29 lines
1017 B
Python
29 lines
1017 B
Python
# -*- coding: utf-8 -*-
|
|
|
|
import hashlib
|
|
|
|
from cryptography.exceptions import InvalidSignature
|
|
from cryptography.hazmat.backends import default_backend
|
|
from cryptography.hazmat.primitives import hashes, serialization
|
|
from cryptography.hazmat.primitives.asymmetric import ec
|
|
|
|
from .paths import REPO_SIG_FILE
|
|
|
|
def verify_signature(public_key_path, input_data, signature_data):
|
|
# Verifies ECDSA HMAC SHA512 signature of a file
|
|
with open(public_key_path, 'rb') as f:
|
|
pub_key = serialization.load_pem_public_key(f.read(), default_backend())
|
|
pub_key.verify(signature_data, input_data, ec.ECDSA(hashes.SHA512()))
|
|
|
|
def verify_hash(input_path, expected_hash):
|
|
# Verifies SHA512 hash of a file against expected hash
|
|
sha512 = hashlib.sha512()
|
|
with open(input_path, 'rb') as f:
|
|
while True:
|
|
data = f.read(65536)
|
|
if not data:
|
|
break
|
|
sha512.update(data)
|
|
if sha512.hexdigest() != expected_hash:
|
|
raise InvalidSignature(input_path)
|