diff options
author | Legrandin <helderijs@gmail.com> | 2013-05-14 19:00:43 +0200 |
---|---|---|
committer | Dwayne Litzenberger <dlitz@dlitz.net> | 2013-10-20 13:30:21 -0700 |
commit | 77b0b9123c32b181f7f7a0072b2baa6312620f66 (patch) | |
tree | b808b1809304a161ec73586736146c8dec9027c8 /lib/Crypto/SelfTest | |
parent | 661f2a1f6ed02b5b2f21e340845361e70610ff3f (diff) | |
download | pycrypto-77b0b9123c32b181f7f7a0072b2baa6312620f66.tar.gz |
Add HMAC.verify() and HMAC.hexverify() with constant-time comparison
In the current implementation, it is left up to the caller
to assess if the locally computed MAC matches the MAC associated
to the received message.
However, the most natural way to do that (use == operator)
is also deepy unsecure, see here:
http://seb.dbzteam.org/crypto/python-oauth-timing-hmac.pdf
With this patch, the new HMAC.verify() method accepts
the given MAC and perform the check on behalf of the caller.
The method will use constant-time code (still dependent on the length
of the MAC, but not on the actual content).
[dlitz@dlitz.net: Modified commit message subject line.]
[dlitz@dlitz.net: Whitespace fixed with "git rebase --whitespace=fix"]
Diffstat (limited to 'lib/Crypto/SelfTest')
-rw-r--r-- | lib/Crypto/SelfTest/Hash/common.py | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/lib/Crypto/SelfTest/Hash/common.py b/lib/Crypto/SelfTest/Hash/common.py index 48cebe7..4976690 100644 --- a/lib/Crypto/SelfTest/Hash/common.py +++ b/lib/Crypto/SelfTest/Hash/common.py @@ -43,6 +43,7 @@ if sys.hexversion < 0x02030000: else: dict = dict +from Crypto.Util.strxor import strxor_c class HashDigestSizeSelfTest(unittest.TestCase): @@ -184,9 +185,19 @@ class MACSelfTest(unittest.TestCase): h = self.hashmod.new(key, digestmod=hashmod) h.update(data) - out1 = binascii.b2a_hex(h.digest()) + out1_bin = h.digest() + out1 = binascii.b2a_hex(out1_bin) out2 = h.hexdigest() + # Verify that correct MAC does not raise any exception + h.hexverify(out1) + h.verify(out1_bin) + + # Verify that incorrect MAC does raise ValueError exception + wrong_mac = strxor_c(out1_bin, 255) + self.assertRaises(ValueError, h.verify, wrong_mac) + self.assertRaises(ValueError, h.hexverify, "4556") + h = self.hashmod.new(key, data, hashmod) out3 = h.hexdigest() |