10 files changed, 143 insertions, 38 deletions
diff --git a/cryptography/hazmat/backends/commoncrypto/hmac.py b/cryptography/hazmat/backends/commoncrypto/hmac.py
index c2b6c379..b4c7cc3c 100644
--- a/cryptography/hazmat/backends/commoncrypto/hmac.py
+++ b/cryptography/hazmat/backends/commoncrypto/hmac.py
@@ -14,8 +14,10 @@
 from __future__ import absolute_import, division, print_function
 
 from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
-from cryptography.hazmat.primitives import interfaces
+from cryptography.exceptions import (
+    InvalidSignature, UnsupportedAlgorithm, _Reasons
+)
+from cryptography.hazmat.primitives import constant_time, interfaces
 
 
 @utils.register_interface(interfaces.MACContext)
@@ -59,3 +61,10 @@ class _HMACContext(object):
                                      self.algorithm.digest_size)
         self._backend._lib.CCHmacFinal(self._ctx, buf)
         return self._backend._ffi.buffer(buf)[:]
+
+    def verify(self, signature):
+        if not isinstance(signature, bytes):
+            raise TypeError("signature must be bytes.")
+        digest = self.finalize()
+        if not constant_time.bytes_eq(digest, signature):
+            raise InvalidSignature("Signature did not match digest.")
diff --git a/cryptography/hazmat/backends/openssl/cmac.py b/cryptography/hazmat/backends/openssl/cmac.py
index 6a844cdc..113188ca 100644
--- a/cryptography/hazmat/backends/openssl/cmac.py
+++ b/cryptography/hazmat/backends/openssl/cmac.py
@@ -15,8 +15,10 @@ from __future__ import absolute_import, division, print_function
 
 
 from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
-from cryptography.hazmat.primitives import interfaces
+from cryptography.exceptions import (
+    InvalidSignature, UnsupportedAlgorithm, _Reasons
+)
+from cryptography.hazmat.primitives import constant_time, interfaces
 from cryptography.hazmat.primitives.ciphers.modes import CBC
 
 
@@ -80,3 +82,10 @@ class _CMACContext(object):
         return _CMACContext(
             self._backend, self._algorithm, ctx=copied_ctx
         )
+
+    def verify(self, signature):
+        if not isinstance(signature, bytes):
+            raise TypeError("signature must be bytes.")
+        digest = self.finalize()
+        if not constant_time.bytes_eq(digest, signature):
+            raise InvalidSignature("Signature did not match digest.")
diff --git a/cryptography/hazmat/backends/openssl/hmac.py b/cryptography/hazmat/backends/openssl/hmac.py
index d5300ea0..07babbf9 100644
--- a/cryptography/hazmat/backends/openssl/hmac.py
+++ b/cryptography/hazmat/backends/openssl/hmac.py
@@ -15,8 +15,10 @@ from __future__ import absolute_import, division, print_function
 
 
 from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
-from cryptography.hazmat.primitives import interfaces
+from cryptography.exceptions import (
+    InvalidSignature, UnsupportedAlgorithm, _Reasons
+)
+from cryptography.hazmat.primitives import constant_time, interfaces
 
 
 @utils.register_interface(interfaces.MACContext)
@@ -81,3 +83,10 @@ class _HMACContext(object):
         assert outlen[0] == self.algorithm.digest_size
         self._backend._lib.HMAC_CTX_cleanup(self._ctx)
         return self._backend._ffi.buffer(buf)[:outlen[0]]
+
+    def verify(self, signature):
+        if not isinstance(signature, bytes):
+            raise TypeError("signature must be bytes.")
+        digest = self.finalize()
+        if not constant_time.bytes_eq(digest, signature):
+            raise InvalidSignature("Signature did not match digest.")
diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py
index 7ae5c118..a70a9a42 100644
--- a/cryptography/hazmat/primitives/cmac.py
+++ b/cryptography/hazmat/primitives/cmac.py
@@ -15,10 +15,10 @@ from __future__ import absolute_import, division, print_function
 
 from cryptography import utils
 from cryptography.exceptions import (
-    AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons
+    AlreadyFinalized, UnsupportedAlgorithm, _Reasons
 )
 from cryptography.hazmat.backends.interfaces import CMACBackend
-from cryptography.hazmat.primitives import constant_time, interfaces
+from cryptography.hazmat.primitives import interfaces
 
