diff options
Diffstat (limited to 'cryptography/hazmat')
| -rw-r--r-- | cryptography/hazmat/primitives/hashes.py | 11 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/hmac.py | 11 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/interfaces.py | 6 |
3 files changed, 24 insertions, 4 deletions
diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py index bee188b3..c71377d7 100644 --- a/cryptography/hazmat/primitives/hashes.py +++ b/cryptography/hazmat/primitives/hashes.py @@ -16,8 +16,8 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized -from cryptography.hazmat.primitives import interfaces +from cryptography.exceptions import AlreadyFinalized, InvalidSignature +from cryptography.hazmat.primitives import constant_time, interfaces @utils.register_interface(interfaces.HashContext) @@ -55,6 +55,13 @@ class Hash(object): self._ctx = None return digest + def verify(self, digest): + if isinstance(digest, six.text_type): + raise TypeError("Unicode-objects must be encoded before verifying") + hash_digest = self.finalize() + if not constant_time.bytes_eq(digest, hash_digest): + raise InvalidSignature("Digest did not match hash digest.") + @utils.register_interface(interfaces.HashAlgorithm) class SHA1(object): diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 618bccc5..76d658aa 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -16,8 +16,8 @@ from __future__ import absolute_import, division, print_function import six from cryptography import utils -from cryptography.exceptions import AlreadyFinalized -from cryptography.hazmat.primitives import interfaces +from cryptography.exceptions import AlreadyFinalized, InvalidSignature +from cryptography.hazmat.primitives import constant_time, interfaces @utils.register_interface(interfaces.HashContext) @@ -57,3 +57,10 @@ class HMAC(object): digest = self._ctx.finalize() self._ctx = None return digest + + def verify(self, signature): + if isinstance(signature, six.text_type): + raise TypeError("Unicode-objects must be encoded before verifying") + digest = self.finalize() + if not constant_time.bytes_eq(digest, signature): + raise InvalidSignature("Signature did not match digest.") diff --git a/cryptography/hazmat/primitives/interfaces.py b/cryptography/hazmat/primitives/interfaces.py index e87c9ca9..c6377df5 100644 --- a/cryptography/hazmat/primitives/interfaces.py +++ b/cryptography/hazmat/primitives/interfaces.py @@ -162,3 +162,9 @@ class HashContext(six.with_metaclass(abc.ABCMeta)): """ Return a HashContext that is a copy of the current context. """ + + @abc.abstractmethod + def verify(self, sig): + """ + compare digest to sig and raise exception if not equal. + """ |