diff options
| author | Christian Heimes <christian@python.org> | 2021-03-27 13:55:03 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-27 13:55:03 (GMT) |
| commit | 933dfd7504e521a27fd8b94d02b79f9ed08f4631 (patch) | |
| tree | daf6dda084ba6c854b579350392dfa31c51193db /Lib | |
| parent | 5d6e8c1c1a5f667cdce99cb3c563ac922198678d (diff) | |
| download | cpython-933dfd7504e521a27fd8b94d02b79f9ed08f4631.zip cpython-933dfd7504e521a27fd8b94d02b79f9ed08f4631.tar.gz cpython-933dfd7504e521a27fd8b94d02b79f9ed08f4631.tar.bz2 | |
bpo-40645: use C implementation of HMAC (GH-24920)
- [x] fix tests
- [ ] add test scenarios for old/new code.
Signed-off-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Lib')
| -rw-r--r-- | Lib/hashlib.py | 1 | ||||
| -rw-r--r-- | Lib/hmac.py | 86 | ||||
| -rw-r--r-- | Lib/test/test_hmac.py | 114 |
3 files changed, 121 insertions, 80 deletions
diff --git a/Lib/hashlib.py b/Lib/hashlib.py index 58c340d..ffa3be0 100644 --- a/Lib/hashlib.py +++ b/Lib/hashlib.py @@ -173,6 +173,7 @@ try: algorithms_available = algorithms_available.union( _hashlib.openssl_md_meth_names) except ImportError: + _hashlib = None new = __py_new __get_hash = __get_builtin_constructor diff --git a/Lib/hmac.py b/Lib/hmac.py index 180bc37..8b4f920 100644 --- a/Lib/hmac.py +++ b/Lib/hmac.py @@ -8,11 +8,12 @@ try: import _hashlib as _hashopenssl except ImportError: _hashopenssl = None - _openssl_md_meths = None + _functype = None from _operator import _compare_digest as compare_digest else: - _openssl_md_meths = frozenset(_hashopenssl.openssl_md_meth_names) compare_digest = _hashopenssl.compare_digest + _functype = type(_hashopenssl.openssl_sha256) # builtin type + import hashlib as _hashlib trans_5C = bytes((x ^ 0x5C) for x in range(256)) @@ -23,7 +24,6 @@ trans_36 = bytes((x ^ 0x36) for x in range(256)) digest_size = None - class HMAC: """RFC 2104 HMAC class. Also complies with RFC 4231. @@ -32,7 +32,7 @@ class HMAC: blocksize = 64 # 512-bit HMAC; can be changed in subclasses. __slots__ = ( - "_digest_cons", "_inner", "_outer", "block_size", "digest_size" + "_hmac", "_inner", "_outer", "block_size", "digest_size" ) def __init__(self, key, msg=None, digestmod=''): @@ -55,15 +55,30 @@ class HMAC: if not digestmod: raise TypeError("Missing required parameter 'digestmod'.") + if _hashopenssl and isinstance(digestmod, (str, _functype)): + try: + self._init_hmac(key, msg, digestmod) + except _hashopenssl.UnsupportedDigestmodError: + self._init_old(key, msg, digestmod) + else: + self._init_old(key, msg, digestmod) + + def _init_hmac(self, key, msg, digestmod): + self._hmac = _hashopenssl.hmac_new(key, msg, digestmod=digestmod) + self.digest_size = self._hmac.digest_size + self.block_size = self._hmac.block_size + + def _init_old(self, key, msg, digestmod): if callable(digestmod): - self._digest_cons = digestmod + digest_cons = digestmod elif isinstance(digestmod, str): - self._digest_cons = lambda d=b'': _hashlib.new(digestmod, d) + digest_cons = lambda d=b'': _hashlib.new(digestmod, d) else: - self._digest_cons = lambda d=b'': digestmod.new(d) + digest_cons = lambda d=b'': digestmod.new(d) - self._outer = self._digest_cons() - self._inner = self._digest_cons() + self._hmac = None + self._outer = digest_cons() + self._inner = digest_cons() self.digest_size = self._inner.digest_size if hasattr(self._inner, 'block_size'): @@ -79,13 +94,13 @@ class HMAC: RuntimeWarning, 2) blocksize = self.blocksize + if len(key) > blocksize: + key = digest_cons(key).digest() + # self.blocksize is the default blocksize. self.block_size is # effective block size as well as the public API attribute. self.block_size = blocksize - if len(key) > blocksize: - key = self._digest_cons(key).digest() - key = key.ljust(blocksize, b'\0') self._outer.update(key.translate(trans_5C)) self._inner.update(key.translate(trans_36)) @@ -94,23 +109,15 @@ class HMAC: @property def name(self): - return "hmac-" + self._inner.name - - @property - def digest_cons(self): - return self._digest_cons - - @property - def inner(self): - return self._inner - - @property - def outer(self): - return self._outer + if self._hmac: + return self._hmac.name + else: + return f"hmac-{self._inner.name}" def update(self, msg): """Feed data from msg into this hashing object.""" - self._inner.update(msg) + inst = self._hmac or self._inner + inst.update(msg) def copy(self): """Return a separate copy of this hashing object. @@ -119,10 +126,14 @@ class HMAC: """ # Call __new__ directly to avoid the expensive __init__. other = self.