From 4115d04777837dbff7198df6ab75ffd19e6ada3c Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 21 Oct 2014 10:55:30 -0700 Subject: Fixes #1024 -- a utility function for checking an implementor against an ABC --- cryptography/utils.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/cryptography/utils.py b/cryptography/utils.py index 55187c3b..636776f4 100644 --- a/cryptography/utils.py +++ b/cryptography/utils.py @@ -13,6 +13,7 @@ from __future__ import absolute_import, division, print_function +import inspect import sys @@ -26,6 +27,26 @@ def register_interface(iface): return register_decorator +class InterfaceNotImplemented(Exception): + pass + + +def verify_interface(iface, klass): + for method in iface.__abstractmethods__: + if not hasattr(klass, method): + raise InterfaceNotImplemented( + "{0} is missing a {1!r} method".format(klass, method) + ) + spec = getattr(iface, method).__func__ + actual = getattr(klass, method) + if inspect.getargspec(spec) != inspect.getargspec(actual): + raise InterfaceNotImplemented( + "{0}.{1}'s signature differs from the expected".format( + klass, method + ) + ) + + def bit_length(x): if sys.version_info >= (2, 7): return x.bit_length() -- cgit v1.2.3 From 87112406861c58a342887fb2fe5656b4e40b5397 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 21 Oct 2014 10:56:33 -0700 Subject: whoops, forgotten file --- tests/test_interfaces.py | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 tests/test_interfaces.py diff --git a/tests/test_interfaces.py b/tests/test_interfaces.py new file mode 100644 index 00000000..e8e97022 --- /dev/null +++ b/tests/test_interfaces.py @@ -0,0 +1,40 @@ +import abc + +import pytest + +import six + +from cryptography.utils import ( + InterfaceNotImplemented, register_interface, verify_interface +) + + +class TestVerifyInterface(object): + def test_verify_missing_method(self): + @six.add_metaclass(abc.ABCMeta) + class SimpleInterface(object): + @abc.abstractmethod + def method(self): + pass + + @register_interface(SimpleInterface) + class NonImplementer(object): + pass + + with pytest.raises(InterfaceNotImplemented): + verify_interface(SimpleInterface, NonImplementer) + + def test_different_arguments(self): + @six.add_metaclass(abc.ABCMeta) + class SimpleInterface(object): + @abc.abstractmethod + def method(self, a): + pass + + @register_interface(SimpleInterface) + class NonImplementer(object): + def method(self): + pass + + with pytest.raises(InterfaceNotImplemented): + verify_interface(SimpleInterface, NonImplementer) -- cgit v1.2.3 From f6d8ccc954fb3a2ecd1821b775837398a461ab3a Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 21 Oct 2014 11:03:31 -0700 Subject: Added header --- tests/test_interfaces.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/test_interfaces.py b/tests/test_interfaces.py index e8e97022..bcc1010a 100644 --- a/tests/test_interfaces.py +++ b/tests/test_interfaces.py @@ -1,3 +1,16 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + import abc import pytest -- cgit v1.2.3 From bf940c86bf42a66320193b5bc628aa810667d4b4 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 21 Oct 2014 11:15:41 -0700 Subject: py3k fix --- cryptography/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cryptography/utils.py b/cryptography/utils.py index 636776f4..818f4e80 100644 --- a/cryptography/utils.py +++ b/cryptography/utils.py @@ -37,7 +37,7 @@ def verify_interface(iface, klass): raise InterfaceNotImplemented( "{0} is missing a {1!r} method".format(klass, method) ) - spec = getattr(iface, method).__func__ + spec = getattr(iface, method) actual = getattr(klass, method) if inspect.getargspec(spec) != inspect.getargspec(actual): raise InterfaceNotImplemented( -- cgit v1.2.3 From 15dde27e5e14270f8e8837abe26c4ea1710bf053 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 21 Oct 2014 11:41:53 -0700 Subject: Fix for abstractproperty, and make things nicer --- cryptography/utils.py | 15 ++++++++++----- tests/test_interfaces.py | 15 +++++++++++++++ 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/cryptography/utils.py b/cryptography/utils.py index 818f4e80..e4ec6ccf 100644 --- a/cryptography/utils.py +++ b/cryptography/utils.py @@ -13,6 +13,7 @@ from __future__ import absolute_import, division, print_function +import abc import inspect import sys @@ -37,12 +38,16 @@ def verify_interface(iface, klass): raise InterfaceNotImplemented( "{0} is missing a {1!r} method".format(klass, method) ) - spec = getattr(iface, method) - actual = getattr(klass, method) - if inspect.getargspec(spec) != inspect.getargspec(actual): + if isinstance(getattr(iface, method), abc.abstractproperty): + # Can't properly verify these yet. + continue + spec = inspect.getargspec(getattr(iface, method)) + actual = inspect.getargspec(getattr(klass, method)) + if spec != actual: raise InterfaceNotImplemented( - "{0}.{1}'s signature differs from the expected".format( - klass, method + "{0}.{1}'s signature differs from the expected. Expected: " + "{2!r}. Received: {3!r}".format( + klass, method, spec, actual ) ) diff --git a/tests/test_interfaces.py b/tests/test_interfaces.py index bcc1010a..e24f4db2 100644 --- a/tests/test_interfaces.py +++ b/tests/test_interfaces.py @@ -51,3 +51,18 @@ class TestVerifyInterface(object): with pytest.raises(InterfaceNotImplemented): verify_interface(SimpleInterface, NonImplementer) + + def test_handles_abstract_property(self): + @six.add_metaclass(abc.ABCMeta) + class SimpleInterface(object): + @abc.abstractproperty + def property(self): + pass + + @register_interface(SimpleInterface) + class NonImplementer(object): + @property + def property(self): + pass + + verify_interface(SimpleInterface, NonImplementer) -- cgit v1.2.3 From 67a4dd1a2227af1a3461c92edc5316ab9fe7a942 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 21 Oct 2014 23:57:04 -0700 Subject: fix up the line coverage --- tests/test_interfaces.