1import binascii 2import functools 3import hmac 4import hashlib 5import unittest 6import unittest.mock 7import warnings 8 9from test.support import requires_hashdigest 10 11 12def ignore_warning(func): 13 @functools.wraps(func) 14 def wrapper(*args, **kwargs): 15 with warnings.catch_warnings(): 16 warnings.filterwarnings("ignore", 17 category=DeprecationWarning) 18 return func(*args, **kwargs) 19 return wrapper 20 21 22class TestVectorsTestCase(unittest.TestCase): 23 24 @requires_hashdigest('md5', openssl=True) 25 def test_md5_vectors(self): 26 # Test the HMAC module against test vectors from the RFC. 27 28 def md5test(key, data, digest): 29 h = hmac.HMAC(key, data, digestmod=hashlib.md5) 30 self.assertEqual(h.hexdigest().upper(), digest.upper()) 31 self.assertEqual(h.digest(), binascii.unhexlify(digest)) 32 self.assertEqual(h.name, "hmac-md5") 33 self.assertEqual(h.digest_size, 16) 34 self.assertEqual(h.block_size, 64) 35 36 h = hmac.HMAC(key, data, digestmod='md5') 37 self.assertEqual(h.hexdigest().upper(), digest.upper()) 38 self.assertEqual(h.digest(), binascii.unhexlify(digest)) 39 self.assertEqual(h.name, "hmac-md5") 40 self.assertEqual(h.digest_size, 16) 41 self.assertEqual(h.block_size, 64) 42 43 self.assertEqual( 44 hmac.digest(key, data, digest='md5'), 45 binascii.unhexlify(digest) 46 ) 47 with unittest.mock.patch('hmac._openssl_md_meths', {}): 48 self.assertEqual( 49 hmac.digest(key, data, digest='md5'), 50 binascii.unhexlify(digest) 51 ) 52 53 md5test(b"\x0b" * 16, 54 b"Hi There", 55 "9294727A3638BB1C13F48EF8158BFC9D") 56 57 md5test(b"Jefe", 58 b"what do ya want for nothing?", 59 "750c783e6ab0b503eaa86e310a5db738") 60 61 md5test(b"\xaa" * 16, 62 b"\xdd" * 50, 63 "56be34521d144c88dbb8c733f0e8b3f6") 64 65 md5test(bytes(range(1, 26)), 66 b"\xcd" * 50, 67 "697eaf0aca3a3aea3a75164746ffaa79") 68 69 md5test(b"\x0C" * 16, 70 b"Test With Truncation", 71 "56461ef2342edc00f9bab995690efd4c") 72 73 md5test(b"\xaa" * 80, 74 b"Test Using Larger Than Block-Size Key - Hash Key First", 75 "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd") 76 77 md5test(b"\xaa" * 80, 78 (b"Test Using Larger Than Block-Size Key " 79 b"and Larger Than One Block-Size Data"), 80 "6f630fad67cda0ee1fb1f562db3aa53e") 81 82 @requires_hashdigest('sha1', openssl=True) 83 def test_sha_vectors(self): 84 def shatest(key, data, digest): 85 h = hmac.HMAC(key, data, digestmod=hashlib.sha1) 86 self.assertEqual(h.hexdigest().upper(), digest.upper()) 87 self.assertEqual(h.digest(), binascii.unhexlify(digest)) 88 self.assertEqual(h.name, "hmac-sha1") 89 self.assertEqual(h.digest_size, 20) 90 self.assertEqual(h.block_size, 64) 91 92 h = hmac.HMAC(key, data, digestmod='sha1') 93 self.assertEqual(h.hexdigest().upper(), digest.upper()) 94 self.assertEqual(h.digest(), binascii.unhexlify(digest)) 95 self.assertEqual(h.name, "hmac-sha1") 96 self.assertEqual(h.digest_size, 20) 97 self.assertEqual(h.block_size, 64) 98 99 self.assertEqual( 100 hmac.digest(key, data, digest='sha1'), 101 binascii.unhexlify(digest) 102 ) 103 104 105 shatest(b"\x0b" * 20, 106 b"Hi There", 107 "b617318655057264e28bc0b6fb378c8ef146be00") 108 109 