def validate_batch(batch):
# validate batch signature
header = BatchHeader()
header.ParseFromString(batch.header)
valid = signing.verify(batch.header, batch.header_signature,
header.signer_pubkey)
if not valid:
LOGGER.debug("batch failed signature validation: %s",
batch.header_signature)
# validate all transactions in batch
total = len(batch.transactions)
index = 0
while valid and index < total:
txn = batch.transactions[index]
valid = validate_transaction(txn)
if valid:
txn_header = TransactionHeader()
txn_header.ParseFromString(txn.header)
if txn_header.batcher_pubkey != header.signer_pubkey:
LOGGER.debug(
"txn batcher pubkey does not match signer"
"pubkey for batch: %s txn: %s", batch.header_signature,
txn.header_signature)
valid = False
index += 1
return valid
def is_valid_batch(batch):
# validate batch signature
header = BatchHeader()
header.ParseFromString(batch.header)
if not signing.verify(batch.header, batch.header_signature,
header.signer_public_key):
LOGGER.debug("batch failed signature validation: %s",
batch.header_signature)
return False
# validate all transactions in batch
for txn in batch.transactions:
if not is_valid_transaction(txn):
return False
txn_header = TransactionHeader()
txn_header.ParseFromString(txn.header)
if txn_header.batcher_public_key != header.signer_public_key:
LOGGER.debug(
"txn batcher public_key does not match signer"
"public_key for batch: %s txn: %s", batch.header_signature,
txn.header_signature)
return False
return True
def is_valid_batch(batch):
# validate batch signature
header = BatchHeader()
header.ParseFromString(batch.header)
if not signing.verify(batch.header,
batch.header_signature,
header.signer_pubkey):
LOGGER.debug("batch failed signature validation: %s",
batch.header_signature)
return False
# validate all transactions in batch
for txn in batch.transactions:
if not is_valid_transaction(txn):
return False
txn_header = TransactionHeader()
txn_header.ParseFromString(txn.header)
if txn_header.batcher_pubkey != header.signer_pubkey:
LOGGER.debug("txn batcher pubkey does not match signer"
"pubkey for batch: %s txn: %s",
batch.header_signature,
txn.header_signature)
return False
return True
def validate_transaction(txn):
# validate transactions signature
header = TransactionHeader()
header.ParseFromString(txn.header)
valid = signing.verify(txn.header, txn.header_signature,
header.signer_pubkey)
if not valid:
LOGGER.debug("transaction signature invalid for txn: %s",
txn.header_signature)
return valid
def verify_wait_certificate(cls, certificate, poet_public_key):
# Since the signing module uses a hex-encoded string as the canonical
# format for public keys and we should be handed a public key that was
# part of signup information created by us, don't bother decoding
# the public key.
if not \
signing.verify(
certificate.serialize(),
certificate.signature,
poet_public_key):
raise ValueError('Wait certificate signature does not match')
def deserialize_wait_timer(cls, serialized_timer, signature):
with cls._lock:
# Verify the signature before trying to deserialize
if not signing.verify(serialized_timer, signature,
cls._poet_public_key):
return None
return \
EnclaveWaitTimer.wait_timer_from_serialized(
serialized_timer=serialized_timer,
signature=signature)
def verify_wait_certificate(cls, certificate, poet_public_key):
# Since the signing module uses a hex-encoded string as the canonical
# format for public keys and we should be handed a public key that was
# part of signup information created by us, don't bother decoding
# the public key.
if not \
signing.verify(
certificate.serialize(),
certificate.signature,
poet_public_key):
raise ValueError('Wait certificate signature does not match')
def deserialize_wait_timer(cls, serialized_timer, signature):
with cls._lock:
# Verify the signature before trying to deserialize
if not signing.verify(
serialized_timer,
signature,
cls._poet_public_key):
return None
return \
EnclaveWaitTimer.wait_timer_from_serialized(
serialized_timer=serialized_timer,
signature=signature)
def validate_block(block):
# validate block signature
header = BlockHeader()
header.ParseFromString(block.header)
valid = signing.verify(block.header, block.header_signature,
header.signer_pubkey)
# validate all batches in block. These are not all batches in the
# batch_ids stored in the block header, only those sent with the block.
total = len(block.batches)
index = 0
while valid and index < total:
valid = validate_batch(block.batches[index])
index += 1
return valid
def is_valid_block(block):
# validate block signature
header = BlockHeader()
header.ParseFromString(block.header)
if not signing.verify(block.header, block.header_signature,
header.signer_public_key):
LOGGER.debug("block failed signature validation: %s",
block.header_signature)
return False
# validate all batches in block. These are not all batches in the
# batch_ids stored in the block header, only those sent with the block.
if not all(map(is_valid_batch, block.batches)):
return False
return True
def _verify_block_signature(self, blkw):
""" Verify a block is properly signed.
