aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cryptography/hazmat/primitives/cmac.py10
-rw-r--r--cryptography/hazmat/primitives/hmac.py10
2 files changed, 14 insertions, 6 deletions
diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py
index a70a9a42..7ae5c118 100644
--- a/cryptography/hazmat/primitives/cmac.py
+++ b/cryptography/hazmat/primitives/cmac.py
@@ -15,10 +15,10 @@ from __future__ import absolute_import, division, print_function
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, UnsupportedAlgorithm, _Reasons
+ AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import CMACBackend
-from cryptography.hazmat.primitives import interfaces
+from cryptography.hazmat.primitives import constant_time, interfaces
@utils.register_interface(interfaces.MACContext)
@@ -57,7 +57,11 @@ class CMAC(object):
return digest
def verify(self, signature):
- self._ctx.verify(signature)
+ if not isinstance(signature, bytes):
+ raise TypeError("signature must be bytes.")
+ digest = self.finalize()
+ if not constant_time.bytes_eq(digest, signature):
+ raise InvalidSignature("Signature did not match digest.")
def copy(self):
if self._ctx is None:
diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
index 4ef2c301..22a31391 100644
--- a/cryptography/hazmat/primitives/hmac.py
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -15,10 +15,10 @@ from __future__ import absolute_import, division, print_function
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, UnsupportedAlgorithm, _Reasons
+ AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import HMACBackend
-from cryptography.hazmat.primitives import interfaces
+from cryptography.hazmat.primitives import constant_time, interfaces
@utils.register_interface(interfaces.MACContext)
@@ -69,4 +69,8 @@ class HMAC(object):
return digest
def verify(self, signature):
- return self._ctx.verify(signature)
+ if not isinstance(signature, bytes):
+ raise TypeError("signature must be bytes.")
+ digest = self.finalize()
+ if not constant_time.bytes_eq(digest, signature):
+ raise InvalidSignature("Signature did not match digest.")
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-11 20:08:12 +0000