2007-08-15 11:28:22 -03:00
|
|
|
:mod:`hmac` --- Keyed-Hashing for Message Authentication
|
|
|
|
|
========================================================
|
|
|
|
|
|
|
|
|
|
.. module:: hmac
|
2010-10-17 06:43:35 -03:00
|
|
|
:synopsis: Keyed-Hashing for Message Authentication (HMAC) implementation
|
|
|
|
|
for Python.
|
2007-08-15 11:28:22 -03:00
|
|
|
.. moduleauthor:: Gerhard Häring <ghaering@users.sourceforge.net>
|
|
|
|
|
.. sectionauthor:: Gerhard Häring <ghaering@users.sourceforge.net>
|
|
|
|
|
|
2011-01-27 16:38:46 -04:00
|
|
|
**Source code:** :source:`Lib/hmac.py`
|
|
|
|
|
|
|
|
|
|
--------------
|
2007-08-15 11:28:22 -03:00
|
|
|
|
|
|
|
|
This module implements the HMAC algorithm as described by :rfc:`2104`.
|
|
|
|
|
|
|
|
|
|
|
2009-05-17 10:00:36 -03:00
|
|
|
.. function:: new(key, msg=None, digestmod=None)
|
2007-08-15 11:28:22 -03:00
|
|
|
|
2010-10-17 06:43:35 -03:00
|
|
|
Return a new hmac object. *key* is a bytes object giving the secret key. If
|
|
|
|
|
*msg* is present, the method call ``update(msg)`` is made. *digestmod* is
|
|
|
|
|
the digest constructor or module for the HMAC object to use. It defaults to
|
|
|
|
|
the :func:`hashlib.md5` constructor.
|
2007-08-15 11:28:22 -03:00
|
|
|
|
|
|
|
|
|
2010-10-17 06:43:35 -03:00
|
|
|
An HMAC object has the following methods:
|
2007-08-15 11:28:22 -03:00
|
|
|
|
2012-02-05 04:25:22 -04:00
|
|
|
.. method:: HMAC.update(msg)
|
2007-08-15 11:28:22 -03:00
|
|
|
|
2010-10-17 06:43:35 -03:00
|
|
|
Update the hmac object with the bytes object *msg*. Repeated calls are
|
|
|
|
|
equivalent to a single call with the concatenation of all the arguments:
|
|
|
|
|
``m.update(a); m.update(b)`` is equivalent to ``m.update(a + b)``.
|
2007-08-15 11:28:22 -03:00
|
|
|
|
|
|
|
|
|
2012-02-05 04:25:22 -04:00
|
|
|
.. method:: HMAC.digest()
|
2007-08-15 11:28:22 -03:00
|
|
|
|
2010-10-17 06:43:35 -03:00
|
|
|
Return the digest of the bytes passed to the :meth:`update` method so far.
|
|
|
|
|
This bytes object will be the same length as the *digest_size* of the digest
|
|
|
|
|
given to the constructor. It may contain non-ASCII bytes, including NUL
|
|
|
|
|
bytes.
|
2007-08-15 11:28:22 -03:00
|
|
|
|
2012-05-13 14:53:07 -03:00
|
|
|
.. warning::
|
|
|
|
|
|
|
|
|
|
When comparing the output of :meth:`digest` to an externally-supplied
|
|
|
|
|
digest during a verification routine, it is recommended to use the
|
2012-06-15 08:14:08 -03:00
|
|
|
:func:`compare_digest` function instead of the ``==`` operator
|
|
|
|
|
to reduce the vulnerability to timing attacks.
|
2012-05-13 14:53:07 -03:00
|
|
|
|
2007-08-15 11:28:22 -03:00
|
|
|
|
2012-02-05 04:25:22 -04:00
|
|
|
.. method:: HMAC.hexdigest()
|
2007-08-15 11:28:22 -03:00
|
|
|
|
2010-10-17 06:43:35 -03:00
|
|
|
Like :meth:`digest` except the digest is returned as a string twice the
|
|
|
|
|
length containing only hexadecimal digits. This may be used to exchange the
|
|
|
|
|
value safely in email or other non-binary environments.