shatest(b"Jefe", 110 b"what do ya want for nothing?", 111 "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79") 112 113 shatest(b"\xAA" * 20, 114 b"\xDD" * 50, 115 "125d7342b9ac11cd91a39af48aa17b4f63f175d3") 116 117 shatest(bytes(range(1, 26)), 118 b"\xCD" * 50, 119 "4c9007f4026250c6bc8414f9bf50c86c2d7235da") 120 121 shatest(b"\x0C" * 20, 122 b"Test With Truncation", 123 "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04") 124 125 shatest(b"\xAA" * 80, 126 b"Test Using Larger Than Block-Size Key - Hash Key First", 127 "aa4ae5e15272d00e95705637ce8a3b55ed402112") 128 129 shatest(b"\xAA" * 80, 130 (b"Test Using Larger Than Block-Size Key " 131 b"and Larger Than One Block-Size Data"), 132 "e8e99d0f45237d786d6bbaa7965c7808bbff1a91") 133 134 def _rfc4231_test_cases(self, hashfunc, hash_name, digest_size, block_size): 135 def hmactest(key, data, hexdigests): 136 hmac_name = "hmac-" + hash_name 137 h = hmac.HMAC(key, data, digestmod=hashfunc) 138 self.assertEqual(h.hexdigest().lower(), hexdigests[hashfunc]) 139 self.assertEqual(h.name, hmac_name) 140 self.assertEqual(h.digest_size, digest_size) 141 self.assertEqual(h.block_size, block_size) 142 143 h = hmac.HMAC(key, data, digestmod=hash_name) 144 self.assertEqual(h.hexdigest().lower(), hexdigests[hashfunc]) 145 self.assertEqual(h.name, hmac_name) 146 self.assertEqual(h.digest_size, digest_size) 147 self.assertEqual(h.block_size, block_size) 148 149 self.assertEqual( 150 hmac.digest(key, data, digest=hashfunc), 151 binascii.unhexlify(hexdigests[hashfunc]) 152 ) 153 self.assertEqual( 154 hmac.digest(key, data, digest=hash_name), 155 binascii.unhexlify(hexdigests[hashfunc]) 156 ) 157 158 with unittest.mock.patch('hmac._openssl_md_meths', {}): 159 self.assertEqual( 160 hmac.digest(key, data, digest=hashfunc), 161 binascii.unhexlify(hexdigests[hashfunc]) 162 ) 163 self.assertEqual( 164 hmac.digest(key, data, digest=hash_name), 165 binascii.unhexlify(hexdigests[hashfunc]) 166 ) 167 168 # 4.2. Test Case 1 169 hmactest(key = b'\x0b'*20, 170 data = b'Hi There', 171 hexdigests = { 172 hashlib.sha224: '896fb1128abbdf196832107cd49df33f' 173 '47b4b1169912ba4f53684b22', 174 hashlib.sha256: 'b0344c61d8db38535ca8afceaf0bf12b' 175 '881dc200c9833da726e9376c2e32cff7', 176 hashlib.sha384: 'afd03944d84895626b0825f4ab46907f' 177 '15f9dadbe4101ec682aa034c7cebc59c' 178 'faea9ea9076ede7f4af152e8b2fa9cb6', 179 hashlib.sha512: '87aa7cdea5ef619d4ff0b4241a1d6cb0' 180 '2379f4e2ce4ec2787ad0b30545e17cde' 181 'daa833b7d6b8a702038b274eaea3f4e4' 182 'be9d914eeb61f1702e696c203a126854', 183 }) 184 185 # 4.3. Test Case 2 186 hmactest(key = b'Jefe', 187 data = b'what do ya want for nothing?', 188 hexdigests = { 189 hashlib.sha224: 'a30e01098bc6dbbf45690f3a7e9e6d0f' 190 '8bbea2a39e6148008fd05e44', 191 hashlib.sha256: '5bdcc146bf60754e6a042426089575c7' 192 '5a003f089d2739839dec58b964ec3843', 193 hashlib.sha384: 'af45d2e376484031617f78d2b58a6b1b' 194 '9c7ef464f5a01b47e42ec3736322445e' 195 '8e2240ca5e69e2c78b3239ecfab21649', 196 hashlib.sha512: '164b7a7bfcf819e2e395fbe73b56e0a3' 197 '87bd64222e831fd610270cd7ea250554' 198 '9758bf75c05a994a6d034f65f8f0e6fd' 199 'caeab1a34d4a6b4b636e070a38bce737', 