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/test_interfaces.py b/tests/test_interfaces.py index e24f4db2..0c72ad33 100644 --- a/tests/test_interfaces.py +++ b/tests/test_interfaces.py @@ -28,7 +28,7 @@ class TestVerifyInterface(object): class SimpleInterface(object): @abc.abstractmethod def method(self): - pass + """A simple method""" @register_interface(SimpleInterface) class NonImplementer(object): @@ -42,12 +42,12 @@ class TestVerifyInterface(object): class SimpleInterface(object): @abc.abstractmethod def method(self, a): - pass + """Method with one argument""" @register_interface(SimpleInterface) class NonImplementer(object): def method(self): - pass + """Method with no arguments""" with pytest.raises(InterfaceNotImplemented): verify_interface(SimpleInterface, NonImplementer) @@ -57,12 +57,12 @@ class TestVerifyInterface(object): class SimpleInterface(object): @abc.abstractproperty def property(self): - pass + """An abstract property""" @register_interface(SimpleInterface) class NonImplementer(object): @property def property(self): - pass + """A concrete property""" verify_interface(SimpleInterface, NonImplementer) -- cgit v1.2.3 From d918580097506197e0aadaa60c4681536b5f4adf Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 22 Oct 2014 10:12:07 -0700 Subject: Statically verify interface implementations, and fix all the resulting bugs --- .../hazmat/backends/commoncrypto/hashes.py | 4 ++- cryptography/hazmat/backends/commoncrypto/hmac.py | 4 ++- cryptography/hazmat/backends/multibackend.py | 16 ++++++------ cryptography/hazmat/backends/openssl/cmac.py | 15 +++++++++-- cryptography/hazmat/backends/openssl/dsa.py | 8 +++--- cryptography/hazmat/backends/openssl/hashes.py | 4 ++- cryptography/hazmat/backends/openssl/hmac.py | 4 ++- cryptography/hazmat/primitives/ciphers/modes.py | 29 ++++++++++++++-------- cryptography/hazmat/primitives/cmac.py | 10 +++----- cryptography/hazmat/primitives/hashes.py | 4 ++- cryptography/hazmat/primitives/hmac.py | 12 +++++---- cryptography/utils.py | 1 + tests/hazmat/backends/test_commoncrypto.py | 1 + tests/hazmat/backends/test_openssl.py | 3 +++ tests/hazmat/primitives/test_block.py | 1 + tests/hazmat/primitives/test_ec.py | 11 +++++++- tests/hazmat/primitives/test_hashes.py | 2 ++ tests/hazmat/primitives/test_hmac.py | 4 ++- tests/hazmat/primitives/test_pbkdf2hmac.py | 2 ++ 19 files changed, 92 insertions(+), 43 deletions(-) diff --git a/cryptography/hazmat/backends/commoncrypto/hashes.py b/cryptography/hazmat/backends/commoncrypto/hashes.py index ebad7201..217f4e8c 100644 --- a/cryptography/hazmat/backends/commoncrypto/hashes.py +++ b/cryptography/hazmat/backends/commoncrypto/hashes.py @@ -21,7 +21,7 @@ from cryptography.hazmat.primitives import interfaces @utils.register_interface(interfaces.HashContext) class _HashContext(object): def __init__(self, backend, algorithm, ctx=None): - self.algorithm = algorithm + self._algorithm = algorithm self._backend = backend if ctx is None: @@ -39,6 +39,8 @@ class _HashContext(object): self._ctx = ctx + algorithm = utils.read_only_property("_algorithm") + def copy(self): methods = self._backend._hash_mapping[self.algorithm.name] new_ctx = self._backend._ffi.new(methods.ctx) diff --git a/cryptography/hazmat/backends/commoncrypto/hmac.py b/cryptography/hazmat/backends/commoncrypto/hmac.py index ec3a878b..404aac68 100644 --- a/cryptography/hazmat/backends/commoncrypto/hmac.py +++ b/cryptography/hazmat/backends/commoncrypto/hmac.py @@ -21,7 +21,7 @@ from cryptography.hazmat.primitives import interfaces @utils.register_interface(interfaces.HashContext) class _HMACContext(object): def __init__(self, backend, key, algorithm, ctx=None): - self.algorithm = algorithm + self._algorithm = algorithm self._backend = backend if ctx is None: ctx = self._backend._ffi.new("CCHmacContext *") @@ -39,6 +39,8 @@ class _HMACContext(object): self._ctx = ctx self._key = key + algorithm = utils.read_only_property("_algorithm") + def copy(self): copied_ctx = self._backend._ffi.new("CCHmacContext *") # CommonCrypto has no APIs for copying HMACs, so we have to copy the diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py index e873f504..c62b790c 100644 --- a/cryptography/hazmat/backends/multibackend.py +++ b/cryptography/hazmat/backends/multibackend.py @@ -47,33 +47,33 @@ class MultiBackend(object): if isinstance(b, interface): yield b - def cipher_supported(self, algorithm, mode): + def cipher_supported(self, cipher, mode): return any( - b.cipher_supported(algorithm, mode) + b.cipher_supported(cipher, mode) for b in self._filtered_backends(CipherBackend) ) - def create_symmetric_encryption_ctx(self, algorithm, mode): + def create_symmetric_encryption_ctx(self, cipher, mode): for b in self._filtered_backends(CipherBackend): try: - return b.create_symmetric_encryption_ctx(algorithm, mode) + return b.create_symmetric_encryption_ctx(cipher, mode) except UnsupportedAlgorithm: pass raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported by this backend.".format( - algorithm.name, mode.name if mode else mode), + cipher.name, mode.name if mode else mode), _Reasons.UNSUPPORTED_CIPHER ) - def create_symmetric_decryption_ctx(self, algorithm, mode): + def create_symmetric_decryption_ctx(self, cipher, mode): for b in self._filtered_backends(CipherBackend): try: - return b.create_symmetric_decryption_ctx(algorithm, mode) + return