|
2007-08-15 11:28:22 -03:00
|
|
|
|
2012-05-13 14:53:07 -03:00
|
|
|
.. warning::
|
|
|
|
|
|
2012-06-24 11:03:50 -03:00
|
|
|
When comparing the output of :meth:`hexdigest` to an externally-supplied
|
|
|
|
|
digest during a verification routine, it is recommended to use the
|
|
|
|
|
:func:`compare_digest` function instead of the ``==`` operator
|
|
|
|
|
to reduce the vulnerability to timing attacks.
|
2012-05-13 14:53:07 -03:00
|
|
|
|
2007-08-15 11:28:22 -03:00
|
|
|
|
2012-02-05 04:25:22 -04:00
|
|
|
.. method:: HMAC.copy()
|
2007-08-15 11:28:22 -03:00
|
|
|
|
|
|
|
|
Return a copy ("clone") of the hmac object. This can be used to efficiently
|
|
|
|
|
compute the digests of strings that share a common initial substring.
|
|
|
|
|
|
|
|
|
|
|
2012-05-13 14:53:07 -03:00
|
|
|
This module also provides the following helper function:
|
|
|
|
|
|
2012-06-15 08:14:08 -03:00
|
|
|
.. function:: compare_digest(a, b)
|
|
|
|
|
|
2012-06-24 11:07:33 -03:00
|
|
|
Return ``a == b``. This function uses an approach designed to prevent timing
|
2012-06-24 11:10:47 -03:00
|
|
|
analysis by avoiding content based short circuiting behaviour, making it
|
2012-06-24 11:18:48 -03:00
|
|
|
appropriate for cryptography. *a* and *b* must both be of the same type:
|
|
|
|
|
either :class:`str` (ASCII only, as e.g. returned by
|
|
|
|
|
:meth:`HMAC.hexdigest`), or any type that supports the buffer protocol
|
|
|
|
|
(e.g. :class:`bytes`).
|
2012-06-24 11:07:33 -03:00
|
|
|
|
|
|
|
|
Using a short circuiting comparison (that is, one that terminates as soon as
|
|
|
|
|
it finds any difference between the values) to check digests for correctness
|
|
|
|
|
can be problematic, as it introduces a potential vulnerability when an
|
|
|
|
|
attacker can control both the message to be checked *and* the purported
|
|
|
|
|
signature value. By keeping the plaintext consistent and supplying different
|
|
|
|
|
signature values, an attacker may be able to use timing variations to search
|
|
|
|
|
the signature space for the expected value in O(n) time rather than the
|
|
|
|
|
desired O(2**n).
|
2012-05-13 14:53:07 -03:00
|
|
|
|
|
|
|
|
.. note::
|
|
|
|
|
|
2012-06-24 11:07:33 -03:00
|
|
|
While this function reduces the likelihood of leaking the contents of the
|
|
|
|
|
expected digest via a timing attack, it still may leak some timing
|
2012-06-24 08:48:32 -03:00
|
|
|
information when the input values differ in lengths as well as in error
|
2012-06-24 11:07:33 -03:00
|
|
|
cases like unsupported types or non ASCII strings. When the inputs have
|
|
|
|
|
different length the timing depends solely on the length of ``b``. It is
|
|
|
|
|
assumed that the expected length of the digest is not a secret, as it is
|
|
|
|
|
typically published as part of a file format, network protocol or API
|
|
|
|
|
definition.
|
2012-05-13 14:53:07 -03:00
|
|
|
|
2012-05-15 16:00:32 -03:00
|
|
|
.. versionadded:: 3.3
|
2012-05-13 14:53:07 -03:00
|
|
|
|
2012-06-24 11:07:33 -03:00
|
|
|
|
2007-08-15 11:28:22 -03:00
|
|
|
.. seealso::
|
|
|
|
|
|
|
|
|
|
Module :mod:`hashlib`
|
2009-12-19 19:26:38 -04:00
|
|
|
The Python module providing secure hash functions.
|
