def verify(self, signature, data):
"""
Verify a signature using this key.
@type signature: L{bytes}
@param signature: The signature to verify.
@type data: L{bytes}
@param data: The signed data.
@rtype: L{bool}
@return: C{True} if the signature is valid.
"""
if len(signature) == 40:
# DSA key with no padding
signatureType, signature = b'ssh-dss', common.NS(signature)
else:
signatureType, signature = common.getNS(signature)
if signatureType != self.sshType():
return False
if self.type() == 'RSA':
k = self._keyObject
if not self.isPublic():
k = k.public_key()
verifier = k.verifier(
common.getNS(signature)[0],
padding.PKCS1v15(),
hashes.SHA1(),
)
elif self.type() == 'DSA':
concatenatedSignature = common.getNS(signature)[0]
r = int_from_bytes(concatenatedSignature[:20], 'big')
s = int_from_bytes(concatenatedSignature[20:], 'big')
signature = encode_dss_signature(r, s)
k = self._keyObject
if not self.isPublic():
k = k.public_key()
verifier = k.verifier(
signature, hashes.SHA1())
else:
raise BadKeyError("unknown key type %s" % (self.type(),))
verifier.update(data)
try:
verifier.verify()
except InvalidSignature:
return False
else:
return True
def verify(self, signature, data):
"""
Verify a signature using this key.
@type signature: L{bytes}
@param signature: The signature to verify.
@type data: L{bytes}
@param data: The signed data.
@rtype: L{bool}
@return: C{True} if the signature is valid.
"""
if len(signature) == 40:
# DSA key with no padding
signatureType, signature = b'ssh-dss', common.NS(signature)
else:
signatureType, signature = common.getNS(signature)
if signatureType != self.sshType():
return False
if self.type() == 'RSA':
k = self._keyObject
if not self.isPublic():
k = k.public_key()
verifier = k.verifier(
common.getNS(signature)[0],
padding.PKCS1v15(),
hashes.SHA1(),
)
elif self.type() == 'DSA':
concatenatedSignature = common.getNS(signature)[0]
r = int_from_bytes(concatenatedSignature[:20], 'big')
s = int_from_bytes(concatenatedSignature[20:], 'big')
signature = encode_dss_signature(r, s)
k = self._keyObject
if not self.isPublic():
k = k.public_key()
verifier = k.verifier(
signature, hashes.SHA1())
else:
raise BadKeyError("unknown key type %s" % (self.type(),))
verifier.update(data)
try:
verifier.verify()
except InvalidSignature:
return False
else:
return True
def verify(self, signature, data):
"""
Verify a signature using this key.
@type signature: L{bytes}
@param signature: The signature to verify.
@type data: L{bytes}
@param data: The signed data.
@rtype: L{bool}
@return: C{True} if the signature is valid.
"""
if len(signature) == 40:
# DSA key with no padding
signatureType, signature = b'ssh-dss', common.NS(signature)
else:
signatureType, signature = common.getNS(signature)
if signatureType != self.sshType():
return False
keyType = self.type()
if keyType == 'RSA':
k = self._keyObject
if not self.isPublic():
k = k.public_key()
args = (
common.getNS(signature)[0],
data,
padding.PKCS1v15(),
hashes.SHA1(),
)
elif keyType == 'DSA':
concatenatedSignature = common.getNS(signature)[0]
r = int_from_bytes(concatenatedSignature[:20], 'big')
s = int_from_bytes(concatenatedSignature[20:], 'big')
signature = encode_dss_signature(r, s)
k = self._keyObject
if not self.isPublic():
k = k.public_key()
args = (signature, data, hashes.SHA1())
elif keyType == 'EC': # Pragma: no branch
concatenatedSignature = common.getNS(signature)[0]
rstr, sstr, rest = common.getNS(concatenatedSignature, 2)
r = int_from_bytes(rstr, 'big')
s = int_from_bytes(sstr, 'big')
signature = encode_dss_signature(r, s)
k = self._keyObject
if not self.isPublic():
k = k.public_key()
keySize = self.size()
if keySize <= 256: # Hash size depends on key size
hashSize = hashes.SHA256()
elif keySize <= 384:
hashSize = hashes.SHA384()
else:
hashSize = hashes.SHA512()
args = (signature, data, ec.ECDSA(hashSize))
try:
k.verify(*args)
except InvalidSignature:
return False
else:
return True