b.create_symmetric_decryption_ctx(cipher, mode) except UnsupportedAlgorithm: pass raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported by this backend.".format( - algorithm.name, mode.name if mode else mode), + cipher.name, mode.name if mode else mode), _Reasons.UNSUPPORTED_CIPHER ) diff --git a/cryptography/hazmat/backends/openssl/cmac.py b/cryptography/hazmat/backends/openssl/cmac.py index da7b7484..113188ca 100644 --- a/cryptography/hazmat/backends/openssl/cmac.py +++ b/cryptography/hazmat/backends/openssl/cmac.py @@ -15,8 +15,10 @@ from __future__ import absolute_import, division, print_function from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm, _Reasons -from cryptography.hazmat.primitives import interfaces +from cryptography.exceptions import ( + InvalidSignature, UnsupportedAlgorithm, _Reasons +) +from cryptography.hazmat.primitives import constant_time, interfaces from cryptography.hazmat.primitives.ciphers.modes import CBC @@ -50,6 +52,8 @@ class _CMACContext(object): self._ctx = ctx + algorithm = utils.read_only_property("_algorithm") + def update(self, data): res = self._backend._lib.CMAC_Update(self._ctx, data, len(data)) assert res == 1 @@ -78,3 +82,10 @@ class _CMACContext(object): return _CMACContext( self._backend, self._algorithm, ctx=copied_ctx ) + + def verify(self, signature): + if not isinstance(signature, bytes): + raise TypeError("signature must be bytes.") + digest = self.finalize() + if not constant_time.bytes_eq(digest, signature): + raise InvalidSignature("Signature did not match digest.") diff --git a/cryptography/hazmat/backends/openssl/dsa.py b/cryptography/hazmat/backends/openssl/dsa.py index 2298e7d9..8652d50b 100644 --- a/cryptography/hazmat/backends/openssl/dsa.py +++ b/cryptography/hazmat/backends/openssl/dsa.py @@ -131,8 +131,8 @@ class _DSAPrivateKey(object): key_size = utils.read_only_property("_key_size") - def signer(self, algorithm): - return _DSASignatureContext(self._backend, self, algorithm) + def signer(self, signature_algorithm): + return _DSASignatureContext(self._backend, self, signature_algorithm) def private_numbers(self): return dsa.DSAPrivateNumbers( @@ -180,9 +180,9 @@ class _DSAPublicKey(object): key_size = utils.read_only_property("_key_size") - def verifier(self, signature, algorithm): + def verifier(self, signature, signature_algorithm): return _DSAVerificationContext( - self._backend, self, signature, algorithm + self._backend, self, signature, signature_algorithm ) def public_numbers(self): diff --git a/cryptography/hazmat/backends/openssl/hashes.py b/cryptography/hazmat/backends/openssl/hashes.py index da91eef6..591c014a 100644 --- a/cryptography/hazmat/backends/openssl/hashes.py +++ b/cryptography/hazmat/backends/openssl/hashes.py @@ -22,7 +22,7 @@ from cryptography.hazmat.primitives import interfaces @utils.register_interface(interfaces.HashContext) class _HashContext(object): def __init__(self, backend, algorithm, ctx=None): - self.algorithm = algorithm + self._algorithm = algorithm self._backend = backend @@ -44,6 +44,8 @@ class _HashContext(object): self._ctx = ctx + algorithm = utils.read_only_property("_algorithm") + def copy(self): copied_ctx = self._backend._lib.EVP_MD_CTX_create() copied_ctx = self._backend._ffi.gc( diff --git a/cryptography/hazmat/backends/openssl/hmac.py b/cryptography/hazmat/backends/openssl/hmac.py index 3f1576f5..f22b086f 100644 --- a/cryptography/hazmat/backends/openssl/hmac.py +++ b/cryptography/hazmat/backends/openssl/hmac.py @@ -22,7 +22,7 @@ from cryptography.hazmat.primitives import interfaces @utils.register_interface(interfaces.HashContext) class _HMACContext(object): def __init__(self, backend, key, algorithm, ctx=None): - self.algorithm = algorithm + self._algorithm = algorithm self._backend = backend if ctx is None: @@ -47,6 +47,8 @@ class _HMACContext(object): self._ctx = ctx self._key = key + algorithm = utils.read_only_property("_algorithm") + def copy(self): copied_ctx = self._backend._ffi.new("HMAC_CTX *") self._backend._lib.HMAC_CTX_init(copied_ctx) diff --git a/cryptography/hazmat/primitives/ciphers/modes.py b/cryptography/hazmat/primitives/ciphers/modes.py index 509b4de2..d995b876 100644 --- a/cryptography/hazmat/primitives/ciphers/modes.py +++ b/cryptography/hazmat/primitives/ciphers/modes.py @@ -17,10 +17,10 @@ from cryptography import utils from cryptography.hazmat.primitives import interfaces -def _check_iv_length(mode, algorithm): - if len(mode.initialization_vector) * 8 != algorithm.block_size: +def _check_iv_length(self, algorithm): + if len(self.initialization_vector) * 8 != algorithm.block_size: raise ValueError("Invalid IV size ({0}) for {1}.".format( - len(mode.initialization_vector), mode.name + len(self.initialization_vector), self.name )) @@ -30,8 +30,9 @@ class CBC(object): name = "CBC" def __init__(self, initialization_vector): - self.initialization_vector = initialization_vector + self._initialization_vector = initialization_vector + initialization_vector = utils.read_only_property("_initialization_vector") validate_for_algorithm = _check_iv_length @@ -49,8 +50,9 @@ class OFB(object): name = "OFB" def __init__(self, initialization_vector): - self.initialization_vector = initialization_vector + self._initialization_vector = initialization_vector + initialization_vector = utils.read_only_property("_initialization_vector") validate_for_algorithm = _check_iv_length @@ -60,8 +62,9 @@ class CFB(object): name = "CFB" def __init__(self, initialization_vector): - self.initialization_vector = initialization_vector + self._initialization_vector = initialization_vector + initialization_vector = utils.read_only_property("_initialization_vector") validate_for_algorithm = _check_iv_length @@ -71,8 +74,9 @@ class CFB8(object): name = "CFB8" def __init__(self, initialization_vector): - self.initialization_vector = initialization_vector + self._initialization_vector = initialization_vector + initialization_vector = utils.read_only_property("_initialization_vector") validate_for_algorithm = _check_iv_length @@ -82,7 +86,9 @@ class CTR(object): name = "CTR" def __init__(self, nonce): - self.nonce = nonce + self._nonce = nonce + + nonce = utils.read_only_property("_nonce") def validate_for_algorithm(self, algorithm): if len(self.nonce) * 8 != algorithm.block_size: @@ -109,8 +115,11 @@ class GCM(object): min_tag_length) ) - self.initialization_vector = initialization_vector - self.tag = tag + self._initialization_vector = initialization_vector + self._tag = tag + + tag = utils.read_only_property("_tag") + initialization_vector = utils.read_only_property("_initialization_vector") def validate_for_algorithm(self, algorithm): pass diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py index 7ae5c118..a70a9a42 100644 --- a/cryptography/hazmat/primitives/cmac.py +++ b/cryptography/hazmat/primitives/cmac.py @@ -15,10 +15,10 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons + AlreadyFinalized, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import CMACBackend -from cryptography.hazmat.primitives import constant_time, interfaces +from cryptography.hazmat.primitives import interfaces @utils.register_interface(interfaces.MACContext) @@ -57,11 +57,7 @@ class CMAC(object): return digest def verify(self, signature): - if not isinstance(signature, bytes): - raise TypeError("signature must be bytes.") - digest = self.finalize() - if not constant_time.bytes_eq(digest, signature): - raise InvalidSignature("Signature did not match digest.") + self._ctx.verify(signature) def copy(self): if self._ctx is None: diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py index 04f7620a..8c2284e3 100644 --- a/cryptography/hazmat/primitives/hashes.py +++ b/cryptography/hazmat/primitives/hashes.py @@ -32,7 +32,7 @@ class Hash(object): if not isinstance(algorithm, interfaces.HashAlgorithm): raise TypeError("Expected instance of interfaces.HashAlgorithm.") - self.algorithm = algorithm + self._algorithm = algorithm self._backend = backend @@ -41,6 +41,8 @@ class Hash(object): else: self._ctx = ctx + algorithm = utils.read_only_property("_algorithm") + def update(self, data): if self._ctx is None: raise AlreadyFinalized("Context was already finalized.") diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 23292432..22a31391 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -33,7 +33,7 @@ class HMAC(object): if not isinstance(algorithm, interfaces.HashAlgorithm): raise TypeError("Expected instance of interfaces.HashAlgorithm.") - self.algorithm = algorithm + self._algorithm = algorithm self._backend = backend self._key = key @@ -42,12 +42,14 @@ class HMAC(object): else: self._ctx = ctx - def update(self, msg): + algorithm = utils.read_only_property("_algorithm") + + def update(self, data): if self._ctx is None: raise AlreadyFinalized("Context was already finalized.") - if not isinstance(msg, bytes): - raise TypeError("msg must be bytes.") - self._ctx.update(msg) + if not isinstance(data, bytes): + raise TypeError("data must be bytes.") + self._ctx.update(data) def copy(self): if self._ctx is None: diff --git a/cryptography/utils.py b/cryptography/utils.py index 8fbcabc5..03c8c0e8 100644 --- a/cryptography/utils.py +++ b/cryptography/utils.py @@ -23,6 +23,7 @@ DeprecatedIn06 = DeprecationWarning def register_interface(iface): def register_decorator(klass): + verify_interface(iface, klass) iface.register(klass) return klass return register_decorator diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py index 28d1a6ca..b79c02e0 100644 --- a/tests/hazmat/backends/test_commoncrypto.py +++ b/tests/hazmat/backends/test_commoncrypto.py @@ -30,6 +30,7 @@ from ...utils import raises_unsupported_algorithm class DummyCipher(object): name = "dummy-cipher" block_size = 128 + key_size = 128 @pytest.mark.skipif("commoncrypto" not in diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 3bea413a..83494d0d 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -51,6 +51,7 @@ class DummyMode(object): @utils.register_interface(interfaces.CipherAlgorithm) class DummyCipher(object): name = "dummy-cipher" + key_size = 128 @utils.register_interface(interfaces.AsymmetricPadding) @@ -61,6 +62,8 @@ class DummyPadding(object): @utils.register_interface(interfaces.HashAlgorithm) class DummyHash(object): name = "dummy-hash" + block_size = 128 + digest_size = 128 class DummyMGF(object): diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index 022e3af7..0b90dd90 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -43,6 +43,7 @@ class DummyMode(object): @utils.register_interface(interfaces.CipherAlgorithm) class DummyCipher(object): name = "dummy-cipher" + key_size = 128 @pytest.mark.cipher diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index 1b3bb9b3..9ed762cb 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -68,11 +68,20 @@ class DummyCurve(object): @utils.register_interface(interfaces.EllipticCurveSignatureAlgorithm) class DummySignatureAlgorithm(object): - pass + algorithm = None @utils.register_interface(EllipticCurveBackend) class DeprecatedDummyECBackend(object): + def _unimplemented(self): + raise NotImplementedError + + elliptic_curve_signature_algorithm_supported = _unimplemented + load_elliptic_curve_private_numbers = _unimplemented + load_elliptic_curve_public_numbers = _unimplemented + elliptic_curve_supported = _unimplemented + generate_elliptic_curve_private_key = _unimplemented + def elliptic_curve_private_key_from_numbers(self, numbers): return b"private_key" diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index ffd65bde..2bf1f8ef 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -33,6 +33,8 @@ from ...utils import raises_unsupported_algorithm @utils.register_interface(interfaces.HashAlgorithm) class UnsupportedDummyHash(object): name = "unsupported-dummy-hash" + block_size = 128 + digest_size = 128 @pytest.mark.hash diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 77dfb6be..21be73a3 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -32,7 +32,9 @@ from ...utils import raises_unsupported_algorithm @utils.register_interface(interfaces.HashAlgorithm) class UnsupportedDummyHash(object): - name = "unsupported-dummy-hash" + name = "unsupported-dummy-hash" + block_size = 128 + digest_size = 128 @pytest.mark.supported( diff --git a/tests/hazmat/primitives/test_pbkdf2hmac.py b/tests/hazmat/primitives/test_pbkdf2hmac.py index e928fc6a..fa925877 100644 --- a/tests/hazmat/primitives/test_pbkdf2hmac.py +++ b/tests/hazmat/primitives/test_pbkdf2hmac.py @@ -31,6 +31,8 @@ from ...utils import raises_unsupported_algorithm @utils.register_interface(interfaces.HashAlgorithm) class DummyHash(object): name = "dummy-hash" + block_size = 128 + digest_size = 128 class TestPBKDF2HMAC(object): -- cgit v1.2.3 From 0ea233631ad2ed7e1abf372dfc1850a04eb7343d Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 22 Oct 2014 16:06:18 -0700 Subject: fixed some naming in the tests --- tests/hazmat/backends/test_multibackend.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index c50b6cf6..39c03146 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -38,15 +38,15 @@ class DummyCipherBackend(object): def __init__(self, supported_ciphers): self._ciphers = supported_ciphers - def cipher_supported(self, algorithm, mode): - return (type(algorithm), type(mode)) in self._ciphers + def cipher_supported(self, cipher, mode): + return (type(cipher), type(mode)) in self._ciphers - def create_symmetric_encryption_ctx(self, algorithm, mode): - if not self.cipher_supported(algorithm, mode): + def create_symmetric_encryption_ctx(self, cipher, mode): + if not self.cipher_supported(cipher, mode): raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_CIPHER) - def create_symmetric_decryption_ctx(self, algorithm, mode): - if not self.cipher_supported(algorithm, mode): + def create_symmetric_decryption_ctx(self, cipher, mode): + if not self.cipher_supported(cipher, mode): raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_CIPHER) @@ -92,7 +92,7 @@ class DummyPBKDF2HMACBackend(object): @utils.register_interface(RSABackend) class DummyRSABackend(object): - def generate_rsa_private_key(self, public_exponent, private_key): + def generate_rsa_private_key(self, public_exponent, key_size): pass def rsa_padding_supported(self, padding): -- cgit v1.2.3 From d55fa5b92e92675ef160c26126feb01751d91fb0 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 25 Oct 2014 17:59:56 -0700 Subject: make things happy --- cryptography/hazmat/backends/commoncrypto/hmac.py | 13 +++++++++++-- cryptography/hazmat/backends/openssl/hmac.py | 13 +++++++++++-- cryptography/hazmat/primitives/hmac.py | 10 +++------- tests/hazmat/primitives/test_ec.py | 10 ---------- 4 files changed, 25 insertions(+), 21 deletions(-) diff --git a/cryptography/hazmat/backends/commoncrypto/hmac.py b/cryptography/hazmat/backends/commoncrypto/hmac.py index c2b6c379..b4c7cc3c 100644 --- a/cryptography/hazmat/backends/commoncrypto/hmac.py +++ b/cryptography/hazmat/backends/commoncrypto/hmac.py @@ -14,8 +14,10 @@ from __future__ import absolute_import, division, print_function from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm, _Reasons -from cryptography.hazmat.primitives import interfaces +from cryptography.exceptions import ( + InvalidSignature, UnsupportedAlgorithm, _Reasons +) +from cryptography.hazmat.primitives import constant_time, interfaces @utils.register_interface(interfaces.MACContext) @@ -59,3 +61,10 @@ class _HMACContext(object): self.algorithm.digest_size) self._backend._lib.CCHmacFinal(self._ctx, buf) return self._backend._ffi.buffer(buf)[:] + + def verify(self, signature): + if not isinstance(signature, bytes): + raise TypeError("signature must be bytes.") + digest = self.finalize() + if not constant_time.bytes_eq(digest, signature): + raise InvalidSignature("Signature did not match digest.") diff --git a/cryptography/hazmat/backends/openssl/hmac.py b/cryptography/hazmat/backends/openssl/hmac.py index d5300ea0..07babbf9 100644 --- a/cryptography/hazmat/backends/openssl/hmac.py +++ b/cryptography/hazmat/backends/openssl/hmac.py @@ -15,8 +15,10 @@ from __future__ import absolute_import, division, print_function from cryptography import utils -from cryptography.exceptions import UnsupportedAlgorithm, _Reasons -from cryptography.hazmat.primitives import interfaces +from cryptography.exceptions import ( + InvalidSignature, UnsupportedAlgorithm, _Reasons +) +from cryptography.hazmat.primitives import constant_time, interfaces @utils.register_interface(interfaces.MACContext) @@ -81,3 +83,10 @@ class _HMACContext(object): assert outlen[0] == self.algorithm.digest_size self._backend._lib.HMAC_CTX_cleanup(self._ctx) return self._backend._ffi.buffer(buf)[:outlen[0]] + + def verify(self, signature): + if not isinstance(signature, bytes): + raise TypeError("signature must be bytes.") + digest = self.finalize() + if not constant_time.bytes_eq(digest, signature): + raise