def make_peer_data(workers, listeners): peer_data = [config.PROTOCOL_MAGIC, [0, 1, 0], {}, {}] for cls in workers: peer_data[3][cls.message_type] = [ 0, cbor.Tag(24, cbor.dumps(MessageSndRcv[cls.message_type]))] for msgtype in listeners.keys(): peer_data[2][msgtype] = [0, cbor.Tag(24, cbor.dumps(MessageSndRcv[msgtype]))] return peer_data
def encode(self): """ Encodes the message into a CBOR array with the appropriate cbor tag attached :return: COSE message """ return cbor.dumps( cbor.Tag(self.cbor_tag, [self.encoded_protected_header, self.unprotected_header, self.payload, self.signature]))
def to_dict(self): '''Dump a feature collection's features to a dictionary. This does not include additional data, such as whether or not the collection is read-only. The returned dictionary is suitable for serialization into JSON, CBOR, or similar data formats. ''' def is_non_native_sc(ty, encoded): return (ty == 'StringCounter' and not is_native_string_counter(encoded)) fc = {} native = ('StringCounter', 'Unicode') for name, feat in self._features.iteritems(): if name.startswith(self.EPHEMERAL_PREFIX): continue if not isinstance(name, unicode): name = name.decode('utf-8') tyname = registry.feature_type_name(name, feat) encoded = registry.get(tyname).dumps(feat) # This tomfoolery is to support *native untagged* StringCounters. if tyname not in native or is_non_native_sc(tyname, encoded): encoded = cbor.Tag(cbor_names_to_tags[tyname], encoded) fc[name] = encoded return fc
def __repr__(self): repr = cbor.loads(cbor.dumps(cbor.Tag(self.cbor_tag, [self.encoded_protected_header, self.encoded_unprotected_header, self.payload, self.auth_tag]))) t = repr.tag v = [binascii.hexlify(element) if isinstance(element, bytes) else element for element in repr.value] return str((t, v))
def encode(self): """Encodes the message into a CBOR array with the correct CBOR tag.""" if len(binascii.hexlify(self.auth_tag)) not in [16, 32, 64, 96, 128]: raise CoseInvalidTag("The length of the COSE auth tag must be in [16, 32, 64, 96, 128]") return cbor.dumps(cbor.Tag(self.cbor_tag, [self.encoded_protected_header, self.encoded_unprotected_header, self.payload, self.auth_tag]))
def encode(self): """ Encodes the message into a CBOR array :return: COSE message """ return cbor.dumps( cbor.Tag(self.cbor_tag, [ self.encoded_protected_header, self.unprotected_header, self.payload, self.signers ]))
def encode(self): """Encodes the message into a CBOR array""" if len(binascii.hexlify(self.auth_tag)) not in [16, 32, 64, 96, 128]: raise ValueError("Tag has invalid size.") return cbor.dumps( cbor.Tag(self.cbor_tag, [ self.encoded_protected_header, self.unprotected_header, self.payload, self.encoded_recipients ]))
def signWrapper(algo, private_key, public_key, encwrapper): wrapper = cbor.loads(encwrapper) COSE_Sign = copy.deepcopy(wrapper[1]) if not COSE_Sign: protected = cbor.dumps({ 3: APPLICATION_OCTET_STREAM_ID, # Content Type }) unprotected = {} signatures = [] # Create a COSE_Sign_Tagged object COSE_Sign = [protected, unprotected, None, signatures] if algo == EDDSA: public_bytes = public_key.to_bytes() else: public_bytes = public_key.public_bytes( serialization.Encoding.DER, serialization.PublicFormat.SubjectPublicKeyInfo) # NOTE: Using RFC7093, Method 4 digest = hashes.Hash(hashes.SHA256(), backend=default_backend()) digest.update(public_bytes) kid = digest.finalize() # Sign the payload protected = cbor.dumps({ 1: algo, # alg }) # Create the signing object unprotected = { 4: kid #kid } Sig_structure = [ "Signature", # Context COSE_Sign[0], # Body Protected protected, # signature protected b'', # External AAD wrapper[2] # payload ] sig_str = cbor.dumps(Sig_structure, sort_keys=True) if algo == EDDSA: signature = private_key.sign(sig_str) else: signature = private_key.sign(sig_str, ec.ECDSA(hashes.SHA256())) COSE_Signature = [protected, unprotected, signature] COSE_Sign[3].append(COSE_Signature) wrapper[1] = cbor.Tag(COSE_Sign_Tag, COSE_Sign) return wrapper
