hmac.rst 3.92 KB
Newer Older
1 2 3 4
:mod:`hmac` --- Keyed-Hashing for Message Authentication
========================================================

.. module:: hmac
5
   :synopsis: Keyed-Hashing for Message Authentication (HMAC) implementation
6 7 8
.. moduleauthor:: Gerhard Häring <ghaering@users.sourceforge.net>
.. sectionauthor:: Gerhard Häring <ghaering@users.sourceforge.net>

Raymond Hettinger's avatar
Raymond Hettinger committed
9 10 11
**Source code:** :source:`Lib/hmac.py`

--------------
12 13 14 15

This module implements the HMAC algorithm as described by :rfc:`2104`.


16
.. function:: new(key, msg=None, digestmod=None)
17

18 19
   Return a new hmac object.  *key* is a bytes or bytearray object giving the
   secret key.  If *msg* is present, the method call ``update(msg)`` is made.
20 21 22
   *digestmod* is the digest name, digest constructor or module for the HMAC
   object to use. It supports any name suitable to :func:`hashlib.new` and
   defaults to the :data:`hashlib.md5` constructor.
23

24
   .. versionchanged:: 3.4
25 26
      Parameter *key* can be a bytes or bytearray object.
      Parameter *msg* can be of any type supported by :mod:`hashlib`.
27
      Parameter *digestmod* can be the name of a hash algorithm.
28 29 30 31 32

   .. deprecated:: 3.4
      MD5 as implicit default digest for *digestmod* is deprecated.


33
An HMAC object has the following methods:
34

35
.. method:: HMAC.update(msg)
36

37 38
   Update the hmac object with *msg*.  Repeated calls are equivalent to a
   single call with the concatenation of all the arguments:
39
   ``m.update(a); m.update(b)`` is equivalent to ``m.update(a + b)``.
40

41 42 43
   .. versionchanged:: 3.4
      Parameter *msg* can be of any type supported by :mod:`hashlib`.

44

45
.. method:: HMAC.digest()
46

47 48 49 50
   Return the digest of the bytes passed to the :meth:`update` method so far.
   This bytes object will be the same length as the *digest_size* of the digest
   given to the constructor.  It may contain non-ASCII bytes, including NUL
   bytes.
51

52 53 54 55
   .. warning::

      When comparing the output of :meth:`digest` to an externally-supplied
      digest during a verification routine, it is recommended to use the
56 57
      :func:`compare_digest` function instead of the ``==`` operator
      to reduce the vulnerability to timing attacks.
58

59

60
.. method:: HMAC.hexdigest()
61

62 63 64
   Like :meth:`digest` except the digest is returned as a string twice the
   length containing only hexadecimal digits.  This may be used to exchange the
   value safely in email or other non-binary environments.
65

66 67
   .. warning::

68 69 70 71
      When comparing the output of :meth:`hexdigest` to an externally-supplied
      digest during a verification routine, it is recommended to use the
      :func:`compare_digest` function instead of the ``==`` operator
      to reduce the vulnerability to timing attacks.
72

73

74
.. method:: HMAC.copy()
75 76 77 78 79

   Return a copy ("clone") of the hmac object.  This can be used to efficiently
   compute the digests of strings that share a common initial substring.


80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98
A hash object has the following attributes:

.. attribute:: HMAC.digest_size

   The size of the resulting HMAC digest in bytes.

.. attribute:: HMAC.block_size

   The internal block size of the hash algorithm in bytes.

   .. versionadded:: 3.4

.. attribute:: HMAC.name

   The canonical name of this HMAC, always lowercase, e.g. ``hmac-md5``.

   .. versionadded:: 3.4


99 100
This module also provides the following helper function:

101 102
.. function:: compare_digest(a, b)

103 104 105 106
   Return ``a == b``.  This function uses an approach designed to prevent
   timing analysis by avoiding content-based short circuiting behaviour,
   making it appropriate for cryptography.  *a* and *b* must both be of the
   same type: either :class:`str` (ASCII only, as e.g. returned by
107
   :meth:`HMAC.hexdigest`), or a :term:`bytes-like object`.
108

109 110
   .. note::

Antoine Pitrou's avatar
Antoine Pitrou committed
111
      If *a* and *b* are of different lengths, or if an error occurs,
112 113
      a timing attack could theoretically reveal information about the
      types and lengths of *a* and *b*--but not their values.
Antoine Pitrou's avatar
Antoine Pitrou committed
114

115

116
   .. versionadded:: 3.3
117

118

119 120 121
.. seealso::

   Module :mod:`hashlib`
122
      The Python module providing secure hash functions.