InvalidSignature("Signature did not match digest.") diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 22a31391..4ef2c301 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -15,10 +15,10 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons + AlreadyFinalized, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import HMACBackend -from cryptography.hazmat.primitives import constant_time, interfaces +from cryptography.hazmat.primitives import interfaces @utils.register_interface(interfaces.MACContext) @@ -69,8 +69,4 @@ class HMAC(object): return digest def verify(self, signature): - if not isinstance(signature, bytes): - raise TypeError("signature must be bytes.") - digest = self.finalize() - if not constant_time.bytes_eq(digest, signature): - raise InvalidSignature("Signature did not match digest.") + return self._ctx.verify(signature) diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index 683df046..6aea58a5 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -71,17 +71,7 @@ class DummySignatureAlgorithm(object): algorithm = None -@utils.register_interface(EllipticCurveBackend) class DeprecatedDummyECBackend(object): - def _unimplemented(self): - raise NotImplementedError - - elliptic_curve_signature_algorithm_supported = _unimplemented - load_elliptic_curve_private_numbers = _unimplemented - load_elliptic_curve_public_numbers = _unimplemented - elliptic_curve_supported = _unimplemented - generate_elliptic_curve_private_key = _unimplemented - def elliptic_curve_private_key_from_numbers(self, numbers): return b"private_key" -- cgit v1.2.3 From 71725db962e6498d63751db3d8048fa56bcb1252 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 25 Oct 2014 18:10:15 -0700 Subject: make this test happy --- tests/hazmat/primitives/test_hashes.py | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index 79fc25c3..bab5bfca 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -23,6 +23,7 @@ from cryptography import utils from cryptography.exceptions import ( AlreadyFinalized, _Reasons ) +from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends.interfaces import HashBackend from cryptography.hazmat.primitives import hashes, interfaces @@ -45,16 +46,11 @@ class TestHashContext(object): m.update(six.u("\u00FC")) def test_copy_backend_object(self): - @utils.register_interface(HashBackend) - class PretendBackend(object): - pass - - pretend_backend = PretendBackend() + backend = default_backend() copied_ctx = pretend.stub() pretend_ctx = pretend.stub(copy=lambda: copied_ctx) - h = hashes.Hash(hashes.SHA1(), backend=pretend_backend, - ctx=pretend_ctx) - assert h._backend is pretend_backend + h = hashes.Hash(hashes.SHA1(), backend=backend, ctx=pretend_ctx) + assert h._backend is backend assert h.copy()._backend is h._backend def test_hash_algorithm_instance(self, backend): -- cgit v1.2.3 From 198bb65302f710957a5f67d53389277c5ab0a58c Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 25 Oct 2014 18:11:46 -0700 Subject: satisfy the cmac tests as well --- tests/hazmat/primitives/test_cmac.py | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/tests/hazmat/primitives/test_cmac.py b/tests/hazmat/primitives/test_cmac.py index 49e2043e..d9619daa 100644 --- a/tests/hazmat/primitives/test_cmac.py +++ b/tests/hazmat/primitives/test_cmac.py @@ -21,10 +21,10 @@ import pytest import six -from cryptography import utils from cryptography.exceptions import ( AlreadyFinalized, InvalidSignature, _Reasons ) +from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends.interfaces import CMACBackend from cryptography.hazmat.primitives.ciphers.algorithms import ( AES, ARC4, TripleDES @@ -195,18 +195,14 @@ class TestCMAC(object): def test_copy(): - @utils.register_interface(CMACBackend) - class PretendBackend(object): - pass - - pretend_backend = PretendBackend() + backend = default_backend() copied_ctx = pretend.stub() pretend_ctx = pretend.stub(copy=lambda: copied_ctx) key = b"2b7e151628aed2a6abf7158809cf4f3c" - cmac = CMAC(AES(key), backend=pretend_backend, ctx=pretend_ctx) + cmac = CMAC(AES(key), backend=backend, ctx=pretend_ctx) - assert cmac._backend is pretend_backend - assert cmac.copy()._backend is pretend_backend + assert cmac._backend is backend + assert cmac.copy()._backend is backend def test_invalid_backend(): -- cgit v1.2.3 From c63c31e1138e8f0900dd7c5d38320e31532c99b5 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 28 Oct 2014 07:50:35 -0700 Subject: many verify, for now --- cryptography/hazmat/primitives/cmac.py | 10 +++++++--- cryptography/hazmat/primitives/hmac.py | 10 +++++++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py index a70a9a42..7ae5c118 100644 --- a/cryptography/hazmat/primitives/cmac.py +++ b/cryptography/hazmat/primitives/cmac.py @@ -15,10 +15,10 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, UnsupportedAlgorithm, _Reasons + AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import CMACBackend -from cryptography.hazmat.primitives import interfaces +from cryptography.hazmat.primitives import constant_time, interfaces @utils.register_interface(interfaces.MACContext) @@ -57,7 +57,11 @@ class CMAC(object): return digest def verify(self, signature): - self._ctx.verify(signature) + if not isinstance(signature, bytes): + raise TypeError("signature must be bytes.") + digest = self.finalize() + if not constant_time.bytes_eq(digest, signature): + raise InvalidSignature("Signature did not match digest.") def copy(self): if self._ctx is None: diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 4ef2c301..22a31391 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -15,10 +15,10 