def pbkdf2_hmac(hash_name, password, salt, iterations, dklen=None):
if not isinstance(hash_name, str):
raise TypeError("expected 'str' for name, but got %s" % type(hash_name))
c_name = _str_to_ffi_buffer(hash_name)
digest = lib.EVP_get_digestbyname(c_name)
if digest == ffi.NULL:
raise ValueError("unsupported hash type")
if dklen is None:
dklen = lib.EVP_MD_size(digest)
if dklen < 1:
raise ValueError("key length must be greater than 0.")
if dklen >= sys.maxsize:
raise OverflowError("key length is too great.")
if iterations < 1:
raise ValueError("iteration value must be greater than 0.")
if iterations >= sys.maxsize:
raise OverflowError("iteration value is too great.")
buf = ffi.new("unsigned char[]", dklen)
c_password = ffi.from_buffer(bytes(password))
c_salt = ffi.from_buffer(bytes(salt))
r = lib.PKCS5_PBKDF2_HMAC(c_password, len(c_password),
ffi.cast("unsigned char*",c_salt), len(c_salt),
iterations, digest, dklen, buf)
if r == 0:
raise ValueError
return _bytes_with_len(buf, dklen)
def update(self, string):
if isinstance(string, unicode):
buf = ffi.from_buffer(string.encode('ascii'))
else:
buf = ffi.from_buffer(string)
with self.lock:
# XXX try to not release the GIL for small requests
lib.EVP_DigestUpdate(self.ctx, buf, len(buf))
def _str_to_ffi_buffer(view):
if isinstance(view, unicode):
return ffi.from_buffer(view.encode())
elif isinstance(view, memoryview):
# NOTE pypy limitation StringBuffer does not allow
# to get a raw address to the string!
view = view.tobytes()
# dont call call ffi.from_buffer(bytes(view)), arguments
# like ints/bools should result in a TypeError
return ffi.from_buffer(view)
def update(self, string):
buf = ffi.from_buffer(string)
with self.lock:
# XXX try to not release the GIL for small requests
lib.EVP_DigestUpdate(self.ctx, buf, len(buf))
