diff options
| author | Julian Krause <julian.krause@gmail.com> | 2013-12-17 21:26:23 -0800 |
|---|---|---|
| committer | Julian Krause <julian.krause@gmail.com> | 2013-12-17 21:26:23 -0800 |
| commit | 2288e30119e2af3e2b448345cf6a9e61f8d06aa0 (patch) | |
| tree | 9b36ad3394d2d4348c40f40c049815f38378bf0b /cryptography | |
| parent | a4aa420cc6c0203d201a0f418af68d1f11abbcf5 (diff) | |
| download | cryptography-2288e30119e2af3e2b448345cf6a9e61f8d06aa0.tar.gz cryptography-2288e30119e2af3e2b448345cf6a9e61f8d06aa0.tar.bz2 cryptography-2288e30119e2af3e2b448345cf6a9e61f8d06aa0.zip | |
Add verify function to hmac and hashes.
Diffstat (limited to 'cryptography')
| -rw-r--r-- | cryptography/exceptions.py | 4 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/hashes.py | 11 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/hmac.py | 11 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/interfaces.py | 6 |
4 files changed, 28 insertions, 4 deletions
diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py index e9d88199..44363c24 100644 --- a/cryptography/exceptions.py +++ b/cryptography/exceptions.py @@ -30,3 +30,7 @@ class NotYetFinalized(Exception): class InvalidTag(Exception): pass + + +class InvalidSignature(Exception): + pass diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py index bee188b3..b3c626d4 100644 --- a/cryptography/hazmat/primitives/hashes.py +++ b/cryptography/hazmat/primitives/hashes.py @@ -16,8 +16,8 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized -from cryptography.hazmat.primitives import interfaces +from cryptography.exceptions import AlreadyFinalized, InvalidSignature +from cryptography.hazmat.primitives import constant_time, interfaces @utils.register_interface(interfaces.HashContext) @@ -55,6 +55,13 @@ class Hash(object): self._ctx = None return digest + def verify(self, sig): + if isinstance(sig, six.text_type): + raise TypeError("Unicode-objects must be encoded before verifying") + digest = self.finalize() + if not constant_time.bytes_eq(digest, sig): + raise InvalidSignature("Signature did not match digest.") + @utils.register_interface(interfaces.HashAlgorithm) class SHA1(object): diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 618bccc5..8ade84aa 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -16,8 +16,8 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized -from cryptography.hazmat.primitives import interfaces +from cryptography.exceptions import AlreadyFinalized, InvalidSignature +from cryptography.hazmat.primitives import constant_time, interfaces @utils.register_interface(interfaces.HashContext) @@ -57,3 +57,10 @@ class HMAC(object): digest = self._ctx.finalize() self._ctx = None return digest + + def verify(self, sig): + if isinstance(sig, six.text_type): + raise TypeError("Unicode-objects must be encoded before verifying") + digest = self.finalize() + if not constant_time.bytes_eq(digest, sig): + raise InvalidSignature("Signature did not match digest.") diff --git a/cryptography/hazmat/primitives/interfaces.py b/cryptography/hazmat/primitives/interfaces.py index e3f4f586..76dc9339 100644 --- a/cryptography/hazmat/primitives/interfaces.py +++ b/cryptography/hazmat/primitives/interfaces.py @@ -152,3 +152,9 @@ class HashContext(six.with_metaclass(abc.ABCMeta)): """ return a HashContext that is a copy of the current context. """ + + @abc.abstractmethod + def verify(self, sig): + """ + compare digest to sig and raise exception if not equal. + """ |