Fix hash copy semantics and add tests

Author: JeremiahM37

scripts/build_ffi.py

@@ -575,6 +575,7 @@ def build_ffi(local_wolfssl, features):
         int wc_ShaUpdate(wc_Sha*, const byte*, word32);
         int wc_ShaFinal(wc_Sha*, byte*);
         void wc_ShaFree(wc_Sha*);
+        int wc_ShaCopy(wc_Sha*, wc_Sha*);
         """
 
     if features["SHA256"]:
@@ -584,6 +585,7 @@ def build_ffi(local_wolfssl, features):
         int wc_Sha256Update(wc_Sha256*, const byte*, word32);
         int wc_Sha256Final(wc_Sha256*, byte*);
         void wc_Sha256Free(wc_Sha256*);
+        int wc_Sha256Copy(wc_Sha256*, wc_Sha256*);
         """
 
     if features["SHA384"]:
@@ -593,6 +595,7 @@ def build_ffi(local_wolfssl, features):
         int wc_Sha384Update(wc_Sha384*, const byte*, word32);
         int wc_Sha384Final(wc_Sha384*, byte*);
         void wc_Sha384Free(wc_Sha384*);
+        int wc_Sha384Copy(wc_Sha384*, wc_Sha384*);
         """
 
     if features["SHA512"]:
@@ -603,6 +606,7 @@ def build_ffi(local_wolfssl, features):
         int wc_Sha512Update(wc_Sha512*, const byte*, word32);
         int wc_Sha512Final(wc_Sha512*, byte*);
         void wc_Sha512Free(wc_Sha512*);
+        int wc_Sha512Copy(wc_Sha512*, wc_Sha512*);
         """
     if features["SHA3"]:
         cdef += """
@@ -623,6 +627,10 @@ def build_ffi(local_wolfssl, features):
         void wc_Sha3_256_Free(wc_Sha3*);
         void wc_Sha3_384_Free(wc_Sha3*);
         void wc_Sha3_512_Free(wc_Sha3*);
+        int wc_Sha3_224_Copy(wc_Sha3*, wc_Sha3*);
+        int wc_Sha3_256_Copy(wc_Sha3*, wc_Sha3*);
+        int wc_Sha3_384_Copy(wc_Sha3*, wc_Sha3*);
+        int wc_Sha3_512_Copy(wc_Sha3*, wc_Sha3*);
         """
 
     if features["DES3"]:

tests/test_aesgcmstream.py

@@ -135,3 +135,13 @@ def test_invalid_tag_bytes():
         # valid edge cases
         AesGcmStream(key, iv, tag_bytes=4)
         AesGcmStream(key, iv, tag_bytes=16)
+
+    def test_repeated_construction_destruction():
+        import gc
+        key = "fedcba9876543210"
+        iv = "0123456789abcdef"
+        for _ in range(1000):
+            gcm = AesGcmStream(key, iv)
+            gcm.encrypt("hello world")
+            del gcm
+        gc.collect()

tests/test_ciphers.py

@@ -898,3 +898,15 @@ def test_chacha_non_block_aligned():
     def test_chacha_invalid_key_length():
         with pytest.raises(ValueError, match="key must be"):
             ChaCha(b"\x00" * 20)
+
+
+if _lib.RSA_ENABLED:
+    def test_encrypt_oaep_requires_hash_type(vectors):
+        rsa = RsaPublic(vectors[RsaPublic].key)
+        with pytest.raises(WolfCryptError, match="Hash type not set"):
+            rsa.encrypt_oaep(b"plaintext")
+
+    def test_decrypt_oaep_requires_hash_type(vectors):
+        rsa = RsaPrivate(vectors[RsaPrivate].key)
+        with pytest.raises(WolfCryptError, match="Hash type not set"):
+            rsa.decrypt_oaep(b"\x00" * rsa.output_size)

wolfcrypt/ciphers.py

@@ -396,9 +396,6 @@ class AesGcmStream(object):
         block_size = 16
         _key_sizes = [16, 24, 32]
         _native_type = "Aes *"
-        _aad = bytes()
-        _tag_bytes = 16
-        _mode = None
 
         def __init__(self, key, IV, tag_bytes=16):
             """
@@ -408,7 +405,9 @@ def __init__(self, key, IV, tag_bytes=16):
             IV = t2b(IV)
             if tag_bytes < 4 or tag_bytes > 16:
                 raise ValueError("tag_bytes must be between 4 and 16")
+            self._aad = bytes()
             self._tag_bytes = tag_bytes
+            self._mode = None
             if len(key) not in self._key_sizes:
                 raise ValueError("key must be %s in length, not %d" %
                                  (self._key_sizes, len(key)))
@@ -505,7 +504,9 @@ class ChaCha(_Cipher):
         _IV_nonce = b""
         _IV_counter = 0
 
-        def __init__(self, key="", size=32):
+        def __init__(self, key="", size=32):  # pylint: disable=unused-argument
+            # size is kept for backwards compatibility; key length is now
+            # derived from the actual key and validated against _key_sizes.
             self._native_object = _ffi.new(self._native_type)
             self._enc = None
             self._dec = None

wolfcrypt/hashes.py

@@ -58,9 +58,16 @@ def copy(self):
         """
         copy = self.new("")
 