 
 @utils.register_interface(interfaces.MACContext)
@@ -57,11 +57,7 @@ class CMAC(object):
         return digest
 
     def verify(self, signature):
-        if not isinstance(signature, bytes):
-            raise TypeError("signature must be bytes.")
-        digest = self.finalize()
-        if not constant_time.bytes_eq(digest, signature):
-            raise InvalidSignature("Signature did not match digest.")
+        self._ctx.verify(signature)
 
     def copy(self):
         if self._ctx is None:
diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
index 22a31391..4ef2c301 100644
--- a/cryptography/hazmat/primitives/hmac.py
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -15,10 +15,10 @@ from __future__ import absolute_import, division, print_function
 
 from cryptography import utils
 from cryptography.exceptions import (
-    AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons
+    AlreadyFinalized, UnsupportedAlgorithm, _Reasons
 )
 from cryptography.hazmat.backends.interfaces import HMACBackend
-from cryptography.hazmat.primitives import constant_time, interfaces
+from cryptography.hazmat.primitives import interfaces
 
 
 @utils.register_interface(interfaces.MACContext)
@@ -69,8 +69,4 @@ class HMAC(object):
         return digest
 
     def verify(self, signature):
-        if not isinstance(signature, bytes):
-            raise TypeError("signature must be bytes.")
-        digest = self.finalize()
-        if not constant_time.bytes_eq(digest, signature):
-            raise InvalidSignature("Signature did not match digest.")
+        return self._ctx.verify(signature)
diff --git a/cryptography/utils.py b/cryptography/utils.py
index 1deb3d1d..03c8c0e8 100644
--- a/cryptography/utils.py
+++ b/cryptography/utils.py
@@ -13,6 +13,8 @@
 
 from __future__ import absolute_import, division, print_function
 
+import abc
+import inspect
 import sys
 
 
@@ -21,6 +23,7 @@ DeprecatedIn06 = DeprecationWarning
 
 def register_interface(iface):
     def register_decorator(klass):
+        verify_interface(iface, klass)
         iface.register(klass)
         return klass
     return register_decorator
@@ -30,6 +33,30 @@ def read_only_property(name):
     return property(lambda self: getattr(self, name))
 
 
+class InterfaceNotImplemented(Exception):
+    pass
+
+
+def verify_interface(iface, klass):
+    for method in iface.__abstractmethods__:
+        if not hasattr(klass, method):
+            raise InterfaceNotImplemented(
+                "{0} is missing a {1!r} method".format(klass, method)
+            )
+        if isinstance(getattr(iface, method), abc.abstractproperty):
+            # Can't properly verify these yet.
+            continue
+        spec = inspect.getargspec(getattr(iface, method))
+        actual = inspect.getargspec(getattr(klass, method))
+        if spec != actual:
+            raise InterfaceNotImplemented(
+                "{0}.{1}'s signature differs from the expected. Expected: "
+                "{2!r}. Received: {3!r}".format(
+                    klass, method, spec, actual
+                )
+            )
+
+
 def bit_length(x):
     if sys.version_info >= (2, 7):
         return x.bit_length()
diff --git a/tests/hazmat/primitives/test_cmac.py b/tests/hazmat/primitives/test_cmac.py
index 49e2043e..d9619daa 100644
--- a/tests/hazmat/primitives/test_cmac.py
+++ b/tests/hazmat/primitives/test_cmac.py
@@ -21,10 +21,10 @@ import pytest
 
 import six
 
-from cryptography import utils
 from cryptography.exceptions import (
     AlreadyFinalized, InvalidSignature, _Reasons
 )
+from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.backends.interfaces import CMACBackend
 from cryptography.hazmat.primitives.ciphers.algorithms import (
     AES, ARC4, TripleDES
@@ -195,18 +195,14 @@ class TestCMAC(object):
 
 
 def test_copy():
-    @utils.register_interface(CMACBackend)
-    class PretendBackend(object):
-        pass
-
-    pretend_backend = PretendBackend()
+    backend = default_backend()
     copied_ctx = pretend.stub()
     pretend_ctx = pretend.stub(copy=lambda: copied_ctx)
     key = b"2b7e151628aed2a6abf7158809cf4f3c"
-    cmac = CMAC(AES(key), backend=pretend_backend, ctx=pretend_ctx)
+    cmac = CMAC(AES(key), backend=backend, ctx=pretend_ctx)
 
