def execute(self):
serialized_byte_array = crypto.string_to_byte_array(self.work_order)
encrypted_request = crypto.byte_array_to_base64(serialized_byte_array)
try:
encoded_encrypted_response = \
self.enclave_service.send_to_sgx_worker(encrypted_request)
assert encoded_encrypted_response
except Exception as err:
logger.exception('workorder request invocation failed: %s',
str(err))
raise
try:
decrypted_response = crypto.base64_to_byte_array(
encoded_encrypted_response)
response_string = crypto.byte_array_to_string(decrypted_response)
response_parsed = json.loads(response_string[0:-1])
except Exception as err:
logger.exception('workorder response is invalid: %s', str(err))
raise
return response_parsed
def generate_client_signature(
self, input_json_str, worker, private_key, session_key,
session_iv, encrypted_session_key, data_key=None, data_iv=None):
"""
Function to generate client signature
Parameters:
- input_json_str is requester Work Order Request payload in a
JSON-RPC based format defined 6.1.1 Work Order Request Payload
- worker is a worker object to store all the common details of
worker as per Trusted Compute EEA API 8.1
Common Data for All Worker Types
- private_key is Client private key
- session_key is one time session key generated by the participant
submitting the work order.
- session_iv is an initialization vector if required by the
data encryption algorithm (encryptedSessionKey).
The default is all zeros.
- data_key is a one time key generated by participant used to
encrypt work order indata
- data_iv is an initialization vector used along with data_key.
Default is all zeros.
- encrypted_session_key is a encrypted version of session_key.
Returns a tuple containing signature and status
"""
if (self.__payload_json_check(input_json_str) is False):
logger.error("ERROR: Signing the request failed")
return None
if (self.tcs_worker['HashingAlgorithm'] != worker.hashing_algorithm):
logger.error(
"ERROR: Signing the request failed. Hashing " +
"algorithm is not supported for %s", worker.hashing_algorithm)
return None
if (self.tcs_worker['SigningAlgorithm'] != worker.signing_algorithm):
logger.error(
"ERROR: Signing the request failed. Signing " +
"algorithm is not supported for %s", worker.signing_algorithm)
return None
input_json = json.loads(input_json_str)
input_json_params = input_json['params']
input_json_params["sessionKeyIv"] = byte_array_to_hex_str(session_iv)
encrypted_session_key_str = byte_array_to_hex_str(
encrypted_session_key)
self.__encrypt_workorder_indata(
input_json_params, session_key,
session_iv, worker.encryption_key, data_key, data_iv)
if input_json_params["requesterNonce"] and \
is_valid_hex_str(input_json_params["requesterNonce"]):
nonce = crypto.string_to_byte_array(
input_json_params["requesterNonce"])
else:
# [NO_OF_BYTES] 16 BYTES for nonce.
# This is the recommendation by NIST to
# avoid collisions by the "Birthday Paradox".
nonce = crypto.random_bit_string(NO_OF_BYTES)
request_nonce_hash = crypto.compute_message_hash(nonce)
nonce_hash = (crypto.byte_array_to_base64(request_nonce_hash)).encode(
'UTF-8')
hash_string_1 = self.__calculate_hash_on_concatenated_string(
input_json_params, nonce_hash)
data_objects = input_json_params['inData']
hash_string_2 = self.calculate_datahash(data_objects)
hash_string_3 = ""
if 'outData' in input_json_params:
data_objects = input_json_params['outData']
data_objects.sort(key=lambda x: x['index'])
hash_string_3 = self.calculate_datahash(data_objects)
concat_string = hash_string_1 + hash_string_2 + hash_string_3
concat_hash = bytes(concat_string, 'UTF-8')
final_hash = crypto.compute_message_hash(concat_hash)
encrypted_request_hash = crypto_utility.encrypt_data(
final_hash, session_key, session_iv)
encrypted_request_hash_str = \
byte_array_to_hex_str(encrypted_request_hash)
logger.debug("encrypted request hash: \n%s",
encrypted_request_hash_str)
# Update the input json params
input_json_params["encryptedRequestHash"] = encrypted_request_hash_str
status, signature = self.generate_signature(final_hash, private_key)
if status is False:
return SignatureStatus.FAILED
input_json_params['requesterSignature'] = signature
input_json_params["encryptedSessionKey"] = encrypted_session_key_str
# Temporary mechanism to share client's public key. Not a part of Spec
input_json_params['verifyingKey'] = self.public_key
input_json_params['requesterNonce'] = crypto.byte_array_to_base64(
request_nonce_hash)
input_json['params'] = input_json_params
input_json_str = json.dumps(input_json)
logger.info("Request Json successfully Signed")
return input_json_str, SignatureStatus.PASSED
def hashed_identity(self):
key_byte_array = crypto.string_to_byte_array(self.txn_public)
hashed_txn_key = crypto.compute_message_hash(key_byte_array)
encoded_hashed_key = crypto.byte_array_to_hex(hashed_txn_key)
encoded_hashed_key = encoded_hashed_key.lower()
return encoded_hashed_key