-        _ffi.memmove(copy._native_object,  # pylint: disable=protected-access
-                     self._native_object,
-                     self._native_size)
+        if hasattr(self, '_copy'):
+            ret = self._copy(self._native_object,
+                             copy._native_object)  # pylint: disable=protected-access
+            if ret < 0:  # pragma: no cover
+                raise WolfCryptError("Hash copy error (%d)" % ret)
+        else:
+            _ffi.memmove(copy._native_object,  # pylint: disable=protected-access
+                         self._native_object,
+                         self._native_size)
+            copy._shallow_copy = True  # pylint: disable=protected-access
 
         return copy
 
@@ -87,12 +94,26 @@ def digest(self):
 
         if self._native_object:
             obj = _ffi.new(self._native_type)
-
-            _ffi.memmove(obj, self._native_object, self._native_size)
-
-            ret = self._final(obj, result)
-            if ret < 0:  # pragma: no cover
-                raise WolfCryptError("Hash finalize error (%d)" % ret)
+            used_deep_copy = hasattr(self, '_copy')
+
+            if used_deep_copy:
+                ret = self._copy(self._native_object, obj)
+                if ret < 0:  # pragma: no cover
+                    raise WolfCryptError("Hash copy error (%d)" % ret)
+            else:
+                _ffi.memmove(obj, self._native_object, self._native_size)
+
+            try:
+                ret = self._final(obj, result)
+                if ret < 0:  # pragma: no cover
+                    raise WolfCryptError("Hash finalize error (%d)" % ret)
+            finally:
+                # Only free when we did a deep copy; memmove'd temps share
+                # internal resources with self and must not be separately freed.
+                if used_deep_copy:
+                    delete = getattr(self, '_delete', None)
+                    if delete:
+                        delete(obj)
 
         return _ffi.buffer(result, self.digest_size)[:]
 
@@ -117,9 +138,11 @@ class Sha(_Hash):
         _native_type = "wc_Sha *"
         _native_size = _ffi.sizeof("wc_Sha")
         _delete = _lib.wc_ShaFree
+        _copy = _lib.wc_ShaCopy
 
         def __del__(self):
-            self._delete(self._native_object)
+            if hasattr(self, '_native_object') and not getattr(self, '_shallow_copy', False):
+                self._delete(self._native_object)
 
         def _init(self):
             return _lib.wc_InitSha(self._native_object)
@@ -143,9 +166,11 @@ class Sha256(_Hash):
         _native_type = "wc_Sha256 *"
         _native_size = _ffi.sizeof("wc_Sha256")
         _delete = _lib.wc_Sha256Free
+        _copy = _lib.wc_Sha256Copy
 
         def __del__(self):
-            self._delete(self._native_object)
+            if hasattr(self, '_native_object') and not getattr(self, '_shallow_copy', False):
+                self._delete(self._native_object)
 
         def _init(self):
             return _lib.wc_InitSha256(self._native_object)
@@ -169,9 +194,11 @@ class Sha384(_Hash):
         _native_type = "wc_Sha384 *"
         _native_size = _ffi.sizeof("wc_Sha384")
         _delete = _lib.wc_Sha384Free
+        _copy = _lib.wc_Sha384Copy
 
         def __del__(self):
-            self._delete(self._native_object)
+            if hasattr(self, '_native_object') and not getattr(self, '_shallow_copy', False):
+                self._delete(self._native_object)
 
         def _init(self):
             return _lib.wc_InitSha384(self._native_object)
@@ -195,9 +222,11 @@ class Sha512(_Hash):
         _native_type = "wc_Sha512 *"
         _native_size = _ffi.sizeof("wc_Sha512")
         _delete = _lib.wc_Sha512Free
+        _copy = _lib.wc_Sha512Copy
 
         def __del__(self):
-            self._delete(self._native_object)
+            if hasattr(self, '_native_object') and not getattr(self, '_shallow_copy', False):
+                self._delete(self._native_object)
 
         def _init(self):
             return _lib.wc_InitSha512(self._native_object)
@@ -232,14 +261,24 @@ class Sha3(_Hash):
             64: _lib.wc_Sha3_512_Free,
         }
 
+        _SHA3_COPY = {
+            28: _lib.wc_Sha3_224_Copy,
+            32: _lib.wc_Sha3_256_Copy,
+            48: _lib.wc_Sha3_384_Copy,
+            64: _lib.wc_Sha3_512_Copy,
+        }
+
         def __del__(self):
-            if hasattr(self, '_delete'):
+            if (hasattr(self, '_native_object')
+                    and not getattr(self, '_shallow_copy', False)
+                    and getattr(self, '_delete', None)):
                 self._delete(self._native_object)
 
         def __init__(self, string=None, size=SHA3_384_DIGEST_SIZE):  # pylint: disable=W0231
             self._native_object = _ffi.new(self._native_type)
             self.digest_size = size
             self._delete = self._SHA3_FREE.get(size)
+            self._copy = self._SHA3_COPY.get(size)
             ret = self._init()
             if ret < 0:  # pragma: no cover
                 raise WolfCryptError("Sha3 init error (%d)" % ret)
@@ -252,7 +291,13 @@ def new(cls, string=None, size=SHA3_384_DIGEST_SIZE):
 
         def copy(self):
             c = Sha3(size=self.digest_size)
-            _ffi.memmove(c._native_object, self._native_object, self._native_size)
+            if self._copy:
+                ret = self._copy(self._native_object, c._native_object)
+                if ret < 0:  # pragma: no cover
+                    raise WolfCryptError("Hash copy error (%d)" % ret)
+            else:
+                _ffi.memmove(c._native_object, self._native_object, self._native_size)
+                c._shallow_copy = True
             return c
 
         def _init(self):
@@ -316,7 +361,8 @@ class _Hmac(_Hash):
         _delete = _lib.wc_HmacFree
 
         def __del__(self):
-            self._delete(self._native_object)
+            if hasattr(self, '_native_object') and not getattr(self, '_shallow_copy', False):
+                self._delete(self._native_object)
 
         def __init__(self, key, string=None):  # pylint: disable=W0231
             key = t2b(key)