Fix signature verification

Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt>

delivery2/client/bin/rep_create_session

@@ -78,6 +78,11 @@ def createSession(args):
     try:
         req = requests.post(f'http://{state['REP_ADDRESS']}/user/login', json=json.dumps({'signature' : base64.b64encode(signature).decode('utf-8')}), headers={'Authorization': response['token']})
         req.raise_for_status()
+
+    except requests.exceptions.HTTPError:
+        logger.error("%d: %s", req.status_code, req.json()['error'])
+        sys.exit(-1)
+
     except requests.exceptions.RequestException as errex:
         logger.error("Failed to obtain response from server")
         sys.exit(-1)

delivery2/server/services/sessions.py

@@ -1,5 +1,6 @@
 import secrets
 
+from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.primitives.serialization import load_pem_public_key
 from cryptography.hazmat.primitives.asymmetric import padding
 from cryptography.hazmat.primitives import hashes
@@ -37,12 +38,15 @@ class SessionService:
         if not public_key_pem:
             return jsonify({"error": "Public key not found"}), 404
         public_key = load_pem_public_key(public_key_pem.encode())
+        try:
             public_key.verify(
                 signature,
                 session.challenge.encode(),
                 padding.PKCS1v15(),
                 hashes.SHA256()
             )
+        except InvalidSignature:
+            return jsonify({"error": "Invalid signature"}), 403
         session.challenge = None
         session.verified = True
         db.commit()