diff options
| -rw-r--r-- | cryptography/hazmat/primitives/hashes.py | 10 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/hmac.py | 6 | ||||
| -rw-r--r-- | docs/exceptions.rst | 6 | ||||
| -rw-r--r-- | docs/hazmat/primitives/cryptographic-hashes.rst | 7 | ||||
| -rw-r--r-- | docs/hazmat/primitives/hmac.rst | 7 |
5 files changed, 22 insertions, 14 deletions
diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py index b3c626d4..c71377d7 100644 --- a/cryptography/hazmat/primitives/hashes.py +++ b/cryptography/hazmat/primitives/hashes.py @@ -55,12 +55,12 @@ class Hash(object): self._ctx = None return digest - def verify(self, sig): - if isinstance(sig, six.text_type): + def verify(self, digest): + if isinstance(digest, six.text_type): raise TypeError("Unicode-objects must be encoded before verifying") - digest = self.finalize() - if not constant_time.bytes_eq(digest, sig): - raise InvalidSignature("Signature did not match digest.") + hash_digest = self.finalize() + if not constant_time.bytes_eq(digest, hash_digest): + raise InvalidSignature("Digest did not match hash digest.") @utils.register_interface(interfaces.HashAlgorithm) diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 8ade84aa..76d658aa 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -58,9 +58,9 @@ class HMAC(object): self._ctx = None return digest - def verify(self, sig): - if isinstance(sig, six.text_type): + def verify(self, signature): + if isinstance(signature, six.text_type): raise TypeError("Unicode-objects must be encoded before verifying") digest = self.finalize() - if not constant_time.bytes_eq(digest, sig): + if not constant_time.bytes_eq(digest, signature): raise InvalidSignature("Signature did not match digest.") diff --git a/docs/exceptions.rst b/docs/exceptions.rst index 087066b8..8be2c48c 100644 --- a/docs/exceptions.rst +++ b/docs/exceptions.rst @@ -8,6 +8,12 @@ Exceptions This is raised when a context is used after being finalized. +.. class:: InvalidSignature + + This is raised when the verify function of a hash function does not + compare equal. + + .. class:: NotYetFinalized This is raised when the AEAD tag property is accessed on a context diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index 02c7b5e1..f6a3f7a1 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -67,12 +67,13 @@ Message Digests :return bytes: The message digest as bytes. - .. method:: verify(sig) + .. method:: verify(digest) - Finalize the current context and securely compare digest to sig. + Finalize the current context and securely compare that digest to ``digest``. + :param bytes digest: Received hash digest :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize` - :raises cryptography.exceptions.InvalidSignature: If sig does not match digest + :raises cryptography.exceptions.InvalidSignature: If hash digest does not match digest .. _cryptographic-hash-algorithms: diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst index b556bd6a..0c19f20c 100644 --- a/docs/hazmat/primitives/hmac.rst +++ b/docs/hazmat/primitives/hmac.rst @@ -70,9 +70,10 @@ message. :return bytes: The message digest as bytes. :raises cryptography.exceptions.AlreadyFinalized: - .. method:: verify(sig) + .. method:: verify(signature) - Finalize the current context and securely compare digest to sig. + Finalize the current context and securely compare digest to ``signature``. + :param bytes signature: The bytes of the HMAC signature recieved. :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize` - :raises cryptography.exceptions.InvalidSignature: If sig does not match digest + :raises cryptography.exceptions.InvalidSignature: If signature does not match digest |