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, UnsupportedAlgorithm, _Reasons + AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import HMACBackend -from cryptography.hazmat.primitives import interfaces +from cryptography.hazmat.primitives import constant_time, interfaces @utils.register_interface(interfaces.MACContext) @@ -69,4 +69,8 @@ class HMAC(object): return digest def verify(self, signature): - return self._ctx.verify(signature) + if not isinstance(signature, bytes): + raise TypeError("signature must be bytes.") + digest = self.finalize() + if not constant_time.bytes_eq(digest, signature): + raise InvalidSignature("Signature did not match digest.") -- cgit v1.2.3 From 4583ffda28b816359f4351cfe7918b2353cf947e Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 28 Oct 2014 08:30:16 -0700 Subject: sanitize the tests --- tests/hazmat/primitives/test_cmac.py | 6 +++--- tests/hazmat/primitives/test_hashes.py | 8 +++----- tests/hazmat/primitives/test_hmac.py | 14 +++++--------- 3 files changed, 11 insertions(+), 17 deletions(-) diff --git a/tests/hazmat/primitives/test_cmac.py b/tests/hazmat/primitives/test_cmac.py index d9619daa..c778ebee 100644 --- a/tests/hazmat/primitives/test_cmac.py +++ b/tests/hazmat/primitives/test_cmac.py @@ -24,14 +24,14 @@ import six from cryptography.exceptions import ( AlreadyFinalized, InvalidSignature, _Reasons ) -from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends.interfaces import CMACBackend from cryptography.hazmat.primitives.ciphers.algorithms import ( AES, ARC4, TripleDES ) from cryptography.hazmat.primitives.cmac import CMAC -from tests.utils import ( +from ..backends.test_multibackend import DummyCMACBackend +from ...utils import ( load_nist_vectors, load_vectors_from_file, raises_unsupported_algorithm ) @@ -195,7 +195,7 @@ class TestCMAC(object): def test_copy(): - backend = default_backend() + backend = DummyCMACBackend([AES]) copied_ctx = pretend.stub() pretend_ctx = pretend.stub(copy=lambda: copied_ctx) key = b"2b7e151628aed2a6abf7158809cf4f3c" diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index 4345a7f4..053a1a46 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -20,14 +20,12 @@ import pytest import six from cryptography import utils -from cryptography.exceptions import ( - AlreadyFinalized, _Reasons -) -from cryptography.hazmat.backends import default_backend +from cryptography.exceptions import AlreadyFinalized, _Reasons from cryptography.hazmat.backends.interfaces import HashBackend from cryptography.hazmat.primitives import hashes, interfaces from .utils import generate_base_hash_test +from ..backends.test_multibackend import DummyHashBackend from ...utils import raises_unsupported_algorithm @@ -46,7 +44,7 @@ class TestHashContext(object): m.update(six.u("\u00FC")) def test_copy_backend_object(self): - backend = default_backend() + backend = DummyHashBackend([hashes.SHA1]) copied_ctx = pretend.stub() pretend_ctx = pretend.stub(copy=lambda: copied_ctx) h = hashes.Hash(hashes.SHA1(), backend=backend, ctx=pretend_ctx) diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 3553632c..497b37e1 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -27,6 +27,7 @@ from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import hashes, hmac, interfaces from .utils import generate_base_hmac_test +from ..backends.test_multibackend import DummyHMACBackend from ...utils import raises_unsupported_algorithm @@ -56,17 +57,12 @@ class TestHMAC(object): h.update(six.u("\u00FC")) def test_copy_backend_object(self): - @utils.register_interface(HMACBackend) - class PretendBackend(object): - pass - - pretend_backend = PretendBackend() + backend = DummyHMACBackend([hashes.SHA1]) copied_ctx = pretend.stub() pretend_ctx = pretend.stub(copy=lambda: copied_ctx) - h = hmac.HMAC(b"key", hashes.SHA1(), backend=pretend_backend, - ctx=pretend_ctx) - assert h._backend is pretend_backend - assert h.copy()._backend is pretend_backend + h = hmac.HMAC(b"key", hashes.SHA1(), backend=backend, ctx=pretend_ctx) + assert h._backend is backend + assert h.copy()._backend is backend def test_hmac_algorithm_instance(self, backend): with pytest.raises(TypeError): -- cgit v1.2.3 From be2eec7aabde5f9877ffbbcce96c10eab454ac38 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 28 Oct 2014 08:32:26 -0700 Subject: Fix tests --- tests/test_interfaces.py | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/tests/test_interfaces.py b/tests/test_interfaces.py index 0c72ad33..b988abee 100644 --- a/tests/test_interfaces.py +++ b/tests/test_interfaces.py @@ -17,9 +17,7 @@ import pytest import six -from cryptography.utils import ( - InterfaceNotImplemented, register_interface, verify_interface -) +from cryptography.utils import InterfaceNotImplemented, verify_interface class TestVerifyInterface(object): @@ -30,7 +28,6 @@ class TestVerifyInterface(object): def method(self): """A simple method""" - @register_interface(SimpleInterface) class NonImplementer(object): pass @@ -44,7 +41,6 @@ class TestVerifyInterface(object): def method(self, a): """Method with one argument""" - @register_interface(SimpleInterface) class NonImplementer(object): def method(self): """Method with no arguments""" @@ -59,7 +55,6 @@ class TestVerifyInterface(object): def property(self): """An abstract property""" - @register_interface(SimpleInterface) class NonImplementer(object): @property def property(self): -- cgit v1.2.3 From e49fafbb8a63e946d3dbff359e284ca05a74589e Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 28 Oct 2014 09:13:00 -0700 Subject: fix --- tests/hazmat/backends/test_commoncrypto.