def _assert_correct_signature_algorithms(self, hash_algo, sig_algo):
if (hash_algo != self.__sig_verifier.HASH_ALGORITHM):
raise error.SignatureError(
"Hash algorithm used for the signature (%d) does not match the "
"one used for the public key (%d)" %
(hash_algo, self.__sig_verifier.HASH_ALGORITHM))
if (sig_algo != self.__sig_verifier.SIGNATURE_ALGORITHM):
raise error.SignatureError(
"Signing algorithm used (%d) does not match the one used for "
"the public key (%d)" %
(sig_algo, self.__sig_verifier.SIGNATURE_ALGORITHM))
return True
def verify(self, signature_input, signature):
"""Verifies the signature was created by the owner of the public key.
Args:
- signature_input: The data that was originally signed.
- signature: An ECDSA SHA256 signature.
Returns:
- True if the signature verifies.
Raises:
- error.EncodingError: If the signature encoding is invalid.
- error.SignatureError: If the signature fails verification.
"""
try:
_ECDSASignature.decode(signature)
return self.__key.verify(signature,
signature_input,
hashfunc=hashlib.sha256,
sigdecode=ecdsa.util.sigdecode_der)
except (ecdsa.der.UnexpectedDER, error.ASN1Error) as e:
raise error.EncodingError("Invalid DER encoding for signature %s",
signature.encode("hex"), e)
except ecdsa.keys.BadSignatureError:
raise error.SignatureError("Signature did not verify: %s",
signature.encode("hex"))
def _verify(self, signature_input, signature):
try:
return self.__pubkey.verify(signature, signature_input,
hashfunc=hashlib.sha256,
sigdecode=ecdsa.util.sigdecode_der)
except ecdsa.der.UnexpectedDER:
raise error.EncodingError("Invalid DER encoding for signature %s",
signature.encode("hex"))
except ecdsa.keys.BadSignatureError:
raise error.SignatureError("Signature did not verify: %s",
signature.encode("hex"))
def verify(self, signature_input, signature):
"""Verifies the signature was created by the owner of the public key.
Args:
- signature_input: The data that was originally signed.
- signature: An ECDSA SHA256 signature.
Returns:
- True if the signature verifies.
Raises:
- error.SignatureError: If the signature fails verification.
"""
try:
self.__key.verify(signature, signature_input,
ec.ECDSA(hashes.SHA256()))
except cryptography.exceptions.InvalidSignature:
raise error.SignatureError("Signature did not verify: %s" %
signature.encode("hex"))
return True
def verify(self, signature_input, signature):
"""Verifies the signature was created by the owner of the public key.
Args:
- signature_input: The data that was originally signed.
- signature: An RSA SHA256 signature.
Returns:
- True if the signature verifies.
Raises:
- error.SignatureError: If the signature fails verification.
"""
verifier = Crypto.Signature.PKCS1_v1_5.new(self.__key)
sha256_hash = Crypto.Hash.SHA256.new(signature_input)
if verifier.verify(sha256_hash, signature):
return True
else:
raise error.SignatureError("Signature did not verify: %s",
signature.encode("hex"))