:param blkw: the block to verify
:return: Boolean - True on success.
"""
try:
return signing.verify(blkw.block.header,
blkw.block.header_signature,
blkw.header.signer_pubkey)
# To be on the safe side, assume any exception thrown
# during signature validation means the signature
# is invalid.
# pylint: disable=broad-except
except Exception:
return False
def is_valid_block(block):
# validate block signature
header = BlockHeader()
header.ParseFromString(block.header)
if not signing.verify(block.header,
block.header_signature,
header.signer_pubkey):
LOGGER.debug("block failed signature validation: %s",
block.header_signature)
return False
# validate all batches in block. These are not all batches in the
# batch_ids stored in the block header, only those sent with the block.
if not all(map(is_valid_batch, block.batches)):
return False
return True
def is_valid_transaction(txn):
# validate transactions signature
header = TransactionHeader()
header.ParseFromString(txn.header)
if not signing.verify(txn.header, txn.header_signature,
header.signer_public_key):
LOGGER.debug("transaction signature invalid for txn: %s",
txn.header_signature)
return False
# verify the payload field matches the header
txn_payload_sha512 = hashlib.sha512(txn.payload).hexdigest()
if txn_payload_sha512 != header.payload_sha512:
LOGGER.debug(
"payload doesn't match payload_sha512 of the header"
"for txn: %s", txn.header_signature)
return False
return True
def is_valid_transaction(txn):
# validate transactions signature
header = TransactionHeader()
header.ParseFromString(txn.header)
if not signing.verify(txn.header,
txn.header_signature,
header.signer_pubkey):
LOGGER.debug("transaction signature invalid for txn: %s",
txn.header_signature)
return False
# verify the payload field matches the header
txn_payload_sha512 = hashlib.sha512(txn.payload).hexdigest()
if txn_payload_sha512 != header.payload_sha512:
LOGGER.debug("payload doesn't match payload_sha512 of the header"
"for txn: %s", txn.header_signature)
return False
return True
def create_wait_certificate(cls, sealed_signup_data, wait_timer,
block_hash):
with cls._lock:
# Extract keys from the 'sealed' signup data
if sealed_signup_data is None:
raise ValueError('Sealed Signup Data is None')
signup_data = \
json2dict(
base64.b64decode(sealed_signup_data.encode()).decode())
poet_private_key = signup_data['poet_private_key']
poet_public_key = signup_data['poet_public_key']
if poet_private_key is None or poet_public_key is None:
raise \
ValueError(
'Invalid signup data. No poet key(s).')
# Several criteria need to be met before we can create a wait
# certificate:
# 1. This signup data was used to sign this timer.
# i.e. the key sealed / unsealed by the TEE signed this
# wait timer.
# 2. This timer has expired
# 3. This timer has not timed out
#
# In a TEE implementation we would check HW counter agreement.
# We can't usefully simulate a HW counter though.
# i.e. wait_timer.counter_value == signup_data.counter.value
#
# Note - we make a concession for the genesis block (i.e., a wait
# timer for which the previous certificate ID is the Null
# identifier) in that we don't require the timer to have expired
# and we don't worry about the timer having timed out.
if wait_timer is None or \
not signing.verify(
wait_timer.serialize(),
wait_timer.signature,
poet_public_key):
raise \
ValueError(
'Validator is not using the current wait timer')
is_not_genesis_block = \
(wait_timer.previous_certificate_id !=
NULL_BLOCK_IDENTIFIER)
now = time.time()
expire_time = \
wait_timer.request_time + \
wait_timer.duration
if is_not_genesis_block and now < expire_time:
raise \
ValueError(
'Cannot create wait certificate because timer has '
'not expired')
time_out_time = \
wait_timer.request_time + \
wait_timer.duration + \
TIMER_TIMEOUT_PERIOD
if is_not_genesis_block and time_out_time < now:
raise \
ValueError(
'Cannot create wait certificate because timer '
'has timed out')