200 }) 201 202 # 4.4. Test Case 3 203 hmactest(key = b'\xaa'*20, 204 data = b'\xdd'*50, 205 hexdigests = { 206 hashlib.sha224: '7fb3cb3588c6c1f6ffa9694d7d6ad264' 207 '9365b0c1f65d69d1ec8333ea', 208 hashlib.sha256: '773ea91e36800e46854db8ebd09181a7' 209 '2959098b3ef8c122d9635514ced565fe', 210 hashlib.sha384: '88062608d3e6ad8a0aa2ace014c8a86f' 211 '0aa635d947ac9febe83ef4e55966144b' 212 '2a5ab39dc13814b94e3ab6e101a34f27', 213 hashlib.sha512: 'fa73b0089d56a284efb0f0756c890be9' 214 'b1b5dbdd8ee81a3655f83e33b2279d39' 215 'bf3e848279a722c806b485a47e67c807' 216 'b946a337bee8942674278859e13292fb', 217 }) 218 219 # 4.5. Test Case 4 220 hmactest(key = bytes(x for x in range(0x01, 0x19+1)), 221 data = b'\xcd'*50, 222 hexdigests = { 223 hashlib.sha224: '6c11506874013cac6a2abc1bb382627c' 224 'ec6a90d86efc012de7afec5a', 225 hashlib.sha256: '82558a389a443c0ea4cc819899f2083a' 226 '85f0faa3e578f8077a2e3ff46729665b', 227 hashlib.sha384: '3e8a69b7783c25851933ab6290af6ca7' 228 '7a9981480850009cc5577c6e1f573b4e' 229 '6801dd23c4a7d679ccf8a386c674cffb', 230 hashlib.sha512: 'b0ba465637458c6990e5a8c5f61d4af7' 231 'e576d97ff94b872de76f8050361ee3db' 232 'a91ca5c11aa25eb4d679275cc5788063' 233 'a5f19741120c4f2de2adebeb10a298dd', 234 }) 235 236 # 4.7. Test Case 6 237 hmactest(key = b'\xaa'*131, 238 data = b'Test Using Larger Than Block-Siz' 239 b'e Key - Hash Key First', 240 hexdigests = { 241 hashlib.sha224: '95e9a0db962095adaebe9b2d6f0dbce2' 242 'd499f112f2d2b7273fa6870e', 243 hashlib.sha256: '60e431591ee0b67f0d8a26aacbf5b77f' 244 '8e0bc6213728c5140546040f0ee37f54', 245 hashlib.sha384: '4ece084485813e9088d2c63a041bc5b4' 246 '4f9ef1012a2b588f3cd11f05033ac4c6' 247 '0c2ef6ab4030fe8296248df163f44952', 248 hashlib.sha512: '80b24263c7c1a3ebb71493c1dd7be8b4' 249 '9b46d1f41b4aeec1121b013783f8f352' 250 '6b56d037e05f2598bd0fd2215d6a1e52' 251 '95e64f73f63f0aec8b915a985d786598', 252 }) 253 254 # 4.8. Test Case 7 255 hmactest(key = b'\xaa'*131, 256 data = b'This is a test using a larger th' 257 b'an block-size key and a larger t' 258 b'han block-size data. The key nee' 259 b'ds to be hashed before being use' 260 b'd by the HMAC algorithm.', 261 hexdigests = { 262 hashlib.sha224: '3a854166ac5d9f023f54d517d0b39dbd' 263 '946770db9c2b95c9f6f565d1', 264 hashlib.sha256: '9b09ffa71b942fcb27635fbcd5b0e944' 265 'bfdc63644f0713938a7f51535c3a35e2', 266 hashlib.sha384: '6617178e941f020d351e2f254e8fd32c' 267 '602420feb0b8fb9adccebb82461e99c5' 268 'a678cc31e799176d3860e6110c46523e', 269 hashlib.sha512: 'e37b6a775dc87dbaa4dfa9f96e5e3ffd' 270 'debd71f8867289865df5a32d20cdc944' 271 'b6022cac3c4982b10d5eeb55c3e4de15' 272 '134676fb6de0446065c97440fa8c6a58', 273 }) 274 275 @requires_hashdigest('sha224', openssl=True) 276 def test_sha224_rfc4231(self): 277 self._rfc4231_test_cases(hashlib.sha224, 'sha224', 28, 64) 278 279 @requires_hashdigest('sha256', openssl=True) 280 def test_sha256_rfc4231(self): 281 self._rfc4231_test_cases(hashlib.sha256, 'sha256', 32, 64) 282 283 @requires_hashdigest('sha384', openssl=True) 284 def test_sha384_rfc4231(self): 285 self._rfc4231_test_cases(hashlib.sha384, 'sha384', 48, 128) 286 287 @requires_hashdigest('sha512', openssl=True) 288 def test_sha512_rfc4231(self): 289 self._rfc4231_test_cases(hashlib.sha512, 'sha512', 64, 128) 290 291 @requires_hashdigest('sha256') 292 def test_legacy_block_size_warnings(self): 293 class MockCrazyHash(object): 294 """Ain't no block_size attribute here.""" 295 def __init__(self, *args): 296 self._x = hashlib.sha256(*args) 297 self.digest_size = self._x.digest_size 298 def update(self, v): 299 self._x.update(v) 300 def digest(self): 301 return self._x.digest() 302 303 with warnings.catch_warnings(): 304 warnings.simplefilter('error', RuntimeWarning) 305 with self.assertRaises(RuntimeWarning): 306 hmac.HMAC(b'a', b'b', digestmod=MockCrazyHash) 307 self.fail('Expected warning about missing block_size') 308 309 MockCrazyHash.block_size = 1 310 with self.assertRaises(RuntimeWarning): 311 hmac.HMAC(b'a', b'b', digestmod=MockCrazyHash) 312 self.fail('Expected warning about small block_size') 313 314 def test_with_digestmod_no_default(self): 315 """The digestmod parameter is required as of Python 3.8.""" 316 with self.assertRaisesRegex(TypeError, r'required.*digestmod'): 317 key = b"\x0b" * 16 318 data = b"Hi There" 319 hmac.HMAC(key, data, digestmod=None) 320 with self.assertRaisesRegex(TypeError, r'required.*digestmod'): 321 hmac.new(key, data) 322 with self.assertRaisesRegex(TypeError, r'required.*digestmod'): 323 hmac.HMAC(key, msg=data, digestmod='') 324 325 326class ConstructorTestCase(unittest.TestCase): 327 328 expected = ( 329 "6c845b47f52b3b47f6590c502db7825aad757bf4fadc8fa972f7cd2e76a5bdeb" 330 ) 331 332 @requires_hashdigest('sha256') 333 def test_normal(self): 334 # Standard constructor call. 335 try: 336 hmac.HMAC(b"key", digestmod='sha256') 337 except Exception: 338 self.fail("Standard constructor call raised exception.") 339 340 @requires_hashdigest('sha256') 341 def test_with_str_key(self): 342 # Pass a key of type str, which is an error, because it expects a key 343 # of type bytes 344 with self.assertRaises(TypeError): 345 h = hmac.HMAC("key", digestmod='sha256') 346 347 @requires_hashdigest('sha256') 348 def test_dot_new_with_str_key(self): 349 # Pass a key of type str, which is an error, because it expects a key 350 # of type bytes 351 with self.assertRaises(TypeError): 352 h = hmac.new("key", digestmod='sha256') 353 354 @requires_hashdigest('sha256') 355 def test_withtext(self): 356 # Constructor call with text. 357 try: 358 h = hmac.HMAC(b"key", b"hash this!", digestmod='sha256') 359 except Exception: 360 self.fail("Constructor call with text argument raised exception.") 361 self.assertEqual(h.hexdigest(), self.expected) 362 363 @requires_hashdigest('sha256') 364 def test_with_bytearray(self): 365 try: 366 h = hmac.HMAC(bytearray(b"key"), bytearray(b"hash this!"), 367 digestmod="sha256") 368 except Exception: 369 self.fail("Constructor call with bytearray arguments raised exception.") 370 self.assertEqual(h.hexdigest(), self.expected) 371 372 @requires_hashdigest('sha256') 373 def test_with_memoryview_msg(self): 374 try: 375 h = hmac.HMAC(b"key", memoryview(b"hash this!"), digestmod="sha256") 376 except Exception: 377 self.fail("Constructor call with memoryview msg raised exception.") 