Python cryptography.exceptions.InvalidSignature() Examples
The following are 30
code examples of cryptography.exceptions.InvalidSignature().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
cryptography.exceptions
, or try the search function
.
Example #1
Source File: algorithms.py From Tautulli with GNU General Public License v3.0 | 6 votes |
def verify(self, msg, key, sig): verifier = key.verifier( sig, padding.PSS( mgf=padding.MGF1(self.hash_alg()), salt_length=self.hash_alg.digest_size ), self.hash_alg() ) verifier.update(msg) try: verifier.verify() return True except InvalidSignature: return False
Example #2
Source File: crypto.py From keylime with BSD 2-Clause "Simplified" License | 6 votes |
def rsa_verify(public_key, message, signature): """ RSA verify message """ try: public_key.verify( base64.b64decode(signature), message, padding.PSS( mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH ), hashes.SHA256() ) except exceptions.InvalidSignature: return False except Exception as e: raise e return True
Example #3
Source File: ecdsakey.py From imoocc with GNU General Public License v2.0 | 6 votes |
def verify_ssh_sig(self, data, msg): if msg.get_text() != self.ecdsa_curve.key_format_identifier: return False sig = msg.get_binary() sigR, sigS = self._sigdecode(sig) signature = encode_dss_signature(sigR, sigS) verifier = self.verifying_key.verifier( signature, ec.ECDSA(self.ecdsa_curve.hash_object()) ) verifier.update(data) try: verifier.verify() except InvalidSignature: return False else: return True
Example #4
Source File: rsakey.py From imoocc with GNU General Public License v2.0 | 6 votes |
def verify_ssh_sig(self, data, msg): if msg.get_text() != 'ssh-rsa': return False key = self.key if isinstance(key, rsa.RSAPrivateKey): key = key.public_key() verifier = key.verifier( signature=msg.get_binary(), padding=padding.PKCS1v15(), algorithm=hashes.SHA1(), ) verifier.update(data) try: verifier.verify() except InvalidSignature: return False else: return True
Example #5
Source File: test_crypto_utils.py From st2 with Apache License 2.0 | 6 votes |
def test_exception_is_thrown_on_invalid_hmac_signature(self): aes_key = AESKey.generate() plaintext = 'hello world ponies 2' encrypted = cryptography_symmetric_encrypt(aes_key, plaintext) # Verify original non manipulated value can be decrypted decrypted = cryptography_symmetric_decrypt(aes_key, encrypted) self.assertEqual(decrypted, plaintext) # Corrupt the HMAC signature (last part is the HMAC signature) encrypted_malformed = binascii.unhexlify(encrypted) encrypted_malformed = encrypted_malformed[:-3] encrypted_malformed += b'abc' encrypted_malformed = binascii.hexlify(encrypted_malformed) # Verify corrupted value results in an excpetion expected_msg = 'Signature did not match digest' self.assertRaisesRegexp(InvalidSignature, expected_msg, cryptography_symmetric_decrypt, aes_key, encrypted_malformed)
Example #6
Source File: ecc.py From synapse with Apache License 2.0 | 6 votes |
def verify(self, byts, sign): ''' Verify the signature for the given bytes using the ECC public key. Args: byts (bytes): The data bytes. sign (bytes): The signature bytes. Returns: bool: True if the data was verified, False otherwise. ''' try: chosen_hash = c_hashes.SHA256() hasher = c_hashes.Hash(chosen_hash, default_backend()) hasher.update(byts) digest = hasher.finalize() self.publ.verify(sign, digest, c_ec.ECDSA(c_utils.Prehashed(chosen_hash)) ) return True except InvalidSignature: logger.exception('Error in publ.verify') return False
Example #7
Source File: ecdsalib.py From virtualchain with GNU General Public License v3.0 | 6 votes |
def verify_digest(hash_hex, pubkey_hex, sigb64, hashfunc=hashlib.sha256): """ Given a digest, public key (as hex), and a base64 signature, verify that the public key signed the digest. Return True if so Return False if not """ if not isinstance(hash_hex, (str, unicode)): raise ValueError("hash hex is not a string") hash_hex = str(hash_hex) pubk_uncompressed_hex = keylib.key_formatting.decompress(pubkey_hex) sig_r, sig_s = decode_signature(sigb64) pubk = ec.EllipticCurvePublicNumbers.from_encoded_point(ec.SECP256K1(), pubk_uncompressed_hex.decode('hex')).public_key(default_backend()) signature = encode_dss_signature(sig_r, sig_s) try: pubk.verify(signature, hash_hex.decode('hex'), ec.ECDSA(utils.Prehashed(hashes.SHA256()))) return True except InvalidSignature: return False
Example #8
