def from_rest_payload(cls, arrangement_id, rest_payload):
# TODO: Use JSON instead? This is a mess.
payload_splitter = BytestringSplitter(Signature) + key_splitter
signature, bob_pubkey_sig, remainder = payload_splitter(
rest_payload, msgpack_remainder=True)
receipt_bytes, *remainder = remainder
packed_capsules, packed_signatures, *remainder = remainder
alice_address, alice_address_signature = remainder
alice_address_signature = Signature.from_bytes(alice_address_signature)
if not alice_address_signature.verify(alice_address, bob_pubkey_sig):
raise cls.NotFromBob()
capsules, capsule_signatures = list(), list()
for capsule_bytes, capsule_signature in zip(
msgpack.loads(packed_capsules),
msgpack.loads(packed_signatures)):
capsules.append(
Capsule.from_bytes(capsule_bytes, params=default_params()))
capsule_signature = Signature.from_bytes(capsule_signature)
capsule_signatures.append(capsule_signature)
if not capsule_signature.verify(capsule_bytes, bob_pubkey_sig):
raise cls.NotFromBob()
verified = signature.verify(receipt_bytes, bob_pubkey_sig)
if not verified:
raise cls.NotFromBob()
bob = Bob.from_public_keys({SigningPower: bob_pubkey_sig})
return cls(bob, arrangement_id, capsules, capsule_signatures,
alice_address, alice_address_signature, receipt_bytes,
signature)
def test_split_two_signatures():
"""
We make two random Signatures and concat them. Then split them and show that we got the proper result.
"""
sig1 = Signature.from_bytes(secure_random(64))
sig2 = Signature.from_bytes(secure_random(64))
sigs_concatted = sig1 + sig2
two_signature_splitter = BytestringSplitter(Signature, Signature)
rebuilt_sig1, rebuilt_sig2 = two_signature_splitter(sigs_concatted)
assert (sig1, sig2) == (rebuilt_sig1, rebuilt_sig2)
def test_signature_rs_serialization():
privkey = UmbralPrivateKey.gen_key()
message = b"peace at dawn"
der_sig_bytes = ecdsa_sign(message, privkey)
signature_from_der = Signature.from_bytes(der_sig_bytes, der_encoded=True)
rs_sig_bytes = bytes(signature_from_der)
assert len(rs_sig_bytes) == 64
signature_from_rs = Signature.from_bytes(rs_sig_bytes, der_encoded=False)
assert signature_from_rs == signature_from_der
assert signature_from_rs == der_sig_bytes
assert signature_from_rs.verify(message, privkey.get_pubkey())
def test_split_signature_from_arbitrary_bytes():
how_many_bytes = 10
signature = Signature.from_bytes(secure_random(64))
some_bytes = secure_random(how_many_bytes)
splitter = BytestringSplitter(Signature, (bytes, how_many_bytes))
rebuilt_signature, rebuilt_bytes = splitter(signature + some_bytes)
def test_signature_can_verify():
privkey = UmbralPrivateKey.gen_key()
message = b"peace at dawn"
der_sig_bytes = ecdsa_sign(message, privkey)
assert verify_ecdsa(message, der_sig_bytes, privkey.get_pubkey())
signature = Signature.from_bytes(der_sig_bytes, der_encoded=True)
assert signature.verify(message, privkey.get_pubkey())
def complete(self, cfrags_and_signatures):
good_cfrags = []
if not len(self) == len(cfrags_and_signatures):
raise ValueError("Ursula gave back the wrong number of cfrags. "
"She's up to something.")
ursula_verifying_key = self.ursula.stamp.as_umbral_pubkey()
for task, (cfrag, cfrag_signature) in zip(self.tasks, cfrags_and_signatures):
# Validate re-encryption metadata
metadata_input = bytes(task.signature)
metadata_as_signature = Signature.from_bytes(cfrag.proof.metadata)
if not metadata_as_signature.verify(metadata_input, ursula_verifying_key):
raise InvalidSignature(f"Invalid metadata for {cfrag}.")
# TODO: Instead of raising, we should do something (#957)
# Validate re-encryption signatures
if cfrag_signature.verify(bytes(cfrag), ursula_verifying_key):
good_cfrags.append(cfrag)
else:
raise InvalidSignature(f"{cfrag} is not properly signed by Ursula.")
# TODO: Instead of raising, we should do something (#957)
for task, (cfrag, cfrag_signature) in zip(self.tasks, cfrags_and_signatures):
task.attach_work_result(cfrag, cfrag_signature)
self.completed = maya.now()
return good_cfrags
def complete(self, cfrags_and_signatures):
good_cfrags = []
if not len(self) == len(cfrags_and_signatures):
raise ValueError("Ursula gave back the wrong number of cfrags. "
"She's up to something.")
alice_address_signature = bytes(self.alice_address_signature)
ursula_verifying_key = self.ursula.stamp.as_umbral_pubkey()
for counter, capsule in enumerate(self.capsules):
cfrag, signature = cfrags_and_signatures[counter]
# Validate CFrag metadata
capsule_signature = bytes(self.capsule_signatures[counter])
metadata_input = capsule_signature + alice_address_signature
metadata_as_signature = Signature.from_bytes(cfrag.proof.metadata)
if not metadata_as_signature.verify(metadata_input,
ursula_verifying_key):
raise InvalidSignature(
"Invalid metadata for {}.".format(cfrag))
# Validate work order response signatures
if signature.verify(
bytes(cfrag) + bytes(capsule), ursula_verifying_key):
good_cfrags.append(cfrag)
else:
raise InvalidSignature(
"{} is not properly signed by Ursula.".format(cfrag))
else:
self.completed = maya.now()
return good_cfrags
def test_trying_to_extract_too_many_bytes_raises_typeerror():
how_many_bytes = 10
too_many_bytes = 11
signature = Signature.from_bytes(secure_random(64))
some_bytes = secure_random(how_many_bytes)
splitter = BytestringSplitter(Signature, (bytes, too_many_bytes))
with pytest.raises(ValueError):
rebuilt_signature, rebuilt_bytes = splitter(signature + some_bytes, return_remainder=True)
def from_rest_payload(cls, arrangement_id, rest_payload):
payload_splitter = BytestringSplitter(Signature) + key_splitter
signature, bob_pubkey_sig, \
(receipt_bytes, packed_capsules, packed_signatures) = payload_splitter(rest_payload,
msgpack_remainder=True)
capsules, capsule_signatures = list(), list()
for capsule_bytes, signed_capsule in zip(msgpack.loads(packed_capsules), msgpack.loads(packed_signatures)):
capsules.append(Capsule.from_bytes(capsule_bytes, params=default_params()))
signed_capsule = Signature.from_bytes(signed_capsule)
capsule_signatures.append(signed_capsule)
if not signed_capsule.verify(capsule_bytes, bob_pubkey_sig):
raise ValueError("This doesn't appear to be from Bob.")
verified = signature.verify(receipt_bytes, bob_pubkey_sig)
if not verified:
raise ValueError("This doesn't appear to be from Bob.")
bob = Bob.from_public_keys({SigningPower: bob_pubkey_sig})
return cls(bob, arrangement_id, capsules, capsule_signatures, receipt_bytes, signature)