378 self.assertEqual(h.hexdigest(), self.expected) 379 380 @requires_hashdigest('sha256') 381 def test_withmodule(self): 382 # Constructor call with text and digest module. 383 try: 384 h = hmac.HMAC(b"key", b"", hashlib.sha256) 385 except Exception: 386 self.fail("Constructor call with hashlib.sha256 raised exception.") 387 388 389class SanityTestCase(unittest.TestCase): 390 391 @requires_hashdigest('sha256') 392 def test_exercise_all_methods(self): 393 # Exercising all methods once. 394 # This must not raise any exceptions 395 try: 396 h = hmac.HMAC(b"my secret key", digestmod="sha256") 397 h.update(b"compute the hash of this text!") 398 dig = h.digest() 399 dig = h.hexdigest() 400 h2 = h.copy() 401 except Exception: 402 self.fail("Exception raised during normal usage of HMAC class.") 403 404 405class CopyTestCase(unittest.TestCase): 406 407 @requires_hashdigest('sha256') 408 def test_attributes(self): 409 # Testing if attributes are of same type. 410 h1 = hmac.HMAC(b"key", digestmod="sha256") 411 h2 = h1.copy() 412 self.assertTrue(h1.digest_cons == h2.digest_cons, 413 "digest constructors don't match.") 414 self.assertEqual(type(h1.inner), type(h2.inner), 415 "Types of inner don't match.") 416 self.assertEqual(type(h1.outer), type(h2.outer), 417 "Types of outer don't match.") 418 419 @requires_hashdigest('sha256') 420 def test_realcopy(self): 421 # Testing if the copy method created a real copy. 422 h1 = hmac.HMAC(b"key", digestmod="sha256") 423 h2 = h1.copy() 424 # Using id() in case somebody has overridden __eq__/__ne__. 425 self.assertTrue(id(h1) != id(h2), "No real copy of the HMAC instance.") 426 self.assertTrue(id(h1.inner) != id(h2.inner), 427 "No real copy of the attribute 'inner'.") 428 self.assertTrue(id(h1.outer) != id(h2.outer), 429 "No real copy of the attribute 'outer'.") 430 431 @requires_hashdigest('sha256') 432 def test_equality(self): 433 # Testing if the copy has the same digests. 434 h1 = hmac.HMAC(b"key", digestmod="sha256") 435 h1.update(b"some random text") 436 h2 = h1.copy() 437 self.assertEqual(h1.digest(), h2.digest(), 438 "Digest of copy doesn't match original digest.") 439 self.assertEqual(h1.hexdigest(), h2.hexdigest(), 440 "Hexdigest of copy doesn't match original hexdigest.") 441 442class CompareDigestTestCase(unittest.TestCase): 443 444 def test_compare_digest(self): 445 # Testing input type exception handling 446 a, b = 100, 200 447 self.assertRaises(TypeError, hmac.compare_digest, a, b) 448 a, b = 100, b"foobar" 449 self.assertRaises(TypeError, hmac.compare_digest, a, b) 450 a, b = b"foobar", 200 451 self.assertRaises(TypeError, hmac.compare_digest, a, b) 452 a, b = "foobar", b"foobar" 453 self.assertRaises(TypeError, hmac.compare_digest, a, b) 454 a, b = b"foobar", "foobar" 455 self.assertRaises(TypeError, hmac.compare_digest, a, b) 456 457 # Testing bytes of different lengths 458 a, b = b"foobar", b"foo" 459 self.assertFalse(hmac.compare_digest(a, b)) 460 a, b = b"\xde\xad\xbe\xef", b"\xde\xad" 461 self.assertFalse(hmac.compare_digest(a, b)) 462 463 # Testing bytes of same lengths, different