vmmgr/usr/lib/python3.6/lxcmgr/crypto.py

# -*- coding: utf-8 -*-

import hashlib

from cryptography.exceptions import InvalidSignature
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import ec

from .paths import REPO_SIG_FILE

def verify_signature(file, signature):
    # Verifies ECDSA HMAC SHA512 signature of a file
    with open(REPO_SIG_FILE, 'rb') as f:
        pub_key = serialization.load_pem_public_key(f.read(), default_backend())
    pub_key.verify(signature, file, ec.ECDSA(hashes.SHA512()))

def verify_hash(file, expected_hash):
    # Verifies SHA512 hash of a file against expected hash
    sha512 = hashlib.sha512()
    with open(file, 'rb') as f:
        while True:
            data = f.read(65536)
            if not data:
                break
            sha512.update(data)
    if sha512.hexdigest() != expected_hash:
        raise InvalidSignature(file)
Split to lxcmgr 2019-09-20 10:10:25 +02:00			`# -- coding: utf-8 --`

			`import hashlib`

			`from cryptography.exceptions import InvalidSignature`
			`from cryptography.hazmat.backends import default_backend`
			`from cryptography.hazmat.primitives import hashes, serialization`
			`from cryptography.hazmat.primitives.asymmetric import ec`

			`from .paths import REPO_SIG_FILE`

			`def verify_signature(file, signature):`
			`# Verifies ECDSA HMAC SHA512 signature of a file`
			`with open(REPO_SIG_FILE, 'rb') as f:`
			`pub_key = serialization.load_pem_public_key(f.read(), default_backend())`
			`pub_key.verify(signature, file, ec.ECDSA(hashes.SHA512()))`

			`def verify_hash(file, expected_hash):`
			`# Verifies SHA512 hash of a file against expected hash`
			`sha512 = hashlib.sha512()`
			`with open(file, 'rb') as f:`
			`while True:`
			`data = f.read(65536)`
			`if not data:`
			`break`
			`sha512.update(data)`
			`if sha512.hexdigest() != expected_hash:`
			`raise InvalidSignature(file)`