Exemple #1
0
    def evaluate(self) :
        """
        evaluate the request using the enclave service
        """
        encrypted_session_key = self.__encrypt_session_key()

        # Encrypt the request
        serialized_byte_array = crypto.string_to_byte_array(self.__serialize_for_encryption())
        encrypted_request_raw = crypto.SKENC_EncryptMessage(self.session_key, serialized_byte_array)
        encrypted_request = crypto.byte_array_to_base64(encrypted_request_raw)

        try :
            self.contract_state.push_state_to_eservice(self.enclave_service)

            encoded_encrypted_response = self.enclave_service.send_to_contract(encrypted_session_key, encrypted_request)
            logger.debug("raw response from enclave: %s", encoded_encrypted_response)

        except Exception as e:
            logger.warn('contract invocation failed; %s', str(e))
            raise InvocationException('contract invocation failed') from e

        try :
            decrypted_response = self.__decrypt_response(encoded_encrypted_response)
            response_string = crypto.byte_array_to_string(decrypted_response)
            response_parsed = json.loads(response_string[0:-1])

            logger.debug("parsed response: %s", response_parsed)

            contract_response = ContractResponse(self, response_parsed)
        except Exception as e:
            logger.warn('contract response is invalid; %s', str(e))
            raise InvocationException('contract response is invalid') from e

        return contract_response
Exemple #2
0
    def evaluate(self):
        encrypted_session_key = self.__encrypt_session_key()

        # Encrypt the request
        serialized_byte_array = crypto.string_to_byte_array(
            self.__serialize_for_encryption())
        encrypted_request_raw = crypto.SKENC_EncryptMessage(
            self.session_key, serialized_byte_array)
        encrypted_request = crypto.byte_array_to_base64(encrypted_request_raw)

        try:
            # Check and conditionally put the encrypted state into the block store if it is non-empty
            state_hash_b64 = self.contract_state.getStateHash(encoding='b64')
            if state_hash_b64:
                block_store_len = self.enclave_service.block_store_head(
                    state_hash_b64)
                if block_store_len <= 0:
                    # This block wasn't present in the block store of this enclave service - need to send it
                    logger.debug(
                        "Block store did not contain block '%s' - sending it",
                        state_hash_b64)

                    ret = self.enclave_service.block_store_put(
                        state_hash_b64, self.contract_state.encrypted_state)
                    if ret != True:
                        logger.exception("block_store_put failed for key %s",
                                         state_hash_b64)
                        raise

            encoded_encrypted_response = self.enclave_service.send_to_contract(
                encrypted_session_key, encrypted_request)
            if encoded_encrypted_response == None:
                logger.exception(
                    "send_to_contract failed but no exception was thrown")
                raise

            logger.debug("raw response from enclave: %s",
                         encoded_encrypted_response)
        except:
            logger.exception('contract invocation failed')
            raise

        try:
            decrypted_response = self.__decrypt_response(
                encoded_encrypted_response)
            response_string = crypto.byte_array_to_string(decrypted_response)
            response_parsed = json.loads(response_string[0:-1])

            logger.debug("parsed response: %s", response_parsed)

            contract_response = ContractResponse(self, response_parsed)
        except Exception as e:
            logger.exception('contract response is invalid: ' + str(e))
            raise

        return contract_response
    def evaluate(self) :
        """
        evaluate the request using the enclave service
        """

        assert self.operation == 'update'

        # Encrypt the request
        serialized_byte_array = crypto.string_to_byte_array(self.__serialize_for_encryption())
        encrypted_request = bytes(crypto.SKENC_EncryptMessage(self.session_key, serialized_byte_array))
        encrypted_key = bytes(self.enclave_keys.encrypt(self.session_key))

        try :
            self.contract_state.push_state_to_eservice(self.enclave_service)
            encrypted_response = self.enclave_service.send_to_contract(encrypted_key, encrypted_request)

        except Exception as e:
            logger.warn('contract invocation failed; %s', str(e))
            raise InvocationException('contract invocation failed') from e

        try :
            decrypted_response = crypto.SKENC_DecryptMessage(self.session_key, encrypted_response)
        except Exception as e:
            logger.exception('failed to decrypt response; %s', encrypted_response)
            raise InvocationException('contract response cannot be decrypted')

        try :
            response_string = crypto.byte_array_to_string(decrypted_response)
            response_parsed = json.loads(response_string[0:-1])

            logger.debug("parsed response: %s", response_parsed)

        except Exception as e:
            logger.exception('contract response is invalid; %s', str(e))
            raise InvocationException('failed to parse contract response') from e

        # if response_parsed['Status'] is False :
        #   raise InvocationException(response_parsed['InvocationResponse'])

        try :
            if response_parsed['Status'] and response_parsed['StateChanged'] :
                contract_response = UpdateStateResponse(self, response_parsed)
            else :
                contract_response = ContractResponse(self, response_parsed)
        except Exception as e:
            logger.exception('contract response is invalid; %s', str(e))
            raise InvocationException('contract response is invalid') from e

        return contract_response
Exemple #4
0
    def save(self, config, password):
        """serialize the profile, encrypt it and write it to disk
        """
        serialized_profile = self.serialize()
        skenc_key = Profile.__encryption_key__(password)

        encrypted_profile = crypto.SKENC_EncryptMessage(
            skenc_key, serialized_profile)
        encrypted_profile = bytes(encrypted_profile)

        profile_file = Profile.__profile_file_name__(config, self.name)
        profile_dir = os.path.dirname(profile_file)
        if not os.path.isdir(profile_dir):
            os.makedirs(profile_dir)

        with open(profile_file, "wb") as pf:
            pf.write(encrypted_profile)

        logger.info('profile saved to %s', profile_file)
#TEST AES-GCM
try:
    iv = crypto.SKENC_GenerateIV()
except Exception as exc:
    logger.error("ERROR: Symmetric encryption iv generation test failed: ",
                 exc)
    sys.exit(-1)
try:
    key = crypto.SKENC_GenerateKey()
except Exception as exc:
    logger.error("ERROR: Symmetric encryption key generation test failed: ",
                 exc)
    sys.exit(-1)

try:
    crypto.SKENC_EncryptMessage(iv, None, msg)
    logger.error(
        "ERROR: Symmetric encryption invalid key detection test failed: not detected."
    )
    sys.exit(-1)
except Exception as exc:
    if (type(exc) == ValueError):
        logger.debug(
            "Symmetric encryption invalid key detection test successful!")
    else:
        logger.error(
            "ERROR: Symmetric encryption invalid key detection test failed: ",
            exc)
        sys.exit(-1)
try:
    crypto.SKENC_EncryptMessage(None, key, msg)
Exemple #6
0
 def __encrypt_request(self):
     serialized_byte_array = crypto.string_to_byte_array(
         self.__serialize_for_encryption())
     encrypted_request = crypto.SKENC_EncryptMessage(
         self.session_key, self.session_iv, serialized_byte_array)
     return crypto.byte_array_to_base64(encrypted_request)