vmmgr/usr/lib/python3.6/lxcmgr/crypto.py
2019-09-20 10:10:25 +02:00

29 lines
958 B
Python

# -*- coding: utf-8 -*-
import hashlib
from cryptography.exceptions import InvalidSignature
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import ec
from .paths import REPO_SIG_FILE
def verify_signature(file, signature):
# Verifies ECDSA HMAC SHA512 signature of a file
with open(REPO_SIG_FILE, 'rb') as f:
pub_key = serialization.load_pem_public_key(f.read(), default_backend())
pub_key.verify(signature, file, ec.ECDSA(hashes.SHA512()))
def verify_hash(file, expected_hash):
# Verifies SHA512 hash of a file against expected hash
sha512 = hashlib.sha512()
with open(file, 'rb') as f:
while True:
data = f.read(65536)
if not data:
break
sha512.update(data)
if sha512.hexdigest() != expected_hash:
raise InvalidSignature(file)