many verify, for now

author: Alex Gaynor <alex.gaynor@gmail.com> 2014-10-28 07:50:35 -0700
committer: Alex Gaynor <alex.gaynor@gmail.com> 2014-10-28 07:50:35 -0700
commit: c63c31e1138e8f0900dd7c5d38320e31532c99b5 (patch)
tree: b440add91f36b6c740c9a87e0922b85f251ed3c2 /cryptography
parent: 91d0ba1380c27e8a6b62be18e76536000d7006ea (diff)
download: cryptography-c63c31e1138e8f0900dd7c5d38320e31532c99b5.tar.gz
cryptography-c63c31e1138e8f0900dd7c5d38320e31532c99b5.tar.bz2
cryptography-c63c31e1138e8f0900dd7c5d38320e31532c99b5.zip
2 files changed, 14 insertions, 6 deletions
diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py
index a70a9a42..7ae5c118 100644
--- a/cryptography/hazmat/primitives/cmac.py
+++ b/cryptography/hazmat/primitives/cmac.py
@@ -15,10 +15,10 @@ from __future__ import absolute_import, division, print_function
 
 from cryptography import utils
 from cryptography.exceptions import (
-    AlreadyFinalized, UnsupportedAlgorithm, _Reasons
+    AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons
 )
 from cryptography.hazmat.backends.interfaces import CMACBackend
-from cryptography.hazmat.primitives import interfaces
+from cryptography.hazmat.primitives import constant_time, interfaces
 
 
 @utils.register_interface(interfaces.MACContext)
@@ -57,7 +57,11 @@ class CMAC(object):
         return digest
 
     def verify(self, signature):
-        self._ctx.verify(signature)
+        if not isinstance(signature, bytes):
+            raise TypeError("signature must be bytes.")
+        digest = self.finalize()
+        if not constant_time.bytes_eq(digest, signature):
+            raise InvalidSignature("Signature did not match digest.")
 
     def copy(self):
         if self._ctx is None:
diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
index 4ef2c301..22a31391 100644
--- a/cryptography/hazmat/primitives/hmac.py
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -15,10 +15,10 @@ from __future__ import absolute_import, division, print_function
 
 from cryptography import utils
 from cryptography.exceptions import (
-    AlreadyFinalized, UnsupportedAlgorithm, _Reasons
+    AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons
 )
 from cryptography.hazmat.backends.interfaces import HMACBackend
-from cryptography.hazmat.primitives import interfaces
+from cryptography.hazmat.primitives import constant_time, interfaces
 
 
 @utils.register_interface(interfaces.MACContext)
@@ -69,4 +69,8 @@ class HMAC(object):
         return digest
 
     def verify(self, signature):
-        return self._ctx.verify(signature)
+        if not isinstance(signature, bytes):
+            raise TypeError("signature must be bytes.")
+        digest = self.finalize()
+        if not constant_time.bytes_eq(digest, signature):
+            raise InvalidSignature("Signature did not match digest.")
author	Alex Gaynor <alex.gaynor@gmail.com>	2014-10-28 07:50:35 -0700
committer	Alex Gaynor <alex.gaynor@gmail.com>	2014-10-28 07:50:35 -0700
commit	c63c31e1138e8f0900dd7c5d38320e31532c99b5 (patch)
tree	b440add91f36b6c740c9a87e0922b85f251ed3c2 /cryptography
parent	91d0ba1380c27e8a6b62be18e76536000d7006ea (diff)
download	cryptography-c63c31e1138e8f0900dd7c5d38320e31532c99b5.tar.gz cryptography-c63c31e1138e8f0900dd7c5d38320e31532c99b5.tar.bz2 cryptography-c63c31e1138e8f0900dd7c5d38320e31532c99b5.zip