def compute_pdo_ccl_signature(private_key, enclave_id, enclave_signature, channel_id, contract_id, creator_public_key_pem, contract_code_hash, message_hash, current_state_hash, previous_state_hash, dependency_list): k = crypto.SIG_PrivateKey(private_key) message_byte_array = crypto.string_to_byte_array(enclave_id) message_byte_array += crypto.base64_to_byte_array(enclave_signature) message_byte_array += crypto.string_to_byte_array(channel_id) message_byte_array += crypto.string_to_byte_array(contract_id) message_byte_array += crypto.string_to_byte_array(creator_public_key_pem) message_byte_array += crypto.base64_to_byte_array(contract_code_hash) message_byte_array += crypto.base64_to_byte_array(message_hash) message_byte_array += crypto.base64_to_byte_array(current_state_hash) #in ccl initialize, previous state hash and dependencies are supposed to be empty if previous_state_hash: message_byte_array += crypto.base64_to_byte_array(previous_state_hash) for d in dependency_list: message_byte_array += crypto.string_to_byte_array(d.contract_id) message_byte_array += crypto.string_to_byte_array(d.state_hash) signature = k.SignMessage(message_byte_array) encoded_signature = crypto.byte_array_to_base64(signature) logger.debug("signed message string: " + crypto.byte_array_to_base64(message_byte_array)) logger.debug("signed message hash: " + crypto.byte_array_to_hex( crypto.compute_message_hash(message_byte_array))) logger.debug("signature: %s", encoded_signature) return encoded_signature
def LocalMain(config): try: key_config = config.get('Key', {}) keyfile = putils.find_file_in_path(key_config['FileName'], key_config['SearchPath']) logger.debug('read key from %s', keyfile) with open(keyfile, "r") as f: config['SigningKeyPrivate'] = f.read() except FileNotFoundError as e: logger.warning('Unable to locate signing key file') sys.exit(-1) try: data_config = config.get('ProvisioningData', {}) config["SecretsFilePath"] = GetSecretsFilePath(data_config) except Exception as e: logger.warning( 'Unable to locate or create provisioning secrets data file') sys.exit(-1) signing_key = pcrypto.SIG_PrivateKey() signing_key.Deserialize(config['SigningKeyPrivate']) config['SigningKeyPublic'] = signing_key.GetPublicKey().Serialize() RunProvisioningService(config)
def compute_pdo_add_enclave_signature(signing_key, verifying_key, contract_id, enclave_info_json_string): signer = keys.ServiceKeys(crypto.SIG_PrivateKey(signing_key)) message = verifying_key + contract_id message+= enclave_info_json_string return signer.sign(message, encoding='raw')
def compute_pdo_update_contract_state_signature(signing_key, verifying_key, contract_enclave_id, contract_enclave_signature, \ state_update_info_string): signer = keys.ServiceKeys(crypto.SIG_PrivateKey(signing_key)) message = crypto.string_to_byte_array(verifying_key + contract_enclave_id) message += contract_enclave_signature message += crypto.string_to_byte_array(state_update_info_string) return signer.sign(message, encoding='raw')
def compute_pdo_signature_contract_registration(signing_key, verifying_key, contract_code_hash, \ provisioning_service_ids_array, nonce): signer = keys.ServiceKeys(crypto.SIG_PrivateKey(signing_key)) message = crypto.string_to_byte_array(verifying_key) + contract_code_hash for s in provisioning_service_ids_array: message += crypto.string_to_byte_array(s) message += crypto.string_to_byte_array(nonce) return signer.sign(message, encoding='raw')
def compute_pdo_signature(private_key, tx_signer_public_key, contract_code_hash, provisioning_service_ids_array): k = crypto.SIG_PrivateKey(private_key) message = tx_signer_public_key + contract_code_hash for s in provisioning_service_ids_array: message += s message_byte_array = bytes(message, 'ascii') signature = k.SignMessage(message_byte_array) encoded_signature = crypto.byte_array_to_base64(signature) logger.debug("signed message string:" + message) logger.debug("signature: %s", encoded_signature) return encoded_signature
def deserialize(self, serialized_profile): """deserialize the profile """ try: serialized_profile = serialized_profile.decode('utf-8') except AttributeError: pass profile_data = json.loads(serialized_profile) pem_encoded_signing_key = profile_data.get('signing_key') self.keys = ServiceKeys(crypto.SIG_PrivateKey(pem_encoded_signing_key))
def __init__(self, config): self.__registry_helper = PdoRegistryHelper( config['Sawtooth']['LedgerURL']) self.SigningKey = pcrypto.SIG_PrivateKey(config['SigningKeyPrivate']) self.PSPK = pcrypto.SIG_PublicKey(config['SigningKeyPublic']) self.secrets_file_path = config['SecretsFilePath'] self.RequestMap = { 'secretRequest': self._secretreq, 'dataRequest': self._datareq, }
def compute_pdo_add_enclave_signature(private_key, tx_signer_public_key, contract_id, enclave_info_quintuples_array): k = crypto.SIG_PrivateKey(private_key) #concatenate tx signer and contract id message = tx_signer_public_key + contract_id for s in enclave_info_quintuples_array: for t in s['provisioning_key_state_secret_pairs']: #concatenate each ps public key and signed secret message += t['pspk'] message += t['encrypted_secret'] #concatenate encrypted state encryption key message += s['encrypted_state_encryption_key'] #contatenate enclave's signature message += s['signature'] message_byte_array = bytes(message, 'ascii') signature = k.SignMessage(message_byte_array) encoded_signature = crypto.byte_array_to_base64(signature) logger.debug("signed message string:" + message) logger.debug("signature: %s", encoded_signature) return encoded_signature