Source File: crypto.py From fabric-sdk-py with Apache License 2.0 | 6 votes |
def verify(self, public_key, message, signature): """ECDSA verify signature. :param public_key: Signing public key :param message: Origin message :param signature: Signature of message :return: verify result boolean, True means valid """ if not (self._check_malleability(signature)): return False try: public_key.verify(signature, message, ec.ECDSA(self.sign_hash_algorithm)) except InvalidSignature: return False except Exception as e: raise e return True
Example #9
Source File: jwa.py From jwcrypto with GNU Lesser General Public License v3.0 | 6 votes |
def decrypt(self, k, a, iv, e, t): """ Decrypt according to the selected encryption and hashing functions. :param k: Encryption key (optional) :param a: Additional Authenticated Data :param iv: Initialization Vector :param e: Ciphertext :param t: Authentication Tag Returns plaintext or raises an error """ hkey = k[:_inbytes(self.keysize)] dkey = k[_inbytes(self.keysize):] # verify mac if not constant_time.bytes_eq(t, self._mac(hkey, a, iv, e)): raise InvalidSignature('Failed to verify MAC') # decrypt cipher = Cipher(algorithms.AES(dkey), modes.CBC(iv), backend=self.backend) decryptor = cipher.decryptor() d = decryptor.update(e) + decryptor.finalize() unpadder = PKCS7(self.blocksize).unpadder() return unpadder.update(d) + unpadder.finalize()
Example #10
Source File: cms.py From zentral with Apache License 2.0 | 6 votes |
def verify_certificate_signature(certificate, signer, payload): public_key = certificate.public_key() signature = signer['signature'].native if "signed_attrs" in signer and signer["signed_attrs"]: # Seen with the iPhone simulator for example signed_string = signer["signed_attrs"].dump() if signed_string.startswith(b'\xa0'): # TODO: WTF!!! # see https://stackoverflow.com/questions/24567623/how-to-see-what-attributes-are-signed-inside-pkcs7#24581628 # NOQA signed_string = b'\x31' + signed_string[1:] else: signed_string = payload asymmetric_padding = get_cryptography_asymmetric_padding(signer) hash_algorithm = get_cryptography_hash_algorithm(signer) try: public_key.verify(signature, signed_string, asymmetric_padding(), hash_algorithm()) except InvalidSignature: return False else: return True
Example #11
Source File: tokenizer.py From blockstack-auth-python with MIT License | 6 votes |
def verify(self, token, verifying_key): # grab the token parts token_parts = self._unpack(token) header, payload, raw_signature, signing_input = token_parts # load the verifying key verifying_key = load_verifying_key(verifying_key, self.crypto_backend) # convert the raw_signature to DER format der_signature = raw_to_der_signature( raw_signature, verifying_key.curve) # initialize the verifier verifier = self._get_verifier(verifying_key, der_signature) verifier.update(signing_input) # check to see whether the signature is valid try: verifier.verify() except InvalidSignature: # raise DecodeError('Signature verification failed') return False return True
Example #12
Source File: cryptography_backend.py From python-jose with MIT License | 5 votes |
def verify(self, msg, sig): try: self.prepared_key.verify( sig, msg, padding.PKCS1v15(), self.hash_alg() ) return True except InvalidSignature: return False
Example #13
Source File: crypto.py From spid-testenv2 with GNU Affero General Public License v3.0 | 5 votes |
def verify(self, pubkey, signed_data, signature): try: pubkey.verify(signature, signed_data, self._padding, self._digest) except InvalidSignature: return False else: return True
Example #14
Source File: transaction.py From lbry-sdk with MIT License | 5 votes |
def is_signature_valid(encoded_signature, signature_digest, public_key_bytes): try: public_key = load_der_public_key(public_key_bytes, default_backend()) public_key.verify(encoded_signature, signature_digest, ec.ECDSA(Prehashed(hashes.SHA256()))) return True except (ValueError, InvalidSignature): pass return False
Example #15
Source File: fields.py From PGPy with BSD 3-Clause "New" or "Revised" License | 5 votes |
def verify(self, subj, sigbytes, hash_alg): # zero-pad sigbytes if necessary sigbytes = (b'\x00' * (self.n.byte_length() - len(sigbytes))) + sigbytes try: self.__pubkey__().verify(sigbytes, subj, padding.PKCS1v15(), hash_alg) except InvalidSignature: return False return True
Example #16
Source File: fields.py From PGPy with BSD 3-Clause "New" or "Revised" License | 5 votes |
