def test_secrets(secret_count) : global enclave_client global contract_id global contract_creator_id logger.info('test with secret count %d', secret_count) enclave_keys = enclave_client.enclave_keys secret_list = secret_helper.create_secret_list( secret_count, enclave_keys, contract_id, contract_creator_id) try : secretinfo = enclave_client.verify_secrets(contract_id, contract_creator_id, secret_list) assert secretinfo encrypted_state_encryption_key = secretinfo['encrypted_state_encryption_key'] signature = secretinfo['signature'] except : logger.exception('failed to create the state encryption key') ErrorShutdown() try : if not secrets.verify_state_encryption_key_signature( encrypted_state_encryption_key, secret_list, contract_id, contract_creator_id, signature, enclave_keys) : raise RuntimeError('signature verification failed') except : logger.exception('failed to verify the state encryption key') ErrorShutdown() logger.debug('encrypted state encryption key: %s', encrypted_state_encryption_key)
logger.info('test with secret count 0') logger.info('expected error: there must be at least one secret provided') # ----------------------------------------------------------------- try: secretinfo = enclave_client.verify_secrets(contract_id, contract_creator_id, []) logger.error('failed to catch empty secret list') ErrorShutdown() except : pass # ----------------------------------------------------------------- logger.info('test with invalid pspk') logger.info('expected error: count not deserialize public ECDSA key') # ----------------------------------------------------------------- try: secret_list = secret_helper.create_secret_list(3, enclave_keys, contract_id, contract_creator_id) secret_list[0]['pspk'] = '' secretinfo = enclave_client.verify_secrets(contract_id, contract_creator_id, secret_list) logger.error('failed to catch invalid secret list') ErrorShutdown() except : pass # ----------------------------------------------------------------- logger.info('test with duplicate pspk') logger.info('expected error: Multiple secrets from the same provisioning service') # ----------------------------------------------------------------- try: secret_list = secret_helper.create_secret_list(3, enclave_keys, contract_id, contract_creator_id) secret_list.append(secret_list[0])