__class__.__new__(self.__class__) - other._digest_cons = self._digest_cons other.digest_size = self.digest_size - other._inner = self._inner.copy() - other._outer = self._outer.copy() + if self._hmac: + other._hmac = self._hmac.copy() + other._inner = other._outer = None + else: + other._hmac = None + other._inner = self._inner.copy() + other._outer = self._outer.copy() return other def _current(self): @@ -130,9 +141,12 @@ class HMAC: To be used only internally with digest() and hexdigest(). """ - h = self._outer.copy() - h.update(self._inner.digest()) - return h + if self._hmac: + return self._hmac + else: + h = self._outer.copy() + h.update(self._inner.digest()) + return h def digest(self): """Return the hash value of this hashing object. @@ -179,9 +193,11 @@ def digest(key, msg, digest): A hashlib constructor returning a new hash object. *OR* A module supporting PEP 247. """ - if (_hashopenssl is not None and - isinstance(digest, str) and digest in _openssl_md_meths): - return _hashopenssl.hmac_digest(key, msg, digest) + if _hashopenssl is not None and isinstance(digest, (str, _functype)): + try: + return _hashopenssl.hmac_digest(key, msg, digest) + except _hashopenssl.UnsupportedDigestmodError: + pass if callable(digest): digest_cons = digest diff --git a/Lib/test/test_hmac.py b/Lib/test/test_hmac.py index 6daf22c..adf52ad 100644 --- a/Lib/test/test_hmac.py +++ b/Lib/test/test_hmac.py @@ -11,14 +11,21 @@ from test.support import hashlib_helper from _operator import _compare_digest as operator_compare_digest try: + import _hashlib as _hashopenssl from _hashlib import HMAC as C_HMAC from _hashlib import hmac_new as c_hmac_new from _hashlib import compare_digest as openssl_compare_digest except ImportError: + _hashopenssl = None C_HMAC = None c_hmac_new = None openssl_compare_digest = None +try: + import _sha256 as sha256_module +except ImportError: + sha256_module = None + def ignore_warning(func): @functools.wraps(func) @@ -32,22 +39,27 @@ def ignore_warning(func): class TestVectorsTestCase(unittest.TestCase): - def asssert_hmac( - self, key, data, digest, hashfunc, hashname, digest_size, block_size + def assert_hmac_internals( + self, h, digest, hashname, digest_size, block_size ): - h = hmac.HMAC(key, data, digestmod=hashfunc) self.assertEqual(h.hexdigest().upper(), digest.upper()) self.assertEqual(h.digest(), binascii.unhexlify(digest)) self.assertEqual(h.name, f"hmac-{hashname}") self.assertEqual(h.digest_size, digest_size) self.assertEqual(h.block_size, block_size) + def assert_hmac( + self, key, data, digest, hashfunc, hashname, digest_size, block_size + ): + h = hmac.HMAC(key, data, digestmod=hashfunc) + self.assert_hmac_internals( + h, digest, hashname, digest_size, block_size + ) + h = hmac.HMAC(key, data, digestmod=hashname) - self.assertEqual(h.hexdigest().upper(), digest.upper()) - self.assertEqual(h.digest(), binascii.unhexlify(digest)) - self.assertEqual(h.name, f"hmac-{hashname}") - self.assertEqual(h.digest_size, digest_size) - self.assertEqual(h.block_size, block_size) + self.assert_hmac_internals( + h, digest, hashname, digest_size, block_size + ) h = hmac.HMAC(key, digestmod=hashname) h2 = h.copy() @@ -56,11 +68,9 @@ class TestVectorsTestCase(unittest.TestCase): self.assertEqual(h.hexdigest().upper(), digest.upper()) h = hmac.new(key, data, digestmod=hashname) - self.assertEqual(h.hexdigest().upper(), digest.upper()) - self.assertEqual(h.digest(), binascii.unhexlify(digest)) - self.assertEqual(h.name, f"hmac-{hashname}") - self.assertEqual(h.digest_size, digest_size) - self.assertEqual(h.block_size, block_size) + self.assert_hmac_internals( + h, digest, hashname, digest_size, block_size + ) h = hmac.new(key, None, digestmod=hashname) h.update(data) @@ -81,23 +91,18 @@ class TestVectorsTestCase(unittest.TestCase): hmac.digest(key, data, digest=hashfunc), binascii.unhexlify(digest) ) - with unittest.mock.patch('hmac._openssl_md_meths', {}): - self.assertEqual( - hmac.digest(key, data, digest=hashname), - binascii.unhexlify(digest) - ) - self.assertEqual( - hmac.digest(key, data, digest=hashfunc), - binascii.unhexlify(digest) - ) + + h = hmac.HMAC.