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py index 6bb0ede0..eb61a574 100644 --- a/tests/hazmat/backends/test_commoncrypto.py +++ b/tests/hazmat/backends/test_commoncrypto.py @@ -29,8 +29,8 @@ from ...utils import raises_unsupported_algorithm @utils.register_interface(interfaces.CipherAlgorithm) class DummyCipher(object): name = "dummy-cipher" - block_size = 128 - digest_size = None + block_size = None + key_size = None @pytest.mark.skipif("commoncrypto" not in -- cgit v1.2.3 From eeb14fd91c117acb8138ce4e29323da367d8e2ef Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 28 Oct 2014 09:32:15 -0700 Subject: fix --- tests/hazmat/backends/test_openssl.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index ebd8686c..bc6a2bac 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -439,8 +439,7 @@ class TestOpenSSLCMAC(object): def test_unsupported_cipher(self): @utils.register_interface(BlockCipherAlgorithm) class FakeAlgorithm(object): - def __init__(self): - self.block_size = 64 + block_size = 64 with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): backend.create_cmac_ctx(FakeAlgorithm()) -- cgit v1.2.3 From 9172ea9d34cc3f2b162f56a143f1398fbba2dd20 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 30 Oct 2014 11:03:20 -0700 Subject: Remove duplicate code, now the verify method isn't special --- cryptography/hazmat/backends/commoncrypto/hmac.py | 2 -- cryptography/hazmat/backends/openssl/cmac.py | 2 -- cryptography/hazmat/backends/openssl/hmac.py | 2 -- cryptography/hazmat/primitives/cmac.py | 8 +++++--- cryptography/hazmat/primitives/hmac.py | 12 +++++++----- 5 files changed, 12 insertions(+), 14 deletions(-) diff --git a/cryptography/hazmat/backends/commoncrypto/hmac.py b/cryptography/hazmat/backends/commoncrypto/hmac.py index b4c7cc3c..ee7e3abb 100644 --- a/cryptography/hazmat/backends/commoncrypto/hmac.py +++ b/cryptography/hazmat/backends/commoncrypto/hmac.py @@ -63,8 +63,6 @@ class _HMACContext(object): return self._backend._ffi.buffer(buf)[:] def verify(self, signature): - if not isinstance(signature, bytes): - raise TypeError("signature must be bytes.") digest = self.finalize() if not constant_time.bytes_eq(digest, signature): raise InvalidSignature("Signature did not match digest.") diff --git a/cryptography/hazmat/backends/openssl/cmac.py b/cryptography/hazmat/backends/openssl/cmac.py index 113188ca..1ad6055b 100644 --- a/cryptography/hazmat/backends/openssl/cmac.py +++ b/cryptography/hazmat/backends/openssl/cmac.py @@ -84,8 +84,6 @@ class _CMACContext(object): ) def verify(self, signature): - if not isinstance(signature, bytes): - raise TypeError("signature must be bytes.") digest = self.finalize() if not constant_time.bytes_eq(digest, signature): raise InvalidSignature("Signature did not match digest.") diff --git a/cryptography/hazmat/backends/openssl/hmac.py b/cryptography/hazmat/backends/openssl/hmac.py index 07babbf9..c324bd8c 100644 --- a/cryptography/hazmat/backends/openssl/hmac.py +++ b/cryptography/hazmat/backends/openssl/hmac.py @@ -85,8 +85,6 @@ class _HMACContext(object): return self._backend._ffi.buffer(buf)[:outlen[0]] def verify(self, signature): - if not isinstance(signature, bytes): - raise TypeError("signature must be bytes.") digest = self.finalize() if not constant_time.bytes_eq(digest, signature): raise InvalidSignature("Signature did not match digest.") diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py index 7ae5c118..d5e26a57 100644 --- a/cryptography/hazmat/primitives/cmac.py +++ b/cryptography/hazmat/primitives/cmac.py @@ -59,9 +59,11 @@ class CMAC(object): def verify(self, signature): if not isinstance(signature, bytes): raise TypeError("signature must be bytes.") - digest = self.finalize() - if not constant_time.bytes_eq(digest, signature): - raise InvalidSignature("Signature did not match digest.") + if self._ctx is None: + raise AlreadyFinalized("Context was already finalized.") + + ctx, self._ctx = self._ctx, None + ctx.verify(signature) def copy(self): if self._ctx is None: diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 22a31391..47a048ff 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -15,10 +15,10 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons + AlreadyFinalized, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import HMACBackend -from cryptography.hazmat.primitives import constant_time, interfaces +from cryptography.hazmat.primitives import interfaces @utils.register_interface(interfaces.MACContext) @@ -71,6 +71,8 @@ class HMAC(object): def verify(self, signature): if not isinstance(signature, bytes): raise TypeError("signature must be bytes.") - digest = self.finalize() - if not constant_time.bytes_eq(digest, signature): - raise InvalidSignature("Signature did not match digest.") + if self._ctx is None: + raise AlreadyFinalized("Context was already finalized.") + + ctx, self._ctx = self._ctx, None + ctx.verify(signature) -- cgit v1.2.3 From c7c37b5670edf89b2ddcf914cf533d3f7476cb80 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 30 Oct 2014 14:25:24 -0700 Subject: flake8 fix --- cryptography/hazmat/primitives/cmac.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py index d5e26a57..6f722031 100644 --- a/cryptography/hazmat/primitives/cmac.py +++ b/cryptography/hazmat/primitives/cmac.py @@ -15,10 +15,10 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import ( - AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons + AlreadyFinalized, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.interfaces import CMACBackend -from cryptography.hazmat.primitives import constant_time, interfaces +from cryptography.hazmat.primitives import interfaces @utils.register_interface(interfaces.MACContext) -- cgit v1.2.3