def evaluate(self) : """ evaluate the request using the enclave service """ encrypted_session_key = self.__encrypt_session_key() # Encrypt the request serialized_byte_array = crypto.string_to_byte_array(self.__serialize_for_encryption()) encrypted_request_raw = crypto.SKENC_EncryptMessage(self.session_key, serialized_byte_array) encrypted_request = crypto.byte_array_to_base64(encrypted_request_raw) try : self.contract_state.push_state_to_eservice(self.enclave_service) encoded_encrypted_response = self.enclave_service.send_to_contract(encrypted_session_key, encrypted_request) logger.debug("raw response from enclave: %s", encoded_encrypted_response) except Exception as e: logger.warn('contract invocation failed; %s', str(e)) raise InvocationException('contract invocation failed') from e try : decrypted_response = self.__decrypt_response(encoded_encrypted_response) response_string = crypto.byte_array_to_string(decrypted_response) response_parsed = json.loads(response_string[0:-1]) logger.debug("parsed response: %s", response_parsed) contract_response = ContractResponse(self, response_parsed) except Exception as e: logger.warn('contract response is invalid; %s', str(e)) raise InvocationException('contract response is invalid') from e return contract_response
def evaluate(self): encrypted_session_key = self.__encrypt_session_key() # Encrypt the request serialized_byte_array = crypto.string_to_byte_array( self.__serialize_for_encryption()) encrypted_request_raw = crypto.SKENC_EncryptMessage( self.session_key, serialized_byte_array) encrypted_request = crypto.byte_array_to_base64(encrypted_request_raw) try: # Check and conditionally put the encrypted state into the block store if it is non-empty state_hash_b64 = self.contract_state.getStateHash(encoding='b64') if state_hash_b64: block_store_len = self.enclave_service.block_store_head( state_hash_b64) if block_store_len <= 0: # This block wasn't present in the block store of this enclave service - need to send it logger.debug( "Block store did not contain block '%s' - sending it", state_hash_b64) ret = self.enclave_service.block_store_put( state_hash_b64, self.contract_state.encrypted_state) if ret != True: logger.exception("block_store_put failed for key %s", state_hash_b64) raise encoded_encrypted_response = self.enclave_service.send_to_contract( encrypted_session_key, encrypted_request) if encoded_encrypted_response == None: logger.exception( "send_to_contract failed but no exception was thrown") raise logger.debug("raw response from enclave: %s", encoded_encrypted_response) except: logger.exception('contract invocation failed') raise try: decrypted_response = self.__decrypt_response( encoded_encrypted_response) response_string = crypto.byte_array_to_string(decrypted_response) response_parsed = json.loads(response_string[0:-1]) logger.debug("parsed response: %s", response_parsed) contract_response = ContractResponse(self, response_parsed) except Exception as e: logger.exception('contract response is invalid: ' + str(e)) raise return contract_response
def evaluate(self) : """ evaluate the request using the enclave service """ assert self.operation == 'update' # Encrypt the request serialized_byte_array = crypto.string_to_byte_array(self.__serialize_for_encryption()) encrypted_request = bytes(crypto.SKENC_EncryptMessage(self.session_key, serialized_byte_array)) encrypted_key = bytes(self.enclave_keys.encrypt(self.session_key)) try : self.contract_state.push_state_to_eservice(self.enclave_service) encrypted_response = self.enclave_service.send_to_contract(encrypted_key, encrypted_request) except Exception as e: logger.warn('contract invocation failed; %s', str(e)) raise InvocationException('contract invocation failed') from e try : decrypted_response = crypto.SKENC_DecryptMessage(self.session_key, encrypted_response) except Exception as e: logger.exception('failed to decrypt response; %s', encrypted_response) raise InvocationException('contract response cannot be decrypted') try : response_string = crypto.byte_array_to_string(decrypted_response) response_parsed = json.loads(response_string[0:-1]) logger.debug("parsed response: %s", response_parsed) except Exception as e: logger.exception('contract response is invalid; %s', str(e)) raise InvocationException('failed to parse contract response') from e # if response_parsed['Status'] is False : # raise InvocationException(response_parsed['InvocationResponse']) try : if response_parsed['Status'] and response_parsed['StateChanged'] : contract_response = UpdateStateResponse(self, response_parsed) else : contract_response = ContractResponse(self, response_parsed) except Exception as e: logger.exception('contract response is invalid; %s', str(e)) raise InvocationException('contract response is invalid') from e return contract_response
def save(self, config, password): """serialize the profile, encrypt it and write it to disk """ serialized_profile = self.serialize() skenc_key = Profile.__encryption_key__(password) encrypted_profile = crypto.SKENC_EncryptMessage( skenc_key, serialized_profile) encrypted_profile = bytes(encrypted_profile) profile_file = Profile.__profile_file_name__(config, self.name) profile_dir = os.path.dirname(profile_file) if not os.path.isdir(profile_dir): os.makedirs(profile_dir) with open(profile_file, "wb") as pf: pf.write(encrypted_profile) logger.info('profile saved to %s', profile_file)
#TEST AES-GCM try: iv = crypto.SKENC_GenerateIV() except Exception as exc: logger.error("ERROR: Symmetric encryption iv generation test failed: ", exc) sys.exit(-1) try: key = crypto.SKENC_GenerateKey() except Exception as exc: logger.error("ERROR: Symmetric encryption key generation test failed: ", exc) sys.exit(-1) try: crypto.SKENC_EncryptMessage(iv, None, msg) logger.error( "ERROR: Symmetric encryption invalid key detection test failed: not detected." ) sys.exit(-1) except Exception as exc: if (type(exc) == ValueError): logger.debug( "Symmetric encryption invalid key detection test successful!") else: logger.error( "ERROR: Symmetric encryption invalid key detection test failed: ", exc) sys.exit(-1) try: crypto.SKENC_EncryptMessage(None, key, msg)
def __encrypt_request(self): serialized_byte_array = crypto.string_to_byte_array( self.__serialize_for_encryption()) encrypted_request = crypto.SKENC_EncryptMessage( self.session_key, self.session_iv, serialized_byte_array) return crypto.byte_array_to_base64(encrypted_request)