def _get_conditions(args): conds = [] uuid_vendor = None if args.vendorname: uuid_vendor = uuid.uuid5(uuid.NAMESPACE_DNS, str(args.vendorname)) print("Vendor ID: {}".format(uuid_vendor.hex)) conds.append([CONDITION_VENDORID, uuid_vendor.bytes]) if args.classname: uuid_class = uuid.uuid5(uuid_vendor, args.classname) conds.append([CONDITION_CLASSID, uuid_class.bytes]) print("Class ID: {}".format(uuid_class.hex)) if args.deviceid: conds.append( [CONDITION_DEVICEID, binascii.unhexlify(args.deviceid)]) if args.valid_duration: timestamp = cbor.dumps( cbor.Tag(1, _get_timestamp() + args.valid_duration)) conds.append([CONDITION_BESTBEFORE, timestamp]) return conds
addrType = 0 addrAttributes = {} addrRoot = [ addrType, [ addrType, xpub ], addrAttributes ] addrRoot = cbor.dumps(addrRoot) print("addrRoot:", addrRoot.hex()) sha3 = hashlib.sha3_256(addrRoot) print("SHA3:", sha3.hexdigest()) addrRoot = hashlib.blake2b(sha3.digest(), digest_size=28) print("Blake2b:", addrRoot.hexdigest()) abstractHash = addrRoot.digest() address = [ abstractHash, addrAttributes, addrType ] address = cbor.dumps(address) crc = binascii.crc32(address) taggedAddress = cbor.Tag(24, address) cwid = cbor.dumps([taggedAddress, crc]) cwid = base58.b58encode(cwid) print("CwID:", cwid.decode(), "\n")
def get_cwid_from_mnemonic(words): # print("\nMnemonic:", words) entropy = Mnemonic('english').to_entropy(words) # print("Entropy:", entropy.hex()) cborEnt = cbor.dumps(bytes(entropy)) # print("Serialised:", cborEnt.hex(), "\n") seed = hashlib.blake2b(cborEnt, digest_size=32) # print("Seed:", seed.hexdigest()) cborSeed = cbor.dumps(seed.digest()) # print("Serialised:", cborSeed.hex(), "\n") passPhrase = '' # print("Spending pass:"******"Serialised:", passPhrase.hex()) seedBuf = cbor.dumps(cborSeed) hashedSeed = hashlib.blake2b(seedBuf, digest_size=32) salt = cbor.dumps(hashedSeed.digest()) # print("Salt:", salt.hex()) hashedPass = scrypt.hash(passPhrase, salt, buflen=32) # print("Pass:"******"14|8|1|" + base64.standard_b64encode(hashedPass).decode() + "|" + base64.standard_b64encode( salt).decode() encryptedPass = cbor.dumps(encryptedPass.encode('utf-8')) # print("Encrypted Pass:"******"Base64-ed:", base64.standard_b64encode(encryptedPass).decode(), "\n") for i in range(5, 1000): buf = hmac.new(cborSeed, b'Root Seed Chain %d' % i, hashlib.sha512).digest() buf_l, buf_r = buf[:32], buf[32:] if hashlib.sha512(buf_l).digest()[31] & 32 == 0: # print(b'Root Seed Chain %d' % i) bip32 = ed25519.SigningKey(buf_l) break # print("SecretKey:", buf_l.hex()) # print("ChainCode:", buf_r.hex()) xpub = bip32.vk_s + buf_r # print("XPub:", xpub.hex()) addrType = 0 addrAttributes = {} addrRoot = [ addrType, [addrType, xpub], addrAttributes ] addrRoot = cbor.dumps(addrRoot) # print("addrRoot:", addrRoot.hex()) sha3 = hashlib.sha3_256(addrRoot) # print("SHA3:", sha3.hexdigest()) addrRoot = hashlib.blake2b(sha3.digest(), digest_size=28) # print("Blake2b:", addrRoot.hexdigest()) abstractHash = addrRoot.digest() address = [ abstractHash, addrAttributes, addrType ] address = cbor.dumps(address) crc = binascii.crc32(address) taggedAddress = cbor.Tag(24, address) cwid = cbor.dumps([taggedAddress, crc]) cwid = base58.b58encode(cwid) # print("CwID:", cwid.decode(), "\n") return cwid.decode()
