def verify(self, signature, data, hash_context):
if not isinstance(hash_context, hashes.HashContext):
raise TypeError("hash_context must be an instance of hashes.HashContext.")
size = self.public_numbers.parameter_numbers.q.bit_length() // 8
r, s = (bytes_to_long(value) for value in read_content(signature, '{0}s{0}s'.format(size)))
# r, s = (bytes_to_long(value) for value in read_content(signature, '20s20s'))
hash_context.update(data)
digest = hash_context.finalize()
try:
self._key.verify(encode_dss_signature(r, s), digest, Prehashed(SHA256HMAC160()))
except InvalidSignature:
raise ValueError("invalid signature")
def finalize(self):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized.")
digest = self._ctx.finalize()
self._ctx = None
q = self._dsa_key.parameters.parameter_numbers().q
# We need this for compatibility with libotr which doesn't truncate its digest to the leftmost q.bit_length() bits
# when the digest is longer than that as per the DSA specification (see FIPS 186-4, 4.2 & 4.6). Passing digest mod q
# is the same as passing it unmodified, but this way we avoid the cryptography library truncating the digest as per
# the specification, which would result in the signature verification failing.
if self.algorithm.digest_size * 8 > q.bit_length():
digest = long_to_bytes(bytes_to_long(digest) % q, (q.bit_length() + 7) // 8)
return digest
def finalize(self):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized.")
digest = self._ctx.finalize()
self._ctx = None
q = self._dsa_key.parameters.parameter_numbers().q
# We need this for compatibility with libotr which doesn't truncate its digest to the leftmost q.bit_length() bits
# when the digest is longer than that as per the DSA specification (see FIPS 186-4, 4.2 & 4.6). Passing digest mod q
# is the same as passing it unmodified, but this way we avoid the cryptography library truncating the digest as per
# the specification, which would result in the signature verification failing.
if self.algorithm.digest_size * 8 > q.bit_length():
digest = long_to_bytes(bytes_to_long(digest) % q, (q.bit_length() + 7) // 8)
return digest
def verify(self, signature, data, hash_context):
if not isinstance(hash_context, hashes.HashContext):
raise TypeError("hash_context must be an instance of hashes.HashContext.")
size = self.public_numbers.parameter_numbers.q.bit_length() // 8
r, s = (bytes_to_long(value) for value in read_content(signature, '{0}s{0}s'.format(size)))
# r, s = (bytes_to_long(value) for value in read_content(signature, '20s20s'))
verifier = self._key.verifier(encode_dss_signature(r, s), hashes.SHA256())
verifier._hash_ctx = hash_context
verifier.update(data)
try:
verifier.verify()
except InvalidSignature:
raise ValueError("invalid signature")
