def execute(self):
serialized_byte_array = crypto.string_to_byte_array(self.work_order)
encrypted_request = crypto.byte_array_to_base64(serialized_byte_array)
logger.info(
"------------------------sgx_work_order_request1------------------------------------"
)
try:
encoded_encrypted_response = self.enclave.HandleWorkOrderRequest(
encrypted_request, self.ext_data)
logger.info(
"------------------------sgx_work_order_request2------------------------------------"
)
assert encoded_encrypted_response
except Exception as err:
logger.info(
"------------------------sgx_work_order_request3------------------------------------"
)
logger.exception('workorder request invocation failed: %s',
str(err))
raise
logger.info(
"------------------------sgx_work_order_request4------------------------------------"
)
try:
decrypted_response = crypto.base64_to_byte_array(
encoded_encrypted_response)
response_string = crypto.byte_array_to_string(decrypted_response)
response_parsed = json.loads(response_string[0:-1])
except Exception as err:
logger.exception('workorder response is invalid: %s', str(err))
raise
return response_parsed
def verify_encryption_key_signature(
self, encryption_key_signature, encryption_key, verifying_key):
"""
Utils function to verify integrity of worker encryption key using
worker verification key
@params encryption_key_signature - Signature computed on hash
of encryption key
@params encryption_key - Public encryption key of the worker
@params verifying_key - Public signing key or verification key
of the worker
returns SignatureStatus.PASSED in case of successful verification
SignatureStatus.FAILED in case of verification failure
"""
_verification_key = VerifyingKey.from_pem(verifying_key)
encrypt_key_sig_bytes = hex_to_byte_array(encryption_key_signature)
encrypt_key_bytes = crypto_utility.string_to_byte_array(encryption_key)
encryption_key_hash = crypto_utility.compute_message_hash(
encrypt_key_bytes)
sig_result = _verification_key.verify_digest(
bytes(encrypt_key_sig_bytes),
bytes(encryption_key_hash),
sigdecode=sigdecode_der)
if sig_result:
return SignatureStatus.PASSED
return SignatureStatus.FAILED
def test_verify_encryption_key_signature():
enc_key_sig_byte = crypto_utility.string_to_byte_array(worker_enc_key)
enc_key_hash = crypto_utility.compute_message_hash(enc_key_sig_byte)
try:
# sign encryption key
status, enc_key_signature = \
sig_obj.generate_signature(enc_key_hash, worker_signing_key)
enc_key_signature = \
crypto_utility.base64_to_byte_array(enc_key_signature)
enc_key_signature_hex = \
crypto_utility.byte_array_to_hex(enc_key_signature)
status = sig_obj.verify_encryption_key_signature(
enc_key_signature_hex, worker_enc_key, worker_verifying_key)
if status == SignatureStatus.PASSED:
logging.info("PASSED: verify_encryption_key_signature")
return 0
else:
logging.info("FAILED: verify_encryption_key_signature")
return 1
except Exception as err:
logging.info("FAILED: verify_encryption_key_signature")
return 1
def verify_encryption_key_signature(self, encryption_key_signature,
encryption_key, verifying_key):
"""
Utils function to verify integrity of worker encryption key using
worker verification key
@params encryption_key_signature - Signature computed on hash
of encryption key
@params encryption_key - Public encryption key of the worker
@params verifying_key - Public signing key or verification key
of the worker
returns SignatureStatus.PASSED in case of successful verification
SignatureStatus.FAILED in case of verification failure
"""
encrypt_key_sig_bytes = hex_to_byte_array(encryption_key_signature)
encrypt_key_bytes = crypto_utility.string_to_byte_array(encryption_key)
encryption_key_hash = worker_hash.WorkerHash().compute_message_hash(
encrypt_key_bytes)
return self.verify_signature_from_pubkey(encrypt_key_sig_bytes,
encryption_key_hash,
verifying_key)