Use buffer length instead of capacity in hash/mac calculation

Author: otethal

graalpython/com.oracle.graal.python.test/src/tests/test_hashlib.py

@@ -0,0 +1,96 @@
+# Copyright (c) 2023, 2023, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# The Universal Permissive License (UPL), Version 1.0
+#
+# Subject to the condition set forth below, permission is hereby granted to any
+# person obtaining a copy of this software, associated documentation and/or
+# data (collectively the "Software"), free of charge and under any and all
+# copyright rights in the Software, and any and all patent rights owned or
+# freely licensable by each licensor hereunder covering either (i) the
+# unmodified Software as contributed to or provided by such licensor, or (ii)
+# the Larger Works (as defined below), to deal in both
+#
+# (a) the Software, and
+#
+# (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+# one is included with the Software each a "Larger Work" to which the Software
+# is contributed by such licensors),
+#
+# without restriction, including without limitation the rights to copy, create
+# derivative works of, display, perform, and distribute the Software and make,
+# use, sell, offer for sale, import, export, have made, and have sold the
+# Software and the Larger Work(s), and to sublicense the foregoing rights on
+# either these or other terms.
+#
+# This license is subject to the following condition:
+#
+# The above copyright notice and either this complete permission notice or at a
+# minimum a reference to the UPL must be included in all copies or substantial
+# portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+import hashlib
+import hmac
+import unittest
+
+
+class HashlibTest(unittest.TestCase):
+
+    def test_messagedigest_update_after_digest(self):
+        sha1 = hashlib.sha1()
+        sha1.update(b'a')
+        self.assertEqual('86f7e437faa5a7fce15d1ddcb9eaeaea377667b8', sha1.hexdigest())
+        sha1.update(b'b')
+        self.assertEqual('da23614e02469a0d7c7bd1bdab5c9c474b1904dc', sha1.hexdigest())
+
+    def test_mac_update_after_digest(self):
+        hm = hmac.new(b'key', digestmod=hashlib.sha256)
+        hm.update(b'a')
+        self.assertEqual('780c3db4ce3de5b9e55816fba98f590631d96c075271b26976238d5f4444219b', hm.hexdigest())
+        hm.update(b'b')
+        self.assertEqual('5c1c0c948cbef5ad7d191e46e5901fa0395f85f694fa4633f665a1a637017b65', hm.hexdigest())
+
+    def test_messagedigest_buffer_length_in_constructor(self):
+        sha1 = hashlib.sha1(self._get_buffer())
+        self.assertEqual('86f7e437faa5a7fce15d1ddcb9eaeaea377667b8', sha1.hexdigest())
+
+    def test_messagedigest_buffer_length_in_update(self):
+        sha1 = hashlib.sha1()
+        sha1.update(self._get_buffer())
+        self.assertEqual('86f7e437faa5a7fce15d1ddcb9eaeaea377667b8', sha1.hexdigest())
+
+    def test_mac_buffer_length_in_constructor(self):
+        hm = hmac.new(b'key', self._get_buffer(), digestmod=hashlib.sha256)
+        self.assertEqual('780c3db4ce3de5b9e55816fba98f590631d96c075271b26976238d5f4444219b', hm.hexdigest())
+
+    def test_mac_buffer_length_in_update(self):
+        hm = hmac.new(b'key', digestmod=hashlib.sha256)
+        hm.update(self._get_buffer())
+        self.assertEqual('780c3db4ce3de5b9e55816fba98f590631d96c075271b26976238d5f4444219b', hm.hexdigest())
+
+    def test_mac_key_length(self):
+        hm = hmac.new(self._get_buffer(), b'data', digestmod=hashlib.sha256)
+        self.assertEqual('c449f6626bf7f997cda786d07895f086c2fa18eab25b1c08c4de66a5d46a2a08', hm.hexdigest())
+
+    @staticmethod
+    def _get_buffer():
+        ba = bytearray(b'ab')
+        ba.remove(ord('b'))
+        # The capacity of ba should now be different from its length.
+        # Also, the rest of the buffer is not filled with binary zeroes - this is important for
+        # test_mac_key_length because according to RFC 2104, the key is padded with zeroes anyway.
+        # So providing a buffer with capacity > length, but with zero padding as the key argument to HMAC
+        # would not trigger the bug.
+        return ba
+
+
+if __name__ == '__main__':
+    unittest.main()

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/modules/hashlib/DigestObject.java

@@ -182,21 +182,21 @@ private PythonBuiltinClassType determineMainDigestType() {
      * calculate the digest on a clone, but that does not need to be supported. If it is not, then
      * we calculate the digest normally, but we must prevent any further updates.
      *
-     * @see #wasReset(), {@link #update(byte[])}
+     * @see #wasReset(), {@link #update(byte[], int)}
      */
     abstract byte[] digest();
 
     /**
      * @return true if the digest has already been calculated and the underlying implementation does
      *         not support cloning, in which case this object can no longer be
-     *         {@linkplain #update(byte[]) updated}
+     *         {@linkplain #update(byte[], int) updated}
      */
     abstract boolean wasReset();
 
     /**
      * Must not be called if {@link #wasReset()} returns true.
      */
-    abstract void update(byte[] data);
+    abstract void update(byte[] data, int length);
 
     abstract DigestObject copy(PythonObjectFactory factory) throws CloneNotSupportedException;
 
