Make sure the backend implementatinos of various interfaces have verify() methods.

Also make the frontend versions actually use them
author: Alex Gaynor <alex.gaynor@gmail.com> 2014-10-30 13:29:31 -0700
committer: Alex Gaynor <alex.gaynor@gmail.com> 2014-10-30 13:29:31 -0700
commit: 754d459b4746e84218164593e5b88208e178f1da (patch)
tree: e85479172bf7730f9ad6837e4f14cf0c6744123b /cryptography/hazmat/primitives/cmac.py
parent: 083091eaef3f84d23eee6c7390d074d05ef78d96 (diff)
download: cryptography-754d459b4746e84218164593e5b88208e178f1da.tar.gz
cryptography-754d459b4746e84218164593e5b88208e178f1da.tar.bz2
cryptography-754d459b4746e84218164593e5b88208e178f1da.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py
index 7ae5c118..d5e26a57 100644
--- a/cryptography/hazmat/primitives/cmac.py
+++ b/cryptography/hazmat/primitives/cmac.py
@@ -59,9 +59,11 @@ class CMAC(object):
     def verify(self, signature):
         if not isinstance(signature, bytes):
             raise TypeError("signature must be bytes.")
-        digest = self.finalize()
-        if not constant_time.bytes_eq(digest, signature):
-            raise InvalidSignature("Signature did not match digest.")
+        if self._ctx is None:
+            raise AlreadyFinalized("Context was already finalized.")
+
+        ctx, self._ctx = self._ctx, None
+        ctx.verify(signature)
 
     def copy(self):
         if self._ctx is None:
author	Alex Gaynor <alex.gaynor@gmail.com>	2014-10-30 13:29:31 -0700
committer	Alex Gaynor <alex.gaynor@gmail.com>	2014-10-30 13:29:31 -0700
commit	754d459b4746e84218164593e5b88208e178f1da (patch)
tree	e85479172bf7730f9ad6837e4f14cf0c6744123b /cryptography/hazmat/primitives/cmac.py
parent	083091eaef3f84d23eee6c7390d074d05ef78d96 (diff)
download	cryptography-754d459b4746e84218164593e5b88208e178f1da.tar.gz cryptography-754d459b4746e84218164593e5b88208e178f1da.tar.bz2 cryptography-754d459b4746e84218164593e5b88208e178f1da.zip