diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-10-28 07:50:35 -0700 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-10-28 07:50:35 -0700 |
| commit | c63c31e1138e8f0900dd7c5d38320e31532c99b5 (patch) | |
| tree | b440add91f36b6c740c9a87e0922b85f251ed3c2 | |
| parent | 91d0ba1380c27e8a6b62be18e76536000d7006ea (diff) | |
| download | cryptography-c63c31e1138e8f0900dd7c5d38320e31532c99b5.tar.gz cryptography-c63c31e1138e8f0900dd7c5d38320e31532c99b5.tar.bz2 cryptography-c63c31e1138e8f0900dd7c5d38320e31532c99b5.zip | |
many verify, for now
| -rw-r--r-- | cryptography/hazmat/primitives/cmac.py | 10 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/hmac.py | 10 |
2 files changed, 14 insertions, 6 deletions
diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py index a70a9a42..7ae5c118 100644 --- a/cryptography/hazmat/primitives/cmac.py +++ b/cryptography/hazmat/primitives/cmac.py @@ -15,10 +15,10 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, UnsupportedAlgorithm, _Reasons + AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import CMACBackend -from cryptography.hazmat.primitives import interfaces +from cryptography.hazmat.primitives import constant_time, interfaces @utils.register_interface(interfaces.MACContext) @@ -57,7 +57,11 @@ class CMAC(object): return digest def verify(self, signature): - self._ctx.verify(signature) + if not isinstance(signature, bytes): + raise TypeError("signature must be bytes.") + digest = self.finalize() + if not constant_time.bytes_eq(digest, signature): + raise InvalidSignature("Signature did not match digest.") def copy(self): if self._ctx is None: diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 4ef2c301..22a31391 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -15,10 +15,10 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, UnsupportedAlgorithm, _Reasons + AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import HMACBackend -from cryptography.hazmat.primitives import interfaces +from cryptography.hazmat.primitives import constant_time, interfaces @utils.register_interface(interfaces.MACContext) @@ -69,4 +69,8 @@ class HMAC(object): return digest def verify(self, signature): - return self._ctx.verify(signature) + if not isinstance(signature, bytes): + raise TypeError("signature must be bytes.") + digest = self.finalize() + if not constant_time.bytes_eq(digest, signature): + raise InvalidSignature("Signature did not match digest.") |