back license headers --- cryptography/hazmat/primitives/src/constant_time.c | 13 +++++++++++++ cryptography/hazmat/primitives/src/constant_time.h | 14 ++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/cryptography/hazmat/primitives/src/constant_time.c b/cryptography/hazmat/primitives/src/constant_time.c index aaed11a0..13ac4ab9 100644 --- a/cryptography/hazmat/primitives/src/constant_time.c +++ b/cryptography/hazmat/primitives/src/constant_time.c @@ -1,3 +1,16 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +// implied. +// See the License for the specific language governing permissions and +// limitations under the License. + uint8_t Cryptography_constant_time_bytes_eq(uint8_t *a, size_t len_a, uint8_t *b, size_t len_b) { size_t i = 0; diff --git a/cryptography/hazmat/primitives/src/constant_time.h b/cryptography/hazmat/primitives/src/constant_time.h index 2cc25802..4f41034e 100644 --- a/cryptography/hazmat/primitives/src/constant_time.h +++ b/cryptography/hazmat/primitives/src/constant_time.h @@ -1,2 +1,16 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +// implied. +// See the License for the specific language governing permissions and +// limitations under the License. + + uint8_t Cryptography_constant_time_bytes_eq(uint8_t *, size_t, uint8_t *, size_t); -- cgit v1.2.3