def test_deserialized_wait_timer(self):
wait_timer = \
EnclaveWaitTimer(
validator_address='1600 Pennsylvania Avenue NW',
duration=3.14159,
previous_certificate_id='Bond. James Bond.',
local_mean=2.71828)
serialized = wait_timer.serialize()
signing_key = self._create_random_key()
wait_timer.signature = \
signing.sign(serialized, signing_key)
copy_wait_timer = \
EnclaveWaitTimer.wait_timer_from_serialized(
serialized,
wait_timer.signature)
self.assertEqual(wait_timer.validator_address,
copy_wait_timer.validator_address)
self.assertAlmostEqual(wait_timer.request_time,
copy_wait_timer.request_time)
self.assertAlmostEqual(wait_timer.duration, copy_wait_timer.duration)
self.assertEqual(wait_timer.previous_certificate_id,
copy_wait_timer.previous_certificate_id)
self.assertAlmostEqual(wait_timer.local_mean,
copy_wait_timer.local_mean)
self.assertEqual(wait_timer.signature, copy_wait_timer.signature)
self.assertEqual(serialized, copy_wait_timer.serialize())
def create_wait_timer(cls,
sealed_signup_data,
validator_address,
previous_certificate_id,
local_mean):
with cls._lock:
# Extract keys from the 'sealed' signup data
signup_data = \
json2dict(
base64.b64decode(sealed_signup_data.encode()).decode())
poet_private_key = signup_data['poet_private_key']
if poet_private_key is None:
raise \
ValueError(
'Invalid signup data. No poet private key.')
try:
poet_private_key = Secp256k1PrivateKey.from_hex(
poet_private_key)
except ParseError:
raise \
ValueError(
'Invalid signup data. Badly formatted poet key(s).')
# In a TEE implementation we would increment the HW counter here.
# We can't usefully simulate a HW counter though.
# Create some value from the cert ID. We are just going to use
# the seal key to sign the cert ID. We will then use the
# low-order 64 bits to change that to a number [0, 1]
tag = \
base64.b64decode(
cls._context.sign(
previous_certificate_id.encode(),
cls._seal_private_key))
tagd = float(struct.unpack('Q', tag[-8:])[0]) / (2**64 - 1)
# Now compute the duration with a minimum wait time guaranteed
duration = \
_PoetEnclaveSimulator.MINIMUM_WAIT_TIME \
- local_mean * math.log(tagd)
# Create and sign the wait timer
wait_timer = \
EnclaveWaitTimer(
validator_address=validator_address,
duration=duration,
previous_certificate_id=previous_certificate_id,
local_mean=local_mean)
wait_timer.signature = \
cls._context.sign(
wait_timer.serialize().encode(),
poet_private_key)
return wait_timer
def create_wait_timer(cls,
sealed_signup_data,
validator_address,
previous_certificate_id,
local_mean):
with cls._lock:
# Extract keys from the 'sealed' signup data
signup_data = \
json2dict(
base64.b64decode(sealed_signup_data.encode()).decode())
poet_private_key = signup_data['poet_private_key']
if poet_private_key is None:
raise \
ValueError(
'Invalid signup data. No poet private key.')
try:
poet_private_key = Secp256k1PrivateKey.from_hex(
poet_private_key)
except ParseError:
raise \
ValueError(
'Invalid signup data. Badly formatted poet key(s).')
# In a TEE implementation we would increment the HW counter here.
# We can't usefully simulate a HW counter though.
# Create some value from the cert ID. We are just going to use
# the seal key to sign the cert ID. We will then use the
# low-order 64 bits to change that to a number [0, 1]
tag = \
base64.b64decode(
cls._context.sign(
previous_certificate_id.encode(),
cls._seal_private_key))
tagd = float(struct.unpack('Q', tag[-8:])[0]) / (2**64 - 1)
# Now compute the duration with a minimum wait time guaranteed
duration = \
_PoetEnclaveSimulator.MINIMUM_WAIT_TIME \
- local_mean * math.log(tagd)
# Create and sign the wait timer
wait_timer = \
EnclaveWaitTimer(
validator_address=validator_address,
duration=duration,
previous_certificate_id=previous_certificate_id,
local_mean=local_mean)
wait_timer.signature = \
cls._context.sign(
wait_timer.serialize().encode(),
poet_private_key)
return wait_timer
def do_deserialized_wait_timer():
wait_timer = \
EnclaveWaitTimer(
validator_address='1600 Pennsylvania Avenue NW',
duration=3.14159,
previous_certificate_id='Bond. James Bond.',
local_mean=2.71828)
serialized = wait_timer.serialize()
private_key = _create_random_key()
wait_timer.signature = \
create_context('secp256k1').sign(serialized.encode(), private_key)
copy_wait_timer = \
EnclaveWaitTimer.wait_timer_from_serialized(
serialized,
wait_timer.signature)
def create_wait_timer(cls,
validator_address,
previous_certificate_id,
local_mean,
minimum_wait_time):
with cls._lock:
# If we don't have a PoET private key, then the enclave has not
# been properly initialized (either by calling create_signup_info
# or unseal_signup_data)
if cls._poet_private_key is None:
raise \
ValueError(
'Enclave must be initialized before attempting to '
'create a wait timer')
# Create some value from the cert ID. We are just going to use
# the seal key to sign the cert ID. We will then use the
# low-order 64 bits to change that to a number [0, 1]
tag = \
base64.b64decode(
signing.sign(
previous_certificate_id,
cls._seal_private_key))
tagd = float(struct.unpack('Q', tag[-8:])[0]) / (2**64 - 1)
# Now compute the duration with a minimum wait time guaranteed
duration = minimum_wait_time - local_mean * math.log(tagd)
# Create and sign the wait timer
wait_timer = \
EnclaveWaitTimer(
validator_address=validator_address,
duration=duration,
previous_certificate_id=previous_certificate_id,
local_mean=local_mean)
wait_timer.signature = \
signing.sign(
wait_timer.serialize(),
cls._poet_private_key)
# Keep track of the active wait timer
cls._active_wait_timer = wait_timer
return wait_timer
def test_deserialized_wait_timer(self):
wait_timer = \
EnclaveWaitTimer(
validator_address='1600 Pennsylvania Avenue NW',
duration=3.14159,
previous_certificate_id='Bond. James Bond.',
local_mean=2.71828)
serialized = wait_timer.serialize()
signing_key = self._create_random_key()
wait_timer.signature = \
signing.sign(serialized, signing_key)
copy_wait_timer = \
EnclaveWaitTimer.wait_timer_from_serialized(
serialized,
wait_timer.signature)
self.assertEqual(
wait_timer.validator_address,
copy_wait_timer.validator_address)
self.assertAlmostEqual(
wait_timer.request_time,
copy_wait_timer.request_time)
self.assertAlmostEqual(
wait_timer.duration,
copy_wait_timer.duration)
self.assertEqual(
wait_timer.previous_certificate_id,
copy_wait_timer.previous_certificate_id)
self.assertAlmostEqual(
wait_timer.local_mean,
copy_wait_timer.local_mean)
self.assertEqual(
wait_timer.signature,
copy_wait_timer.signature)
self.assertEqual(serialized, copy_wait_timer.serialize())