values 464 a, b = b"foobar", b"foobaz" 465 self.assertFalse(hmac.compare_digest(a, b)) 466 a, b = b"\xde\xad\xbe\xef", b"\xab\xad\x1d\xea" 467 self.assertFalse(hmac.compare_digest(a, b)) 468 469 # Testing bytes of same lengths, same values 470 a, b = b"foobar", b"foobar" 471 self.assertTrue(hmac.compare_digest(a, b)) 472 a, b = b"\xde\xad\xbe\xef", b"\xde\xad\xbe\xef" 473 self.assertTrue(hmac.compare_digest(a, b)) 474 475 # Testing bytearrays of same lengths, same values 476 a, b = bytearray(b"foobar"), bytearray(b"foobar") 477 self.assertTrue(hmac.compare_digest(a, b)) 478 479 # Testing bytearrays of different lengths 480 a, b = bytearray(b"foobar"), bytearray(b"foo") 481 self.assertFalse(hmac.compare_digest(a, b)) 482 483 # Testing bytearrays of same lengths, different values 484 a, b = bytearray(b"foobar"), bytearray(b"foobaz") 485 self.assertFalse(hmac.compare_digest(a, b)) 486 487 # Testing byte and bytearray of same lengths, same values 488 a, b = bytearray(b"foobar"), b"foobar" 489 self.assertTrue(hmac.compare_digest(a, b)) 490 self.assertTrue(hmac.compare_digest(b, a)) 491 492 # Testing byte bytearray of different lengths 493 a, b = bytearray(b"foobar"), b"foo" 494 self.assertFalse(hmac.compare_digest(a, b)) 495 self.assertFalse(hmac.compare_digest(b, a)) 496 497 # Testing byte and bytearray of same lengths, different values 498 a, b = bytearray(b"foobar"), b"foobaz" 499 self.assertFalse(hmac.compare_digest(a, b)) 500 self.assertFalse(hmac.compare_digest(b, a)) 501 502 # Testing str of same lengths 503 a, b = "foobar", "foobar" 504 self.assertTrue(hmac.compare_digest(a, b)) 505 506 # Testing str of different lengths 507 a, b = "foo", "foobar" 508 self.assertFalse(hmac.compare_digest(a, b)) 509 510 # Testing bytes of same lengths, different values 511 a, b = "foobar", "foobaz" 512 self.assertFalse(hmac.compare_digest(a, b)) 513 514 # Testing error cases 515 a, b = "foobar", b"foobar" 516 self.assertRaises(TypeError, hmac.compare_digest, a, b) 517 a, b = b"foobar", "foobar" 518 self.assertRaises(TypeError, hmac.compare_digest, a, b) 519 a, b = b"foobar", 1 520 self.assertRaises(TypeError, hmac.compare_digest, a, b) 521 a, b = 100, 200 522 self.assertRaises(TypeError, hmac.compare_digest, a, b) 523 a, b = "fooä", "fooä" 524 self.assertRaises(TypeError, hmac.compare_digest, a, b) 525 526 # subclasses are supported by ignore __eq__ 527 class mystr(str): 528 def __eq__(self, other): 529 return False 530 531 a, b = mystr("foobar"), mystr("foobar") 532 self.assertTrue(hmac.compare_digest(a, b)) 533 a, b = mystr("foobar"), "foobar" 534 self.assertTrue(hmac.compare_digest(a, b)) 535 a, b = mystr("foobar"), mystr("foobaz") 536 self.assertFalse(hmac.compare_digest(a, b)) 537 538 class mybytes(bytes): 539 def __eq__(self, other): 540 return False 541 542 a, b = mybytes(b"foobar"), mybytes(b"foobar") 543 self.assertTrue(hmac.compare_digest(a, b)) 544 a, b = mybytes(b"foobar"), b"foobar" 545 self.assertTrue(hmac.compare_digest(a, b)) 546 a, b = mybytes(b"foobar"), mybytes(b"foobaz") 547 self.assertFalse(hmac.compare_digest(a, b)) 548 549 550if __name__ == "__main__": 551 unittest.main() 552