"""HMAC (Keyed-Hashing for Message Authentication) module.
Implements the HMAC algorithm as described by RFC 2104.
import warnings as _warnings
from _operator import _compare_digest as compare_digest
import _hashlib as _hashopenssl
_openssl_md_meths = frozenset(_hashopenssl.openssl_md_meth_names)
import hashlib as _hashlib
import _hashlib as _hashlibopenssl
trans_5C = bytes((x ^ 0x5C) for x in range(256))
trans_36 = bytes((x ^ 0x36) for x in range(256))
# The size of the digests returned by HMAC depends on the underlying
# hashing module used. Use digest_size from the instance of HMAC instead.
"""RFC 2104 HMAC class. Also complies with RFC 4231.
This supports the API for Cryptographic Hash Functions (PEP 247).
blocksize = 64 # 512-bit HMAC; can be changed in subclasses.
def __init__(self, key, msg=None, digestmod=''):
"""Create a new HMAC object.
key: bytes or buffer, key for the keyed hash object.
msg: bytes or buffer, Initial input for the hash or None.
digestmod: A hash name suitable for hashlib.new(). *OR*
A hashlib constructor returning a new hash object. *OR*
A module supporting PEP 247.
Required as of 3.8, despite its position after the optional
msg argument. Passing it as a keyword argument is
recommended, though not required for legacy API reasons.
if _hashlibopenssl.get_fips_mode():
'This class is not available in FIPS mode. '
if not isinstance(key, (bytes, bytearray)):
raise TypeError("key: expected bytes or bytearray, but got %r" % type(key).__name__)
raise TypeError("Missing required parameter 'digestmod'.")
self.digest_cons = digestmod
elif isinstance(digestmod, str):
self.digest_cons = lambda d=b'': _hashlib.new(digestmod, d)
self.digest_cons = lambda d=b'': digestmod.new(d)
self.outer = self.digest_cons()
self.inner = self.digest_cons()
self.digest_size = self.inner.digest_size
if hasattr(self.inner, 'block_size'):
blocksize = self.inner.block_size
_warnings.warn('block_size of %d seems too small; using our '
'default of %d.' % (blocksize, self.blocksize),
blocksize = self.blocksize
_warnings.warn('No block_size attribute on given digest object; '
'Assuming %d.' % (self.blocksize),
blocksize = self.blocksize
# self.blocksize is the default blocksize. self.block_size is
# effective block size as well as the public API attribute.
self.block_size = blocksize
key = self.digest_cons(key).digest()
key = key.ljust(blocksize, b'\0')
self.outer.update(key.translate(trans_5C))
self.inner.update(key.translate(trans_36))
return "hmac-" + self.inner.name
"""Feed data from msg into this hashing object."""
if _hashlibopenssl.get_fips_mode():
raise ValueError('hmac.HMAC is not available in FIPS mode')
"""Return a separate copy of this hashing object.
An update to this copy won't affect the original object.
# Call __new__ directly to avoid the expensive __init__.
other = self.__class__.__new__(self.__class__)
other.digest_cons = self.digest_cons
other.digest_size = self.digest_size
other.inner = self.inner.copy()
other.outer = self.outer.copy()
"""Return a hash object for the current state.
To be used only internally with digest() and hexdigest().
h.update(self.inner.digest())
"""Return the hash value of this hashing object.
This returns the hmac value as bytes. The object is
not altered in any way by this function; you can continue
updating the object after calling this function.
"""Like digest(), but returns a string of hexadecimal digits instead.
def _get_openssl_name(digestmod):
if isinstance(digestmod, str):
elif callable(digestmod):
digestmod = digestmod(b'')
if not isinstance(digestmod, _hashlibopenssl.HASH):
'Only OpenSSL hashlib hashes are accepted in FIPS mode.')
return digestmod.name.lower().replace('_', '-')
class HMAC_openssl(_hmacopenssl.HMAC):
def __new__(cls, key, msg = None, digestmod = None):
if not isinstance(key, (bytes, bytearray)):
raise TypeError("key: expected bytes or bytearray, but got %r" % type(key).__name__)
name = _get_openssl_name(digestmod)
result = _hmacopenssl.HMAC.__new__(cls, key, digestmod=name)
if _hashlibopenssl.get_fips_mode():
def new(key, msg=None, digestmod=''):
"""Create a new hashing object and return it.
key: bytes or buffer, The starting key for the hash.
msg: bytes or buffer, Initial input for the hash, or None.
digestmod: A hash name suitable for hashlib.new(). *OR*
A hashlib constructor returning a new hash object. *OR*
A module supporting PEP 247.
Required as of 3.8, despite its position after the optional
msg argument. Passing it as a keyword argument is
recommended, though not required for legacy API reasons.
You can now feed arbitrary bytes into the object using its update()
method, and can ask for the hash value at any time by calling its digest()
return HMAC(key, msg, digestmod)
def digest(key, msg, digest):
"""Fast inline implementation of HMAC.
key: bytes or buffer, The key for the keyed hash object.
msg: bytes or buffer, Input message.
digest: A hash name suitable for hashlib.new() for best performance. *OR*
A hashlib constructor returning a new hash object. *OR*
A module supporting PEP 247.
if (_hashopenssl is not None and
isinstance(digest, str) and digest in _openssl_md_meths):
return _hashopenssl.hmac_digest(key, msg, digest)
elif isinstance(digest, str):
digest_cons = lambda d=b'': _hashlib.new(digest, d)
digest_cons = lambda d=b'': digest.new(d)
blocksize = getattr(inner, 'block_size', 64)
key = digest_cons(key).digest()
key = key + b'\x00' * (blocksize - len(key))
inner.update(key.translate(trans_36))
outer.update(key.translate(trans_5C))
outer.update(inner.digest())
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
