MCPcopy Index your code
hub / github.com/python/cpython / _verify_challenge

Function _verify_challenge

Lib/multiprocessing/connection.py:941–963  ·  view source on GitHub ↗

Verify MAC challenge If our message did not include a digest_name prefix, the client is allowed to select a stronger digest_name from _ALLOWED_DIGESTS. In case our message is prefixed, a client cannot downgrade to a weaker algorithm, because the MAC is calculated over the entire me

(authkey, message, response)

Source from the content-addressed store, hash-verified

939
940
941def _verify_challenge(authkey, message, response):
942 """Verify MAC challenge
943
944 If our message did not include a digest_name prefix, the client is allowed
945 to select a stronger digest_name from _ALLOWED_DIGESTS.
946
947 In case our message is prefixed, a client cannot downgrade to a weaker
948 algorithm, because the MAC is calculated over the entire message
949 including the '{digest_name}' prefix.
950 """
951 import hmac
952 response_digest, response_mac = _get_digest_name_and_payload(response)
953 response_digest = response_digest or 'md5'
954 try:
955 expected = hmac.new(authkey, message, response_digest).digest()
956 except ValueError:
957 raise AuthenticationError(f'{response_digest=} unsupported')
958 if len(expected) != len(response_mac):
959 raise AuthenticationError(
960 f'expected {response_digest!r} of length {len(expected)} '
961 f'got {len(response_mac)}')
962 if not hmac.compare_digest(expected, response_mac):
963 raise AuthenticationError('digest received was wrong')
964
965
966def deliver_challenge(connection, authkey: bytes, digest_name='sha256'):

Callers 1

deliver_challengeFunction · 0.85

Calls 5

AuthenticationErrorClass · 0.85
compare_digestMethod · 0.80
digestMethod · 0.45
newMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…