def from_rest_payload(cls, arrangement_id, rest_payload): # TODO: Use JSON instead? This is a mess. payload_splitter = BytestringSplitter(Signature) + key_splitter signature, bob_pubkey_sig, remainder = payload_splitter( rest_payload, msgpack_remainder=True) receipt_bytes, *remainder = remainder packed_capsules, packed_signatures, *remainder = remainder alice_address, alice_address_signature = remainder alice_address_signature = Signature.from_bytes(alice_address_signature) if not alice_address_signature.verify(alice_address, bob_pubkey_sig): raise cls.NotFromBob() capsules, capsule_signatures = list(), list() for capsule_bytes, capsule_signature in zip( msgpack.loads(packed_capsules), msgpack.loads(packed_signatures)): capsules.append( Capsule.from_bytes(capsule_bytes, params=default_params())) capsule_signature = Signature.from_bytes(capsule_signature) capsule_signatures.append(capsule_signature) if not capsule_signature.verify(capsule_bytes, bob_pubkey_sig): raise cls.NotFromBob() verified = signature.verify(receipt_bytes, bob_pubkey_sig) if not verified: raise cls.NotFromBob() bob = Bob.from_public_keys({SigningPower: bob_pubkey_sig}) return cls(bob, arrangement_id, capsules, capsule_signatures, alice_address, alice_address_signature, receipt_bytes, signature)
def test_split_two_signatures(): """ We make two random Signatures and concat them. Then split them and show that we got the proper result. """ sig1 = Signature.from_bytes(secure_random(64)) sig2 = Signature.from_bytes(secure_random(64)) sigs_concatted = sig1 + sig2 two_signature_splitter = BytestringSplitter(Signature, Signature) rebuilt_sig1, rebuilt_sig2 = two_signature_splitter(sigs_concatted) assert (sig1, sig2) == (rebuilt_sig1, rebuilt_sig2)
def test_signature_rs_serialization(): privkey = UmbralPrivateKey.gen_key() message = b"peace at dawn" der_sig_bytes = ecdsa_sign(message, privkey) signature_from_der = Signature.from_bytes(der_sig_bytes, der_encoded=True) rs_sig_bytes = bytes(signature_from_der) assert len(rs_sig_bytes) == 64 signature_from_rs = Signature.from_bytes(rs_sig_bytes, der_encoded=False) assert signature_from_rs == signature_from_der assert signature_from_rs == der_sig_bytes assert signature_from_rs.verify(message, privkey.get_pubkey())
def test_split_signature_from_arbitrary_bytes(): how_many_bytes = 10 signature = Signature.from_bytes(secure_random(64)) some_bytes = secure_random(how_many_bytes) splitter = BytestringSplitter(Signature, (bytes, how_many_bytes)) rebuilt_signature, rebuilt_bytes = splitter(signature + some_bytes)
def test_signature_can_verify(): privkey = UmbralPrivateKey.gen_key() message = b"peace at dawn" der_sig_bytes = ecdsa_sign(message, privkey) assert verify_ecdsa(message, der_sig_bytes, privkey.get_pubkey()) signature = Signature.from_bytes(der_sig_bytes, der_encoded=True) assert signature.verify(message, privkey.get_pubkey())
def complete(self, cfrags_and_signatures): good_cfrags = [] if not len(self) == len(cfrags_and_signatures): raise ValueError("Ursula gave back the wrong number of cfrags. " "She's up to something.") ursula_verifying_key = self.ursula.stamp.as_umbral_pubkey() for task, (cfrag, cfrag_signature) in zip(self.tasks, cfrags_and_signatures): # Validate re-encryption metadata metadata_input = bytes(task.signature) metadata_as_signature = Signature.from_bytes(cfrag.proof.metadata) if not metadata_as_signature.verify(metadata_input, ursula_verifying_key): raise InvalidSignature(f"Invalid metadata for {cfrag}.") # TODO: Instead of raising, we should do something (#957) # Validate re-encryption signatures if cfrag_signature.verify(bytes(cfrag), ursula_verifying_key): good_cfrags.append(cfrag) else: raise InvalidSignature(f"{cfrag} is not properly signed by Ursula.") # TODO: Instead of raising, we should do something (#957) for task, (cfrag, cfrag_signature) in zip(self.tasks, cfrags_and_signatures): task.attach_work_result(cfrag, cfrag_signature) self.completed = maya.now() return good_cfrags
def complete(self, cfrags_and_signatures): good_cfrags = [] if not len(self) == len(cfrags_and_signatures): raise ValueError("Ursula gave back the wrong number of cfrags. " "She's up to something.") alice_address_signature = bytes(self.alice_address_signature) ursula_verifying_key = self.ursula.stamp.as_umbral_pubkey() for counter, capsule in enumerate(self.capsules): cfrag, signature = cfrags_and_signatures[counter] # Validate CFrag metadata capsule_signature = bytes(self.capsule_signatures[counter]) metadata_input = capsule_signature + alice_address_signature metadata_as_signature = Signature.from_bytes(cfrag.proof.metadata) if not metadata_as_signature.verify(metadata_input, ursula_verifying_key): raise InvalidSignature( "Invalid metadata for {}.".format(cfrag)) # Validate work order response signatures if signature.verify( bytes(cfrag) + bytes(capsule), ursula_verifying_key): good_cfrags.append(cfrag) else: raise InvalidSignature( "{} is not properly signed by Ursula.".format(cfrag)) else: self.completed = maya.now() return good_cfrags
def test_trying_to_extract_too_many_bytes_raises_typeerror(): how_many_bytes = 10 too_many_bytes = 11 signature = Signature.from_bytes(secure_random(64)) some_bytes = secure_random(how_many_bytes) splitter = BytestringSplitter(Signature, (bytes, too_many_bytes)) with pytest.raises(ValueError): rebuilt_signature, rebuilt_bytes = splitter(signature + some_bytes, return_remainder=True)
def from_rest_payload(cls, arrangement_id, rest_payload): payload_splitter = BytestringSplitter(Signature) + key_splitter signature, bob_pubkey_sig, \ (receipt_bytes, packed_capsules, packed_signatures) = payload_splitter(rest_payload, msgpack_remainder=True) capsules, capsule_signatures = list(), list() for capsule_bytes, signed_capsule in zip(msgpack.loads(packed_capsules), msgpack.loads(packed_signatures)): capsules.append(Capsule.from_bytes(capsule_bytes, params=default_params())) signed_capsule = Signature.from_bytes(signed_capsule) capsule_signatures.append(signed_capsule) if not signed_capsule.verify(capsule_bytes, bob_pubkey_sig): raise ValueError("This doesn't appear to be from Bob.") verified = signature.verify(receipt_bytes, bob_pubkey_sig) if not verified: raise ValueError("This doesn't appear to be from Bob.") bob = Bob.from_public_keys({SigningPower: bob_pubkey_sig}) return cls(bob, arrangement_id, capsules, capsule_signatures, receipt_bytes, signature)