diff options
| -rw-r--r-- | cryptography/hazmat/backends/commoncrypto/hmac.py | 13 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/hmac.py | 13 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/hmac.py | 10 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_ec.py | 10 |
4 files changed, 25 insertions, 21 deletions
diff --git a/cryptography/hazmat/backends/commoncrypto/hmac.py b/cryptography/hazmat/backends/commoncrypto/hmac.py index c2b6c379..b4c7cc3c 100644 --- a/cryptography/hazmat/backends/commoncrypto/hmac.py +++ b/cryptography/hazmat/backends/commoncrypto/hmac.py @@ -14,8 +14,10 @@ from __future__ import absolute_import, division, print_function from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm, _Reasons -from cryptography.hazmat.primitives import interfaces +from cryptography.exceptions import ( + InvalidSignature, UnsupportedAlgorithm, _Reasons +) +from cryptography.hazmat.primitives import constant_time, interfaces @utils.register_interface(interfaces.MACContext) @@ -59,3 +61,10 @@ class _HMACContext(object): self.algorithm.digest_size) self._backend._lib.CCHmacFinal(self._ctx, buf) return self._backend._ffi.buffer(buf)[:] + + def verify(self, signature): + if not isinstance(signature, bytes): + raise TypeError("signature must be bytes.") + digest = self.finalize() + if not constant_time.bytes_eq(digest, signature): + raise InvalidSignature("Signature did not match digest.") diff --git a/cryptography/hazmat/backends/openssl/hmac.py b/cryptography/hazmat/backends/openssl/hmac.py index d5300ea0..07babbf9 100644 --- a/cryptography/hazmat/backends/openssl/hmac.py +++ b/cryptography/hazmat/backends/openssl/hmac.py @@ -15,8 +15,10 @@ from __future__ import absolute_import, division, print_function from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm, _Reasons -from cryptography.hazmat.primitives import interfaces +from cryptography.exceptions import ( + InvalidSignature, UnsupportedAlgorithm, _Reasons +) +from cryptography.hazmat.primitives import constant_time, interfaces @utils.register_interface(interfaces.MACContext) @@ -81,3 +83,10 @@ class _HMACContext(object): assert outlen[0] == self.algorithm.digest_size self._backend._lib.HMAC_CTX_cleanup(self._ctx) return self._backend._ffi.buffer(buf)[:outlen[0]] + + def verify(self, signature): + if not isinstance(signature, bytes): + raise TypeError("signature must be bytes.") + digest = self.finalize() + if not constant_time.bytes_eq(digest, signature): + raise InvalidSignature("Signature did not match digest.") diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 22a31391..4ef2c301 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -15,10 +15,10 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons + AlreadyFinalized, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import HMACBackend -from cryptography.hazmat.primitives import constant_time, interfaces +from cryptography.hazmat.primitives import interfaces @utils.register_interface(interfaces.MACContext) @@ -69,8 +69,4 @@ class HMAC(object): return digest def verify(self, signature): - if not isinstance(signature, bytes): - raise TypeError("signature must be bytes.") - digest = self.finalize() - if not constant_time.bytes_eq(digest, signature): - raise InvalidSignature("Signature did not match digest.") + return self._ctx.verify(signature) diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index 683df046..6aea58a5 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -71,17 +71,7 @@ class DummySignatureAlgorithm(object): algorithm = None -@utils.register_interface(EllipticCurveBackend) class DeprecatedDummyECBackend(object): - def _unimplemented(self): - raise NotImplementedError - - elliptic_curve_signature_algorithm_supported = _unimplemented - load_elliptic_curve_private_numbers = _unimplemented - load_elliptic_curve_public_numbers = _unimplemented - elliptic_curve_supported = _unimplemented - generate_elliptic_curve_private_key = _unimplemented - def elliptic_curve_private_key_from_numbers(self, numbers): return b"private_key" |