Fix signature verification

Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt>
2024-12-18 20:03:52 +00:00 · 2024-12-18 20:03:52 +00:00 · b156337e62
parent 44f40f2b55
commit b156337e62
2 changed files with 15 additions and 6 deletions
--- a/delivery2/client/bin/rep_create_session
+++ b/delivery2/client/bin/rep_create_session
@ -78,6 +78,11 @@ def createSession(args):
    try:
        req = requests.post(f'http://{state['REP_ADDRESS']}/user/login', json=json.dumps({'signature' : base64.b64encode(signature).decode('utf-8')}), headers={'Authorization': response['token']})
        req.raise_for_status()
+
+    except requests.exceptions.HTTPError:
+        logger.error("%d: %s", req.status_code, req.json()['error'])
+        sys.exit(-1)
+
    except requests.exceptions.RequestException as errex:
        logger.error("Failed to obtain response from server")
        sys.exit(-1)
--- a/delivery2/server/services/sessions.py
+++ b/delivery2/server/services/sessions.py
@ -1,5 +1,6 @@
 import secrets

+from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.primitives.serialization import load_pem_public_key
 from cryptography.hazmat.primitives.asymmetric import padding
 from cryptography.hazmat.primitives import hashes
@ -37,12 +38,15 @@ class SessionService:
        if not public_key_pem:
            return jsonify({"error": "Public key not found"}), 404
        public_key = load_pem_public_key(public_key_pem.encode())
-        public_key.verify(
-            signature,
-            session.challenge.encode(),
-            padding.PKCS1v15(),
-            hashes.SHA256()
-        )
+        try:
+            public_key.verify(
+                signature,
+                session.challenge.encode(),
+                padding.PKCS1v15(),
+                hashes.SHA256()
+            )
+        except InvalidSignature:
+            return jsonify({"error": "Invalid signature"}), 403
        session.challenge = None
        session.verified = True
        db.commit()