2001-09-11 15:54:00 +00:00
|
|
|
"""HMAC (Keyed-Hashing for Message Authentication) Python module.
|
|
|
|
|
|
|
|
|
|
Implements the HMAC algorithm as described by RFC 2104.
|
|
|
|
|
"""
|
|
|
|
|
|
2007-11-06 00:19:03 +00:00
|
|
|
import warnings as _warnings
|
|
|
|
|
|
2006-12-19 14:13:05 +00:00
|
|
|
trans_5C = "".join ([chr (x ^ 0x5C) for x in xrange(256)])
|
|
|
|
|
trans_36 = "".join ([chr (x ^ 0x36) for x in xrange(256)])
|
2001-09-18 02:26:39 +00:00
|
|
|
|
2001-11-02 21:49:20 +00:00
|
|
|
# The size of the digests returned by HMAC depends on the underlying
|
2006-12-27 03:25:31 +00:00
|
|
|
# hashing module used. Use digest_size from the instance of HMAC instead.
|
2001-11-02 21:49:20 +00:00
|
|
|
digest_size = None
|
|
|
|
|
|
2004-03-20 20:11:29 +00:00
|
|
|
# A unique object passed by HMAC.copy() to the HMAC constructor, in order
|
|
|
|
|
# that the latter return very quickly. HMAC("") in contrast is quite
|
|
|
|
|
# expensive.
|
|
|
|
|
_secret_backdoor_key = []
|
|
|
|
|
|
2001-09-11 15:54:00 +00:00
|
|
|
class HMAC:
|
2007-11-06 00:19:03 +00:00
|
|
|
"""RFC 2104 HMAC class. Also complies with RFC 4231.
|
2001-09-11 15:54:00 +00:00
|
|
|
|
2001-11-02 21:49:20 +00:00
|
|
|
This supports the API for Cryptographic Hash Functions (PEP 247).
|
2001-09-18 02:26:39 +00:00
|
|
|
"""
|
2006-12-27 03:25:31 +00:00
|
|
|
blocksize = 64 # 512-bit HMAC; can be changed in subclasses.
|
2001-09-11 15:54:00 +00:00
|
|
|
|
|
|
|
|
def __init__(self, key, msg = None, digestmod = None):
|
|
|
|
|
"""Create a new HMAC object.
|
|
|
|
|
|
|
|
|
|
key: key for the keyed hash object.
|
|
|
|
|
msg: Initial input for the hash, if provided.
|
2005-08-21 18:45:59 +00:00
|
|
|
digestmod: A module supporting PEP 247. *OR*
|
|
|
|
|
A hashlib constructor returning a new hash object.
|
|
|
|
|
Defaults to hashlib.md5.
|
2001-09-11 15:54:00 +00:00
|
|
|
"""
|
2004-03-20 20:11:29 +00:00
|
|
|
|
|
|
|
|
if key is _secret_backdoor_key: # cheap
|
|
|
|
|
return
|
|
|
|
|
|
2002-05-31 17:49:10 +00:00
|
|
|
if digestmod is None:
|
2005-08-21 18:45:59 +00:00
|
|
|
import hashlib
|
|
|
|
|
digestmod = hashlib.md5
|
2001-09-11 15:54:00 +00:00
|
|
|
|
2005-08-21 18:45:59 +00:00
|
|
|
if callable(digestmod):
|
|
|
|
|
self.digest_cons = digestmod
|
|
|
|
|
else:
|
|
|
|
|
self.digest_cons = lambda d='': digestmod.new(d)
|
|
|
|
|
|
|
|
|
|
self.outer = self.digest_cons()
|
|
|
|
|
self.inner = self.digest_cons()
|
|
|
|
|
self.digest_size = self.inner.digest_size
|
2001-11-13 21:51:26 +00:00
|
|
|
|
2007-11-06 00:19:03 +00:00
|
|
|
if hasattr(self.inner, 'block_size'):
|
|
|
|
|
blocksize = self.inner.block_size
|
|
|
|
|
if blocksize < 16:
|
|
|
|
|
# Very low blocksize, most likely a legacy value like
|
|
|
|
|
# Lib/sha.py and Lib/md5.py have.
|
|
|
|
|
_warnings.warn('block_size of %d seems too small; using our '
|
|
|
|
|
'default of %d.' % (blocksize, self.blocksize),
|
|
|
|
|
RuntimeWarning, 2)
|
|
|
|
|
blocksize = self.blocksize
|
|
|
|
|
else:
|
|
|
|
|
_warnings.warn('No block_size attribute on given digest object; '
|
|
|
|
|
'Assuming %d.' % (self.blocksize),
|
|
|
|
|
RuntimeWarning, 2)
|
|
|
|
|
blocksize = self.blocksize
|
|
|
|
|
|
2001-09-11 15:54:00 +00:00
|
|
|
if len(key) > blocksize:
|
2005-08-21 18:45:59 +00:00
|
|
|
key = self.digest_cons(key).digest()
|
2001-09-11 15:54:00 +00:00
|
|
|
|
|
|
|
|
key = key + chr(0) * (blocksize - len(key))
|
2006-12-19 14:13:05 +00:00
|
|
|
self.outer.update(key.translate(trans_5C))
|
|
|
|
|
self.inner.update(key.translate(trans_36))
|
2002-06-01 01:29:16 +00:00
|
|
|
if msg is not None:
|
2001-09-11 15:54:00 +00:00
|
|
|
self.update(msg)
|
|
|
|
|
|
|
|
|
|
## def clear(self):
|
|
|
|
|
## raise NotImplementedError, "clear() method not available in HMAC."
|
|
|
|
|
|
|
|
|
|
def update(self, msg):
|
|
|
|
|
"""Update this hashing object with the string msg.
|
|
|
|
|
"""
|
|
|
|
|
self.inner.update(msg)
|
|
|
|
|
|
|
|
|
|
def copy(self):
|
|
|
|
|
"""Return a separate copy of this hashing object.
|
|
|
|
|
|
|
|
|
|
An update to this copy won't affect the original object.
|
|
|
|
|
"""
|
2006-12-27 03:25:31 +00:00
|
|
|
other = self.__class__(_secret_backdoor_key)
|
2005-08-21 18:45:59 +00:00
|
|
|
other.digest_cons = self.digest_cons
|
2004-03-20 20:11:29 +00:00
|
|
|
other.digest_size = self.digest_size
|
2001-11-02 21:49:20 +00:00
|
|
|
other.inner = self.inner.copy()
|
|
|
|
|
other.outer = self.outer.copy()
|
|
|
|
|
return other
|
2001-09-11 15:54:00 +00:00
|
|
|
|
2006-12-27 03:31:24 +00:00
|
|
|
def _current(self):
|
|
|
|
|
"""Return a hash object for the current state.
|
|
|
|
|
|
|
|
|
|
To be used only internally with digest() and hexdigest().
|
|
|
|
|
"""
|
|
|
|
|
h = self.outer.copy()
|
|
|
|
|
h.update(self.inner.digest())
|
|
|
|
|
return h
|
|
|
|
|
|
2001-09-11 15:54:00 +00:00
|
|
|
def digest(self):
|
|
|
|
|
"""Return the hash value of this hashing object.
|
|
|
|
|
|
|
|
|
|
This returns a string containing 8-bit data. The object is
|
|
|
|
|
not altered in any way by this function; you can continue
|
|
|
|
|
updating the object after calling this function.
|
|
|
|
|
"""
|
2006-12-27 03:31:24 +00:00
|
|
|
h = self._current()
|
2001-09-11 15:54:00 +00:00
|
|
|
return h.digest()
|
|
|
|
|
|
|
|
|
|
def hexdigest(self):
|
|
|
|
|
"""Like digest(), but returns a string of hexadecimal digits instead.
|
|
|
|
|
"""
|
2006-12-27 03:31:24 +00:00
|
|
|
h = self._current()
|
|
|
|
|
return h.hexdigest()
|
2001-09-11 15:54:00 +00:00
|
|
|
|
|
|
|
|
def new(key, msg = None, digestmod = None):
|
|
|
|
|
"""Create a new hashing object and return it.
|
|
|
|
|
|
|
|
|
|
key: The starting key for the hash.
|
|
|
|
|
msg: if available, will immediately be hashed into the object's starting
|
2001-09-18 02:26:39 +00:00
|
|
|
state.
|
2001-09-11 15:54:00 +00:00
|
|
|
|
|
|
|
|
You can now feed arbitrary strings into the object using its update()
|
|
|
|
|
method, and can ask for the hash value at any time by calling its digest()
|
|
|
|
|
method.
|
|
|
|
|
"""
|
|
|
|
|
return HMAC(key, msg, digestmod)
|
