def test_invalid_verify(self, backend):
key = b"2b7e151628aed2a6abf7158809cf4f3c"
cmac = CMAC(AES(key), backend)
cmac.update(b"6bc1bee22e409f96e93d7e117393172a")
with pytest.raises(InvalidSignature):
cmac.verify(b"foobar")
def test_verify_reject_unicode(self, backend):
key = b"2b7e151628aed2a6abf7158809cf4f3c"
cmac = CMAC(AES(key), backend)
with pytest.raises(TypeError):
cmac.update(six.u(''))
with pytest.raises(TypeError):
cmac.verify(six.u(''))
def test_raises_after_finalize(self, backend):
key = b"2b7e151628aed2a6abf7158809cf4f3c"
cmac = CMAC(AES(key), backend)
cmac.finalize()
with pytest.raises(AlreadyFinalized):
cmac.update(b"foo")
with pytest.raises(AlreadyFinalized):
cmac.copy()
with pytest.raises(AlreadyFinalized):
cmac.finalize()
with pytest.raises(AlreadyFinalized):
cmac.verify(b"")
def test_raises_after_finalize(self, backend):
key = b"2b7e151628aed2a6abf7158809cf4f3c"
cmac = CMAC(AES(key), backend)
cmac.finalize()
with pytest.raises(AlreadyFinalized):
cmac.update(b"foo")
with pytest.raises(AlreadyFinalized):
cmac.copy()
with pytest.raises(AlreadyFinalized):
cmac.finalize()
with pytest.raises(AlreadyFinalized):
cmac.verify(b"")
def test_aes_verify(self, backend, params):
key = params["key"]
message = params["message"]
output = params["output"]
cmac = CMAC(AES(binascii.unhexlify(key)), backend)
cmac.update(binascii.unhexlify(message))
assert cmac.verify(binascii.unhexlify(output)) is None
def test_aes_verify(self, backend, params):
key = params["key"]
message = params["message"]
output = params["output"]
cmac = CMAC(AES(binascii.unhexlify(key)), backend)
cmac.update(binascii.unhexlify(message))
assert cmac.verify(binascii.unhexlify(output)) is None
def test_aes_cmac(backend, wycheproof):
key = binascii.unhexlify(wycheproof.testcase["key"])
msg = binascii.unhexlify(wycheproof.testcase["msg"])
tag = binascii.unhexlify(wycheproof.testcase["tag"])
# skip truncated tags, which we don't support in the API
if wycheproof.valid and len(tag) == 16:
ctx = CMAC(AES(key), backend)
ctx.update(msg)
ctx.verify(tag)
elif len(key) not in [16, 24, 32]:
with pytest.raises(ValueError):
CMAC(AES(key), backend)
else:
ctx = CMAC(AES(key), backend)
ctx.update(msg)
with pytest.raises(InvalidSignature):
ctx.verify(tag)
def test_aes_cmac(backend, wycheproof):
key = binascii.unhexlify(wycheproof.testcase["key"])
msg = binascii.unhexlify(wycheproof.testcase["msg"])
tag = binascii.unhexlify(wycheproof.testcase["tag"])
# skip truncated tags, which we don't support in the API
if wycheproof.valid and len(tag) == 16:
ctx = CMAC(AES(key), backend)
ctx.update(msg)
ctx.verify(tag)
elif len(key) not in [16, 24, 32]:
with pytest.raises(ValueError):
CMAC(AES(key), backend)
else:
ctx = CMAC(AES(key), backend)
ctx.update(msg)
with pytest.raises(InvalidSignature):
ctx.verify(tag)
class _KSP1_decryptor:
"""
DO NOT CALL
Use KSP1().decryptor() instead
"""
def __init__(self, key, nonce, mac_key):
self._aes = Cipher(algorithms.AES(key), modes.CTR(nonce),
default_backend()).decryptor()
self._mac = CMAC(algorithms.AES(mac_key), default_backend())
def update(self, data):
self._mac.update(data)
return self._aes.update(data)
def finalize(self, tag):
try:
self._mac.verify(tag)
except Exception:
raise InvalidToken
def test_3des_verify(self, backend, params):
key1 = params["key1"]
key2 = params["key2"]
key3 = params["key3"]
key = key1 + key2 + key3
message = params["message"]
output = params["output"]
cmac = CMAC(TripleDES(binascii.unhexlify(key)), backend)
cmac.update(binascii.unhexlify(message))
assert cmac.verify(binascii.unhexlify(output)) is None
def test_3des_verify(self, backend, params):
key1 = params["key1"]
key2 = params["key2"]
key3 = params["key3"]
key = key1 + key2 + key3
message = params["message"]
output = params["output"]
cmac = CMAC(TripleDES(binascii.unhexlify(key)), backend)
cmac.update(binascii.unhexlify(message))
assert cmac.verify(binascii.unhexlify(output)) is None