def verify(self, subj, sigbytes, hash_alg): try: self.__pubkey__().verify(sigbytes, subj, hash_alg) except InvalidSignature: return False return True
Example #17
Source File: jwk.py From python-jwt with Apache License 2.0 | 5 votes |
def verify(self, message: bytes, signature: bytes, **options) -> bool: hash_fun = self._get_hash_fun(options) if self.is_sign_key(): pubkey = self.keyobj.public_key() else: pubkey = self.keyobj try: pubkey.verify(signature, message, padding.PKCS1v15(), hash_fun()) return True except InvalidSignature: return False
Example #18
Source File: fields.py From PGPy with BSD 3-Clause "New" or "Revised" License | 5 votes |
def verify(self, subj, sigbytes, hash_alg): try: self.__pubkey__().verify(sigbytes, subj, ec.ECDSA(hash_alg)) except InvalidSignature: return False return True
Example #19
Source File: decorators.py From commandment with MIT License | 5 votes |
def verify_mdm_signature(f): """Verify the signature supplied by the client in the request using the ``Mdm-Signature`` header. If the authenticity of the message has been verified, then the signer is attached to the **g** object as **g.signer**. In unit tests, this decorator is completely disabled by the presence of app.testing = True. You can also disable enforcement in dev by setting the flask setting DEBUG to true. :reqheader Mdm-Signature: BASE64-encoded CMS Detached Signature of the message. (if `SignMessage` was true) """ @wraps(f) def decorator(*args, **kwargs): if current_app.testing: return f(*args, **kwargs) if 'Mdm-Signature' not in request.headers: raise TypeError('Client did not supply an Mdm-Signature header but signature is required.') detached_signature = b64decode(request.headers['Mdm-Signature']) try: signers, signed_data = _verify_cms_signers(detached_signature, detached=True) g.signers = signers g.signed_data = signed_data except InvalidSignature as e: current_app.logger.warn("Invalid Signature in Mdm-Signature header") if not current_app.config.get('DEBUG', False): return abort(403) return f(*args, **kwargs) return decorator
Example #20
Source File: fields.py From PGPy with BSD 3-Clause "New" or "Revised" License | 5 votes |
def verify(self, subj, sigbytes, hash_alg): # GnuPG requires a pre-hashing with EdDSA # https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-06#section-14.8 digest = hashes.Hash(hash_alg, backend=default_backend()) digest.update(subj) subj = digest.finalize() try: self.__pubkey__().verify(sigbytes, subj) except InvalidSignature: return False return True
Example #21
Source File: dsskey.py From imoocc with GNU General Public License v2.0 | 5 votes |
def verify_ssh_sig(self, data, msg): if len(msg.asbytes()) == 40: # spies.com bug: signature has no header sig = msg.asbytes() else: kind = msg.get_text() if kind != 'ssh-dss': return 0 sig = msg.get_binary() # pull out (r, s) which are NOT encoded as mpints sigR = util.inflate_long(sig[:20], 1) sigS = util.inflate_long(sig[20:], 1) signature = encode_dss_signature(sigR, sigS) key = dsa.DSAPublicNumbers( y=self.y, parameter_numbers=dsa.DSAParameterNumbers( p=self.p, q=self.q, g=self.g ) ).public_key(backend=default_backend()) verifier = key.verifier(signature, hashes.SHA1()) verifier.update(data) try: verifier.verify() except InvalidSignature: return False else: return True
Example #22
Source File: fernet.py From quickstart-redhat-openshift with Apache License 2.0 | 5 votes |
def _verify_signature(self, data): h = HMAC(self._signing_key, hashes.SHA256(), backend=self._backend) h.update(data[:-32]) try: h.verify(data[-32:]) except InvalidSignature: raise InvalidToken
Example #23
Source File: algorithms.py From Tautulli with GNU General Public License v3.0 | 5 votes |
def verify(self, msg, key, sig): verifier = key.verifier( sig, padding.PKCS1v15(), self.hash_alg() ) verifier.update(msg) try: verifier.verify() return True except InvalidSignature: return False
Example #24
Source File: algorithms.py From Tautulli with GNU General Public License v3.0 | 5 votes |
def verify(self, msg, key, sig): try: der_sig = raw_to_der_signature(sig, key.curve) except ValueError: return False verifier = key.verifier(der_sig, ec.ECDSA(self.hash_alg())) verifier.update(msg) try: verifier.verify() return True except InvalidSignature: return False
Example #25
Source File: verifier.py From alexa-skills-kit-sdk-for-python with Apache License 2.0 | 5 votes |
