""" global mock_fips_mode mock_fips_mode = enable lookup_hash.clear_cache() # helper for UTs if as_bool(os.environ.get("PASSLIB_MOCK_FIPS_MODE")): _set_mock_fips_mode() #============================================================================= # hmac utils #============================================================================= #: translation tables used by compile_hmac() _TRANS_5C = join_byte_values((x ^ 0x5C) for x in irange(256)) _TRANS_36 = join_byte_values((x ^ 0x36) for x in irange(256)) def compile_hmac(digest, key, multipart=False): """ This function returns an efficient HMAC function, hardcoded with a specific digest & key. It can be used via ``hmac = compile_hmac(digest, key)``. :arg digest: digest name or constructor. :arg key: secret key as :class:`!bytes` or :class:`!unicode` (unicode will be encoded using utf-8). :param multipart:
# else we've done what we can warn("norm_hash_name(): unknown hash: %r" % (orig,), PasslibRuntimeWarning) name2 = name.replace("-", "") row = _nhn_cache[orig] = (name2, name) return row[idx] # TODO: get_hash() func which wraps norm_hash_name(), hashlib.<attr>, and hashlib.new #============================================================================= # general prf lookup #============================================================================= _BNULL = b('\x00') _XY_DIGEST = b(',\x1cb\xe0H\xa5\x82M\xfb>\xd6\x98\xef\x8e\xf9oQ\x85\xa3i') _trans_5C = join_byte_values((x ^ 0x5C) for x in irange(256)) _trans_36 = join_byte_values((x ^ 0x36) for x in irange(256)) def _get_hmac_prf(digest): "helper to return HMAC prf for specific digest" def tag_wrapper(prf): prf.__name__ = "hmac_" + digest prf.__doc__ = ("hmac_%s(key, msg) -> digest;" " generated by passlib.utils.pbkdf2.get_prf()" % digest) if _EVP and digest == "sha1": # use m2crypto function directly for sha1, since that's it's default digest try: result = _EVP.hmac(b('x'),b('y')) except ValueError: # pragma: no cover
# else we've done what we can warn("norm_hash_name(): unknown hash: %r" % (orig,), PasslibRuntimeWarning) name2 = name.replace("-", "") row = _nhn_cache[orig] = (name2, name) return row[idx] # TODO: get_hash() func which wraps norm_hash_name(), hashlib.<attr>, and hashlib.new #============================================================================= # general prf lookup #============================================================================= _BNULL = b('\x00') _XY_DIGEST = b(',\x1cb\xe0H\xa5\x82M\xfb>\xd6\x98\xef\x8e\xf9oQ\x85\xa3i') _trans_5C = join_byte_values((x ^ 0x5C) for x in irange(256)) _trans_36 = join_byte_values((x ^ 0x36) for x in irange(256)) def _get_hmac_prf(digest): "helper to return HMAC prf for specific digest" def tag_wrapper(prf): prf.__name__ = "hmac_" + digest prf.__doc__ = ("hmac_%s(key, msg) -> digest;" " generated by passlib.utils.pbkdf2.get_prf()" % digest) if _EVP and digest == "sha1": # use m2crypto function directly for sha1, since that's it's default digest try: result = _EVP.hmac(b('x'),b('y')) except ValueError: # pragma: no cover
_stdlib_pbkdf2_hmac(self.name, b"p", b"s", 1) return True except ValueError: # "unsupported hash type" return False #========================================================================= # eoc #========================================================================= #============================================================================= # hmac utils #============================================================================= #: translation tables used by compile_hmac() _TRANS_5C = join_byte_values((x ^ 0x5C) for x in irange(256)) _TRANS_36 = join_byte_values((x ^ 0x36) for x in irange(256)) def compile_hmac(digest, key, multipart=False): """ This function returns an efficient HMAC function, hardcoded with a specific digest & key. It can be used via ``hmac = compile_hmac(digest, key)``. :arg digest: digest name or constructor. :arg key: secret key as :class:`!bytes` or :class:`!unicode` (unicode will be encoded using utf-8). :param multipart: request a multipart constructor instead (see return description).