def verify(self, message: bytes, signature: bytes, key: rsa.RSAPublicKey):
try:
key.verify(signature, message,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
return True
except InvalidSignature:
return False
def verify(self, key: rsa.RSAPublicKey, msg: bytes, sig: bytes) -> bool:
"""Verify the ``msg` and ``sig`` using ``key``."""
try:
key.verify(sig, msg, self.padding, self.hash)
except cryptography.exceptions.InvalidSignature as error:
logger.debug(error, exc_info=True)
return False
else:
return True
def verify(sig, data, pkey: rsa.RSAPublicKey):
"""Verify that the signature `sig` is valid for data `data` and public key `pkey`.
Returns True if the signature is valid, False otherwise."""
try:
pkey.verify(sig, data, padding.PKCS1v15(),
utils.Prehashed(hashes.MD5()))
except InvalidSignature:
return False
return True
def check_certificate_against_public_key(
cert: Certificate,
public_key: RSAPublicKey,
) -> None:
# Check if the signature of the certificate matches the public key
public_key.verify(
cert.signature,
cert.tbs_certificate_bytes,
PKCS1v15(),
SHA256(),
)
def _verify_bytes(public_key: RSAPublicKey, signature: bytes,
data: bytes) -> None:
"""
Raises
-------
cryptography.exceptions.InvalidSignature
"""
public_key.verify(
signature, data,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
def verify(self, msg: str, signed: str, public_key: RSAPublicKey) -> bool:
try:
public_key.verify(binascii.a2b_base64(signed),
msg.encode("ascii"),
padding=padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
algorithm=hashes.SHA256())
except InvalidSignature:
return False
return True
def assertValidSignature(self, public_key: rsa.RSAPublicKey,
signed_base64: str, message: bytes):
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding, utils
import base64
import hashlib
digest = hashlib.sha256(message).digest()
# si la firma es invalida, este metodo arroja una excepcion
public_key.verify(base64.b64decode(signed_base64), digest,
padding.PKCS1v15(), utils.Prehashed(hashes.SHA256()))
self.assertTrue(True)
def verify_signature(public_key: RSAPublicKey, signature: bytes,
data: bytes) -> None:
"""Verfies the supplied signature.
Args:
public_key: RSA public key with which the verification is done.
signature: The signature to verify.
data: The message that was signed.
Raises:
InvalidSignature if signature is not valid.
"""
public_key.verify(
signature,
data,
padding.PKCS1v15(),
hashes.SHA256(),
)
def verify_message(self, msg: bytes, signature: bytes,
public_key: RSAPublicKey) -> bool:
"""
Checks message signature
:param msg: message
:param signature: message's signature
:param public_key: sender's public key
:return: true if signature is correct, false otherwise
"""
try:
public_key.verify(signature=signature,
data=msg,
padding=padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
algorithm=hashes.SHA256())
except InvalidSignature:
return False
return True
def verify(cert: "X509Certificate", public_key: rsa.RSAPublicKey) -> bool:
"""
return weither the certificate is valid or not
"""
try:
public_key.verify(
cert._certificate.signature,
cert._certificate.tbs_certificate_bytes,
padding.PKCS1v15(),
cert._certificate.signature_hash_algorithm,
)
except InvalidSignature as e:
print("InvalidSignature")
return False
today = datetime.datetime.today()
if (cert._certificate.not_valid_after < today
or cert._certificate.not_valid_before > today):
print("Certificate out of date")
return False
return True
def verify(public_key: rsa.RSAPublicKey, msg: bytes, signature: bytes) -> bool:
"""
Verifies the authenticity of a signed transmission.
:param public_key: The public key to verify the signature against.
:type public_key: :class:`rsa.RSAPublicKey`
:param msg: The signed message.
:type msg: `bytes`
:param signature: The signature.
:type signature: `bytes`
:returns: True if the signature was verified, False otherwise.
:rtype: `bool`
"""
try:
public_key.verify(signature, msg, padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
return True
except InvalidSignature:
return False
def get_rsa_verifier(pub_key: rsa.RSAPublicKey):
if sigAlgo.signature_algo == 'rsassa_pss':
sig_algo_params = sigAlgo['parameters']
assert 'mask_gen_algorithm' in sig_algo_params
assert 'salt_length' in sig_algo_params
mgf = sig_algo_params['mask_gen_algorithm']['algorithm'].native
if 'mgf1' != mgf:
raise ValueError(
"Invalid mask generation algorithm: {}".format(mgf))
mgf1_hash_algo = sig_algo_params['mask_gen_algorithm'][
'parameters']['algorithm'].native
mgf1_hash_algo = algo_utils.get_hash_algo_by_name(
mgf1_hash_algo)
return Verifier(lambda: pub_key.verify(
signature, message,
padding.PSS(mgf=padding.MGF1(mgf1_hash_algo),
salt_length=sig_algo_params['salt_length'].
native), hash_algo))
else:
return Verifier(lambda: pub_key.verify(
signature, message, padding.PKCS1v15(), hash_algo))
def verify(self, plaintext: bytes, signature, otherkey: rsa.RSAPublicKey):
otherkey.verify(
signature, plaintext,
apadding.PSS(mgf=apadding.MGF1(hashes.SHA256()),
salt_length=apadding.PSS.MAX_LENGTH), hashes.SHA256())
