def verify(self,msgAndDigest): """ verifies the result returned by mac """ if msgAndDigest['alg'] != self._algorithm: raise ValueError("Currently only HMAC_SHA1 is supported as an algorithm") expected = (self.mac(msgAndDigest['msg'])['digest']) recieved = (msgAndDigest['digest']) return sha1hashlib(expected).digest() == sha1hashlib(recieved).digest() # we compare the hash instead of the direct value to avoid a timing attack
def verify(self,msgAndDigest): """ verifies the result returned by mac """ if msgAndDigest['alg'] != self._algorithm: raise ValueError() expected = bytes(self.mac(msgAndDigest['msg'])['digest'],'utf-8') recieved = bytes(msgAndDigest['digest'],'utf-8') return sha1hashlib(expected).digest() == sha1hashlib(recieved).digest() # we compare the hash instead of the direct value to avoid a timing attack
def verify(self, msgAndDigest): """ verifies the result returned by mac """ if msgAndDigest['alg'] != self._algorithm: raise ValueError( "Currently only HMAC_SHA1 is supported as an algorithm") expected = (self.mac(msgAndDigest['msg'])['digest']) recieved = (msgAndDigest['digest']) return sha1hashlib(expected).digest() == sha1hashlib(recieved).digest( ) # we compare the hash instead of the direct value to avoid a timing attack
def encrypt(self, msg): mac = MessageAuthenticator( sha1hashlib( b'Poor Mans Key Extractor' + self._key).digest()) # warning only valid in the random oracle enc = super(AuthenticatedCryptoAbstraction, self).encrypt(msg) return mac.mac(enc)
def decrypt(self, cipherText): mac = MessageAuthenticator( sha1hashlib( b'Poor Mans Key Extractor' + self._key).digest()) # warning only valid in the random oracle if not mac.verify(cipherText): raise ValueError( "Invalid mac. Your data was tampered with or your key is wrong" ) else: return super(AuthenticatedCryptoAbstraction, self).decrypt(cipherText['msg'])
def decrypt(self,cipherText): mac = MessageAuthenticator(sha1hashlib(b'Poor Mans Key Extractor'+self._key).digest()) # warning only valid in the random oracle if not mac.verify(cipherText): raise ValueError("Invalid mac. Your data was tampered with or your key is wrong") else: return super(AuthenticatedCryptoAbstraction,self).decrypt(cipherText['msg'])
def encrypt(self,msg): mac = MessageAuthenticator(sha1hashlib(b'Poor Mans Key Extractor'+self._key).digest()) # warning only valid in the random oracle enc = super(AuthenticatedCryptoAbstraction,self).encrypt(msg) return mac.mac(enc);