-    assert cmac._backend is pretend_backend
-    assert cmac.copy()._backend is pretend_backend
+    assert cmac._backend is backend
+    assert cmac.copy()._backend is backend
 
 
 def test_invalid_backend():
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
index e6a9146c..6aea58a5 100644
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@@ -71,7 +71,6 @@ class DummySignatureAlgorithm(object):
     algorithm = None
 
 
-@utils.register_interface(EllipticCurveBackend)
 class DeprecatedDummyECBackend(object):
     def elliptic_curve_private_key_from_numbers(self, numbers):
         return b"private_key"
diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py
index 0fdd7550..4345a7f4 100644
--- a/tests/hazmat/primitives/test_hashes.py
+++ b/tests/hazmat/primitives/test_hashes.py
@@ -23,6 +23,7 @@ from cryptography import utils
 from cryptography.exceptions import (
     AlreadyFinalized, _Reasons
 )
+from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.backends.interfaces import HashBackend
 from cryptography.hazmat.primitives import hashes, interfaces
 
@@ -45,16 +46,11 @@ class TestHashContext(object):
             m.update(six.u("\u00FC"))
 
     def test_copy_backend_object(self):
-        @utils.register_interface(HashBackend)
-        class PretendBackend(object):
-            pass
-
-        pretend_backend = PretendBackend()
+        backend = default_backend()
         copied_ctx = pretend.stub()
         pretend_ctx = pretend.stub(copy=lambda: copied_ctx)
-        h = hashes.Hash(hashes.SHA1(), backend=pretend_backend,
-                        ctx=pretend_ctx)
-        assert h._backend is pretend_backend
+        h = hashes.Hash(hashes.SHA1(), backend=backend, ctx=pretend_ctx)
+        assert h._backend is backend
         assert h.copy()._backend is h._backend
 
     def test_hash_algorithm_instance(self, backend):
diff --git a/tests/test_interfaces.py b/tests/test_interfaces.py
new file mode 100644
index 00000000..0c72ad33
--- /dev/null
+++ b/tests/test_interfaces.py
@@ -0,0 +1,68 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import abc
+
+import pytest
+
+import six
+
+from cryptography.utils import (
+    InterfaceNotImplemented, register_interface, verify_interface
+)
+
+
+class TestVerifyInterface(object):
+    def test_verify_missing_method(self):
+        @six.add_metaclass(abc.ABCMeta)
+        class SimpleInterface(object):
+            @abc.abstractmethod
+            def method(self):
+                """A simple method"""
+
+        @register_interface(SimpleInterface)
+        class NonImplementer(object):
+            pass
+
+        with pytest.raises(InterfaceNotImplemented):
+            verify_interface(SimpleInterface, NonImplementer)
+
+    def test_different_arguments(self):
+        @six.add_metaclass(abc.ABCMeta)
+        class SimpleInterface(object):
+            @abc.abstractmethod
+            def method(self, a):
+                """Method with one argument"""
+
+        @register_interface(SimpleInterface)
+        class NonImplementer(object):
+            def method(self):
+                """Method with no arguments"""
+
+        with pytest.raises(InterfaceNotImplemented):
+            verify_interface(SimpleInterface, NonImplementer)
+
+    def test_handles_abstract_property(self):
+        @six.add_metaclass(abc.ABCMeta)
+        class SimpleInterface(object):
+            @abc.abstractproperty
+            def property(self):
+                """An abstract property"""
+
+        @register_interface(SimpleInterface)
+        class NonImplementer(object):
+            @property
+            def property(self):
+                """A concrete property"""
+
+        verify_interface(SimpleInterface, NonImplementer)