@@ -207,8 +207,8 @@ final String getAlgorithm() {
     }
 
     /**
-     * Ensures that {@link #update(byte[])} is not called after {@link #digest()} if cloning is not
-     * supported. Also caches the digest and ensures that the cache is cleared on update.
+     * Ensures that {@link #update(byte[], int)} is not called after {@link #digest()} if cloning is
+     * not supported. Also caches the digest and ensures that the cache is cleared on update.
      */
     private abstract static class DigestObjectBase extends DigestObject {
         private byte[] cachedDigest = null;
@@ -237,19 +237,19 @@ final byte[] digest() {
         }
 
         @Override
-        final void update(byte[] data) {
+        final void update(byte[] data, int length) {
             if (wasReset) {
                 throw CompilerDirectives.shouldNotReachHere("update() called after digest() on an implementation the does not support clone()");
             }
             cachedDigest = null;
-            doUpdate(data);
+            doUpdate(data, length);
         }
 
         abstract byte[] calculateDigestOnClone() throws CloneNotSupportedException;
 
         abstract byte[] calculateDigest();
 
-        abstract void doUpdate(byte[] data);
+        abstract void doUpdate(byte[] data, int length);
     }
 
     private static final class MessageDigestObject extends DigestObjectBase {
@@ -280,8 +280,8 @@ byte[] calculateDigest() {
 
         @Override
         @TruffleBoundary
-        void doUpdate(byte[] data) {
-            digest.update(data);
+        void doUpdate(byte[] data, int length) {
+            digest.update(data, 0, length);
         }
 
         @Override
@@ -319,8 +319,8 @@ byte[] calculateDigest() {
 
         @Override
         @TruffleBoundary
-        void doUpdate(byte[] data) {
-            mac.update(data);
+        void doUpdate(byte[] data, int length) {
+            mac.update(data, 0, length);
         }
 
         @Override

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/modules/hashlib/DigestObjectBuiltins.java

@@ -127,7 +127,7 @@ PNone update(VirtualFrame frame, DigestObject self, Object buffer,
                 raise(PythonBuiltinClassType.ValueError, ErrorMessages.UPDATING_FINALIZED_DIGEST_IS_NOT_SUPPORTED);
             }
             try {
-                self.update(bufferLib.getInternalOrCopiedByteArray(buffer));
+                self.update(bufferLib.getInternalOrCopiedByteArray(buffer), bufferLib.getBufferLength(buffer));
             } finally {
                 bufferLib.release(buffer, frame, this);
             }

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/modules/hashlib/HashlibModuleBuiltins.java

@@ -314,7 +314,8 @@ Object hmacNew(@SuppressWarnings("unused") PythonModule self, Object keyObj, Obj
                 }
                 try {
                     byte[] msgBytes = msg == null ? null : bufferLib.getInternalOrCopiedByteArray(msg);
-                    Mac mac = createMac(digestmod, bufferLib.getInternalOrCopiedByteArray(key), msgBytes);
+                    int msgLen = msg == null ? 0 : bufferLib.getBufferLength(msg);
+                    Mac mac = createMac(digestmod, bufferLib.getInternalOrCopiedByteArray(key), bufferLib.getBufferLength(key), msgBytes, msgLen);
                     return factory().createDigestObject(PythonBuiltinClassType.HashlibHmac, castJStr.execute(concatStr.execute(HMAC_PREFIX, digestmod, TS_ENCODING, true)), mac);
                 } catch (InvalidKeyException | NoSuchAlgorithmException e) {
                     throw raise(PythonBuiltinClassType.UnsupportedDigestmodError, e);
@@ -330,14 +331,14 @@ Object hmacNew(@SuppressWarnings("unused") PythonModule self, Object keyObj, Obj
     }
 
     @TruffleBoundary
-    static Mac createMac(TruffleString digest, byte[] key, byte[] msg) throws NoSuchAlgorithmException, InvalidKeyException {
+    static Mac createMac(TruffleString digest, byte[] key, int keyLen, byte[] msg, int msgLen) throws NoSuchAlgorithmException, InvalidKeyException {
         String inputName = digest.toJavaStringUncached().toLowerCase();
         String algorithm = "hmac" + NAME_MAPPINGS.getOrDefault(inputName, inputName);
-        SecretKeySpec secretKeySpec = new SecretKeySpec(key, algorithm);
+        SecretKeySpec secretKeySpec = new SecretKeySpec(key, 0, keyLen, algorithm);
         Mac mac = Mac.getInstance(algorithm);
         mac.init(secretKeySpec);
         if (msg != null) {
-            mac.update(msg);
+            mac.update(msg, 0, msgLen);
         }
         return mac;
     }
@@ -361,9 +362,10 @@ Object create(VirtualFrame frame, PythonBuiltinClassType type, String pythonName
             }
             try {
                 byte[] bytes = buffer == null ? null : bufferLib.getInternalOrCopiedByteArray(buffer);
+                int bytesLen = buffer == null ? 0 : bufferLib.getBufferLength(buffer);
                 MessageDigest digest;
                 try {
-                    digest = createDigest(javaName, bytes);
+                    digest = createDigest(javaName, bytes, bytesLen);
                 } catch (NoSuchAlgorithmException e) {
                     throw raise.raise(PythonBuiltinClassType.UnsupportedDigestmodError, e);
                 }
@@ -376,10 +378,10 @@ Object create(VirtualFrame frame, PythonBuiltinClassType type, String pythonName
         }
 
         @TruffleBoundary
-        private static MessageDigest createDigest(String name, byte[] bytes) throws NoSuchAlgorithmException {
+        private static MessageDigest createDigest(String name, byte[] bytes, int bytesLen) throws NoSuchAlgorithmException {
             MessageDigest digest = MessageDigest.getInstance(name);
             if (bytes != null) {
-                digest.update(bytes);
+                digest.update(bytes, 0, bytesLen);
             }
             return digest;
         }