def create_service_keys(cls): signing_key = crypto.SIG_PrivateKey() return cls(signing_key)
def read_from_file(cls, file_name, search_path=['.', './keys']): full_file = putils.find_file_in_path(file_name, search_path) with open(full_file, "r") as ff: pem_encoded_signing_key = ff.read() return cls(crypto.SIG_PrivateKey(pem_encoded_signing_key))
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. import pdo.common.crypto as crypto import logging import sys logger = logging.getLogger(__name__) logger.setLevel(logging.WARN) logger = logging.getLogger() logging.basicConfig(level=logging.WARN) # TEST ECDSA try: esk = crypto.SIG_PrivateKey() esk.Generate() epk = esk.GetPublicKey() except Exception as exc: logger.error( "ERROR: Signature Private and Public keys generation test failed: ", exc) sys.exit(-1) logger.debug("Signature Private and Public keys generation test successful!") try: eskString = esk.Serialize() epkString = epk.Serialize() hepkString = epk.SerializeXYToHex() esk1 = crypto.SIG_PrivateKey(eskString) epk1 = crypto.SIG_PublicKey(epkString) eskString1 = esk1.Serialize()
def compute_creator_initialize_state_signature(creator_signing_key, contract_enclave_signature): signer = keys.ServiceKeys(crypto.SIG_PrivateKey(creator_signing_key)) return signer.sign(contract_enclave_signature, encoding='raw')
def test_ecdsa(sig_curve=crypto.SigCurve_UNDEFINED): try: if (sig_curve == crypto.SigCurve_UNDEFINED): # test with private key from default constructor esk = crypto.SIG_PrivateKey() elif (sig_curve == crypto.SigCurve_SECP256K1 or sig_curve == crypto.SigCurve_SECP384R1): # test with private key from curve-defined constructor esk = crypto.SIG_PrivateKey(sig_curve) else: logger.error("ERROR: unsupported sigcurve " + crypto.sig_curve) sys.exit(-1) # test private key generation esk.Generate() # test public key retrieval from public key epk = esk.GetPublicKey() except Exception as exc: logger.error( "ERROR: Signature Private and Public keys generation test failed: ", exc) sys.exit(-1) logger.debug( "Signature Private and Public keys generation test successful!") try: # test private key serialization eskString = esk.Serialize() # test public key serialization epkString = epk.Serialize() # test public key xy serialization hepkString = epk.SerializeXYToHex() # test private key PEM constructor esk1 = crypto.SIG_PrivateKey(eskString) # test public key PEM constructor epk1 = crypto.SIG_PublicKey(epkString) # test private key serialization eskString1 = esk1.Serialize() # test public key serialization epkString1 = epk1.Serialize() # generate key pair for tests esk2 = crypto.SIG_PrivateKey() esk2.Generate() epk2 = crypto.SIG_PublicKey(esk2) # test private key deserialization esk2.Deserialize(eskString1) # test public key deserialization epk2.Deserialize(epkString1) # test PEM equivalence following deserialization-serialization steps eskString2 = esk2.Serialize() epkString2 = epk2.Serialize() if eskString1 != eskString2 or epkString1 != epkString2: logger.error( "ERROR: PEM differ after deserialization-serialization steps") sys.exit(-1) except Exception as exc: logger.error( "ERROR: Signature Private and Public keys serialize/deserialize test failed: ", exc) sys.exit(-1) logger.debug( "Signature Private and Public keys serialize/deserialize test successful!" ) try: # test deserializing public key as private key esk1.Deserialize(epkString1) logger.error( "ERROR: Signature invalid private key deserialize test failed: not detected." ) sys.exit(-1) except Exception as exc: if (type(exc) == ValueError): logger.debug( "Signature invalid private key deserialize test successful!") else: logger.error( "ERROR: Signature invalid private key deserialize test failed: ", exc) sys.exit(-1) try: # test deserializing private key as public key epk1.Deserialize(eskString1) logger.error( "ERROR: Signature invalid public key deserialize test failed: not detected." ) sys.exit(-1) except Exception as exc: if (type(exc) == ValueError): logger.debug( "Signature invalid public key deserialize test successful!") else: logger.error( "ERROR: Signature invalid public key deserialize test failed: ", exc) sys.exit(-1) try: # test message signing and verification msg = b'A message!' sig = esk.SignMessage(msg) res = epk.VerifySignature(msg, sig) except Exception as exc: logger.error( "ERROR: Signature creation and verification test failed: ", exc) sys.exit(-1) if (res == 1): logger.debug("Signature creation and verification test successful!") else: logger.error( "ERROR: Signature creation and verification test failed: signature does not verify." ) exit(-1) try: # test invalid signature verification res = epk.VerifySignature(msg, bytes("invalid signature", 'ascii')) except Exception as exc: logger.error("ERROR: Invalid signature detection test failed: ", exc) sys.exit(-1) if (res != 1): logger.debug("Invalid signature detection test successful!") else: logger.error("ERROR: Invalid signature detection test failed.") exit(-1)