__new__(hmac.HMAC) + h._init_old(key, data, digestmod=hashname) + self.assert_hmac_internals( + h, digest, hashname, digest_size, block_size + ) if c_hmac_new is not None: h = c_hmac_new(key, data, digestmod=hashname) - self.assertEqual(h.hexdigest().upper(), digest.upper()) - self.assertEqual(h.digest(), binascii.unhexlify(digest)) - self.assertEqual(h.name, f"hmac-{hashname}") - self.assertEqual(h.digest_size, digest_size) - self.assertEqual(h.block_size, block_size) + self.assert_hmac_internals( + h, digest, hashname, digest_size, block_size + ) h = c_hmac_new(key, digestmod=hashname) h2 = h.copy() @@ -105,12 +110,24 @@ class TestVectorsTestCase(unittest.TestCase): h.update(data) self.assertEqual(h.hexdigest().upper(), digest.upper()) + func = getattr(_hashopenssl, f"openssl_{hashname}") + h = c_hmac_new(key, data, digestmod=func) + self.assert_hmac_internals( + h, digest, hashname, digest_size, block_size + ) + + h = hmac.HMAC.__new__(hmac.HMAC) + h._init_hmac(key, data, digestmod=hashname) + self.assert_hmac_internals( + h, digest, hashname, digest_size, block_size + ) + @hashlib_helper.requires_hashdigest('md5', openssl=True) def test_md5_vectors(self): # Test the HMAC module against test vectors from the RFC. def md5test(key, data, digest): - self.asssert_hmac( + self.assert_hmac( key, data, digest, hashfunc=hashlib.md5, hashname="md5", @@ -150,7 +167,7 @@ class TestVectorsTestCase(unittest.TestCase): @hashlib_helper.requires_hashdigest('sha1', openssl=True) def test_sha_vectors(self): def shatest(key, data, digest): - self.asssert_hmac( + self.assert_hmac( key, data, digest, hashfunc=hashlib.sha1, hashname="sha1", @@ -191,7 +208,7 @@ class TestVectorsTestCase(unittest.TestCase): def hmactest(key, data, hexdigests): digest = hexdigests[hashfunc] - self.asssert_hmac( + self.assert_hmac( key, data, digest, hashfunc=hashfunc, hashname=hash_name, @@ -427,6 +444,15 @@ class ConstructorTestCase(unittest.TestCase): ): C_HMAC() + @unittest.skipUnless(sha256_module is not None, 'need _sha256') + def test_with_sha256_module(self): + h = hmac.HMAC(b"key", b"hash this!", digestmod=sha256_module.sha256) + self.assertEqual(h.hexdigest(), self.expected) + self.assertEqual(h.name, "hmac-sha256") + + digest = hmac.digest(b"key", b"hash this!", sha256_module.sha256) + self.assertEqual(digest, binascii.unhexlify(self.expected)) + class SanityTestCase(unittest.TestCase): @@ -447,21 +473,21 @@ class SanityTestCase(unittest.TestCase): class CopyTestCase(unittest.TestCase): @hashlib_helper.requires_hashdigest('sha256') - def test_attributes(self): + def test_attributes_old(self): # Testing if attributes are of same type. - h1 = hmac.HMAC(b"key", digestmod="sha256") + h1 = hmac.HMAC.__new__(hmac.HMAC) + h1._init_old(b"key", b"msg", digestmod="sha256") h2 = h1.copy() - self.assertTrue(h1._digest_cons == h2._digest_cons, - "digest constructors don't match.") self.assertEqual(type(h1._inner), type(h2._inner), "Types of inner don't match.") self.assertEqual(type(h1._outer), type(h2._outer), "Types of outer don't match.") @hashlib_helper.requires_hashdigest('sha256') - def test_realcopy(self): + def test_realcopy_old(self): # Testing if the copy method created a real copy. - h1 = hmac.HMAC(b"key", digestmod="sha256") + h1 = hmac.HMAC.__new__(hmac.HMAC) + h1._init_old(b"key", b"msg", digestmod="sha256") h2 = h1.copy() # Using id() in case somebody has overridden __eq__/__ne__. self.assertTrue(id(h1) != id(h2), "No real copy of the HMAC instance.") @@ -469,17 +495,15 @@ class CopyTestCase(unittest.TestCase): "No real copy of the attribute 'inner'.") self.assertTrue(id(h1._outer) != id(h2._outer), "No real copy of the attribute 'outer'.") - self.assertEqual(h1._inner, h1.inner) - self.assertEqual(h1._outer, h1.outer) - self.assertEqual(h1._digest_cons, h1.digest_cons) + self.assertIs(h1._hmac, None) + @unittest.skipIf(_hashopenssl is None, "test requires _hashopenssl") @hashlib_helper.requires_hashdigest('sha256') - def test_properties(self): - # deprecated properties - h1 = hmac.HMAC(b"key", digestmod="sha256") - self.assertEqual(h1._inner, h1.inner) - self.assertEqual(h1._outer, h1.outer) - self.assertEqual(h1._digest_cons, h1.digest_cons) + def test_realcopy_hmac(self): + h1 = hmac.HMAC.__new__(hmac.HMAC) + h1._init_hmac(b"key", b"msg", digestmod="sha256") + h2 = h1.copy() + self.assertTrue(id(h1._hmac) != id(h2._hmac)) @hashlib_helper.requires_hashdigest('sha256') def test_equality(self): |