def _valid_request_body( self, cert_chain, signature, serialized_request_env): # type: (Certificate, str, str) -> None """Validate the request body hash with signature. This method checks if the hash value of the request body matches with the hash value of the signature, decrypted using certificate chain. A :py:class:`VerificationException` is raised if there is a mismatch. :param cert_chain: Certificate chain to be validated :type cert_chain: cryptography.x509.Certificate :param signature: Encrypted signature of the request :type: str :param serialized_request_env: Raw request body :type: str :raises: :py:class:`VerificationException` if certificate is not valid """ decoded_signature = base64.b64decode(signature) public_key = cert_chain.public_key() # type: rsa._RSAPublicKey request_env_bytes = serialized_request_env.encode(CHARACTER_ENCODING) try: public_key.verify( decoded_signature, request_env_bytes, self._padding, self._hash_algorithm) except InvalidSignature as e: raise VerificationException("Request body is not valid", e)
Example #26
Source File: signing.py From pyUmbral with GNU General Public License v3.0 | 5 votes |
def verify(self, message: bytes, verifying_key: UmbralPublicKey, is_prehashed: bool = False) -> bool: """ Verifies that a message's signature was valid. :param message: The message to verify :param verifying_key: UmbralPublicKey of the signer :param is_prehashed: True if the message has been prehashed previously :return: True if valid, False if invalid """ cryptography_pub_key = verifying_key.to_cryptography_pubkey() if is_prehashed: signature_algorithm = ECDSA(utils.Prehashed(self.hash_algorithm())) else: signature_algorithm = ECDSA(self.hash_algorithm()) # TODO: Raise error instead of returning boolean try: cryptography_pub_key.verify( signature=self._der_encoded_bytes(), data=message, signature_algorithm=signature_algorithm ) except InvalidSignature: return False return True
Example #27
Source File: fernet.py From Carnets with BSD 3-Clause "New" or "Revised" License | 5 votes |
def _verify_signature(self, data): h = HMAC(self._signing_key, hashes.SHA256(), backend=self._backend) h.update(data[:-32]) try: h.verify(data[-32:]) except InvalidSignature: raise InvalidToken
Example #28
Source File: poly1305.py From Carnets with BSD 3-Clause "New" or "Revised" License | 5 votes |
def verify(self, tag): mac = self.finalize() if not constant_time.bytes_eq(mac, tag): raise InvalidSignature("Value did not match computed tag.")
Example #29
Source File: validators.py From refstack with Apache License 2.0 | 5 votes |
def validate(self, request): """Validate uploaded test results.""" super(TestResultValidator, self).validate(request) if request.headers.get('X-Signature') or \ request.headers.get('X-Public-Key'): try: sign = binascii.a2b_hex(request.headers.get('X-Signature', '')) except (binascii.Error, TypeError) as e: raise api_exc.ValidationError('Malformed signature', e) try: key = load_ssh_public_key( request.headers.get('X-Public-Key', ''), backend=backends.default_backend() ) except (binascii.Error, ValueError) as e: raise api_exc.ValidationError('Malformed public key', e) verifier = key.verifier(sign, padding.PKCS1v15(), hashes.SHA256()) verifier.update(request.body) try: verifier.verify() except InvalidSignature: raise api_exc.ValidationError('Signature verification failed') if self._is_empty_result(request): raise api_exc.ValidationError('Uploaded results must contain at ' 'least one passing test.')
Example #30
Source File: validators.py From refstack with Apache License 2.0 | 5 votes |
def validate(self, request): """Validate uploaded test results.""" super(PubkeyValidator, self).validate(request) body = json.loads(request.body.decode('utf-8')) key_format = body['raw_key'].strip().split()[0] if key_format not in ('ssh-dss', 'ssh-rsa', 'pgp-sign-rsa', 'pgp-sign-dss'): raise api_exc.ValidationError('Public key has unsupported format') try: sign = binascii.a2b_hex(body['self_signature']) except (binascii.Error, TypeError) as e: raise api_exc.ValidationError('Malformed signature', e) try: key = load_ssh_public_key(body['raw_key'].encode('utf-8'), backend=backends.default_backend()) except (binascii.Error, ValueError) as e: raise api_exc.ValidationError('Malformed public key', e) verifier = key.verifier(sign, padding.PKCS1v15(), hashes.SHA256()) verifier.update('signature'.encode('utf-8')) try: verifier.verify() except InvalidSignature: raise api_exc.ValidationError('Signature verification failed')