# Create a random nonce for the certificate. For our "random"
# nonce we will take the timer signature, concat that with the
# current time, JSON-ize it and create a SHA-256 hash over it.
# Probably not considered random by security professional
# standards, but it is good enough for the simulator.
random_string = \
dict2json({
'wait_timer_signature': wait_timer.signature,
'now': datetime.datetime.utcnow().isoformat()
})
nonce = hashlib.sha256(random_string.encode()).hexdigest()
# First create a new enclave wait certificate using the data
# provided and then sign the certificate with the PoET private key
wait_certificate = \
EnclaveWaitCertificate.wait_certificate_with_wait_timer(
wait_timer=wait_timer,
nonce=nonce,
block_hash=block_hash)
wait_certificate.signature = \
signing.sign(
wait_certificate.serialize(),
poet_private_key)
# In a TEE implementation we would increment the HW counter here
# to prevent replay.
# We can't usefully simulate a HW counter though.
return wait_certificate
def handle(self, connection_id, message_content):
"""
When the validator receives an AuthorizationChallengeSubmit message, it
will verify the public key against the signature. If the public key is
verified, the requested roles will be checked against the stored roles
to see if the public key is included in the policy. If the node’s
response is accepted, the node’s public key will be stored and the
requester may start sending messages for the approved roles.
If the requester wanted a role that is either not available on the
endpoint, the requester does not have access to one of the roles
requested, or the previous message was not an
AuthorizationChallengeRequest, the challenge will be rejected and the
connection will be closed.
"""
if self._network.get_connection_status(connection_id) != \
ConnectionStatus.AUTH_CHALLENGE_REQUEST:
LOGGER.debug(
"Connection's previous message was not a"
" AuthorizationChallengeRequest, Remove connection to"
"%s", connection_id)
violation = AuthorizationViolation(
violation=RoleType.Value("NETWORK"))
return HandlerResult(
HandlerStatus.RETURN_AND_CLOSE,
message_out=violation,
message_type=validator_pb2.Message.AUTHORIZATION_VIOLATION)
auth_challenge_submit = AuthorizationChallengeSubmit()
auth_challenge_submit.ParseFromString(message_content)
if not signing.verify(auth_challenge_submit.payload,
auth_challenge_submit.signature,
auth_challenge_submit.public_key):
LOGGER.warning(
"Signature was not able to be verifed. Remove "
"connection to %s", connection_id)
violation = AuthorizationViolation(
violation=RoleType.Value("NETWORK"))
return HandlerResult(
HandlerStatus.RETURN_AND_CLOSE,
message_out=violation,
message_type=validator_pb2.Message.AUTHORIZATION_VIOLATION)
roles = self._network.roles
for role in auth_challenge_submit.roles:
if role == RoleType.Value("NETWORK") or role == \
RoleType.Value("ALL"):
permitted = False
if "network" in roles:
permitted = self._permission_verifier.check_network_role(
auth_challenge_submit.public_key)
if not permitted:
violation = AuthorizationViolation(
violation=RoleType.Value("NETWORK"))
return HandlerResult(HandlerStatus.RETURN_AND_CLOSE,
message_out=violation,
message_type=validator_pb2.Message.
AUTHORIZATION_VIOLATION)
self._network.update_connection_public_key(
connection_id, auth_challenge_submit.public_key)
if RoleType.Value("NETWORK") in auth_challenge_submit.roles:
# Need to send ConnectionRequest to authorize ourself with the
# connection if they initialized the connection
try:
is_outbound_connection = self._network.is_outbound_connection(
connection_id)
except KeyError:
# Connection has gone away, drop message
return HandlerResult(HandlerStatus.DROP)
if not is_outbound_connection:
self._network.send_connect_request(connection_id)
else:
# If this is an outbound connection, authorization is complete
# for both connections and peering/topology build out can
# begin.
self._gossip.connect_success(connection_id)
auth_challenge_result = AuthorizationChallengeResult(
roles=[RoleType.Value("NETWORK")])
LOGGER.debug("Connection: %s is approved", connection_id)
self._network.update_connection_status(connection_id,
ConnectionStatus.CONNECTED)
return HandlerResult(
HandlerStatus.RETURN,
message_out=auth_challenge_result,
message_type=validator_pb2.Message.AUTHORIZATION_CHALLENGE_RESULT)