digest.update( public_key.public_bytes(serialization.Encoding.DER, serialization.PublicFormat.SubjectPublicKeyInfo)) kid = digest.finalize() # Sign the payload protected = cbor.dumps({ 1: ES256, # alg 4: kid #kid }) unprotected = {} Sig_structure = [ "Signature", # Context COSE_Sign[0], # Body Protected protected, # signature protected b'', # External AAD COSE_Sign[2] ] sig_str = cbor.dumps(Sig_structure) signature = private_key.sign(sig_str, ec.ECDSA(hashes.SHA256())) COSE_Signature = [protected, unprotected, signature] COSE_Sign[3].append(COSE_Signature) with open(sys.argv[4], 'wb') as fd: COSE_Sign_Tagged = cbor.Tag(98, COSE_Sign) fd.write(cbor.dumps(COSE_Sign_Tagged))
if __name__ == '__main__': from . import config ep = Transport().endpoint() # Unaddressable transport. # ep = Transport(('127.0.0.1', 3000)).endpoint() print('connect') conn = ep.connect(config.CLUSTER_ADDR) # cardano node handshake. # send peer data. DEFAULT_PEER_DATA = [ 764824073, # protocol magic. [0, 1, 0], # version { 0x04: [0, cbor.Tag(24, cbor.dumps(0x05))], 0x05: [0, cbor.Tag(24, cbor.dumps(0x04))], 0x06: [0, cbor.Tag(24, cbor.dumps(0x07))], 0x22: [0, cbor.Tag(24, cbor.dumps(0x5e))], 0x25: [0, cbor.Tag(24, cbor.dumps(0x5e))], 0x2b: [0, cbor.Tag(24, cbor.dumps(0x5d))], 0x31: [0, cbor.Tag(24, cbor.dumps(0x5c))], 0x37: [0, cbor.Tag(24, cbor.dumps(0x62))], 0x3d: [0, cbor.Tag(24, cbor.dumps(0x61))], 0x43: [0, cbor.Tag(24, cbor.dumps(0x60))], 0x49: [0, cbor.Tag(24, cbor.dumps(0x5f))], 0x53: [0, cbor.Tag(24, cbor.dumps(0x00))], 0x5c: [0, cbor.Tag(24, cbor.dumps(0x31))], 0x5d: [0, cbor.Tag(24, cbor.dumps(0x2b))], 0x5e: [0, cbor.Tag(24, cbor.dumps(0x25))], 0x5f: [0, cbor.Tag(24, cbor.dumps(0x49))],
#0x31: [0, cbor.Tag(24, cbor.dumps(0x5c))], #0x37: [0, cbor.Tag(24, cbor.dumps(0x62))], #0x3d: [0, cbor.Tag(24, cbor.dumps(0x61))], #0x43: [0, cbor.Tag(24, cbor.dumps(0x60))], #0x49: [0, cbor.Tag(24, cbor.dumps(0x5f))], #0x53: [0, cbor.Tag(24, cbor.dumps(0x00))], #0x5c: [0, cbor.Tag(24, cbor.dumps(0x31))], #0x5d: [0, cbor.Tag(24, cbor.dumps(0x2b))], #0x5e: [0, cbor.Tag(24, cbor.dumps(0x25))], #0x5f: [0, cbor.Tag(24, cbor.dumps(0x49))], #0x60: [0, cbor.Tag(24, cbor.dumps(0x43))], #0x61: [0, cbor.Tag(24, cbor.dumps(0x3d))], #0x62: [0, cbor.Tag(24, cbor.dumps(0x37))], }, { # clients, send msg code -> recv msg code. Message.GetHeaders: [0, cbor.Tag(24, cbor.dumps(Message.Headers))], Message.Headers: [0, cbor.Tag(24, cbor.dumps(Message.GetHeaders))], Message.GetBlocks: [0, cbor.Tag(24, cbor.dumps(Message.Block))], Message.Stream: [0, cbor.Tag(24, cbor.dumps(Message.StreamBlock))], #0x0d: [0, cbor.Tag(24, cbor.dumps(0x00))], #0x0e: [0, cbor.Tag(24, cbor.dumps(0x00))], #0x25: [0, cbor.Tag(24, cbor.dumps(0x5e))], #0x2b: [0, cbor.Tag(24, cbor.dumps(0x5d))], #0x31: [0, cbor.Tag(24, cbor.dumps(0x5c))], #0x37: [0, cbor.Tag(24, cbor.dumps(0x62))], #0x3d: [0, cbor.Tag(24, cbor.dumps(0x61))], #0x43: [0, cbor.Tag(24, cbor.dumps(0x60))], #0x49: [0, cbor.Tag(24, cbor.dumps(0x5f))], #0x53: [0, cbor.Tag(24, cbor.dumps(0x00))], }, ]
def encode_with_crc(v): s = cbor.dumps(v) return cbor.dumps([cbor.Tag(24, s), binascii.crc32(s)])
def to_suit(self): for k, f in self.fields.items(): v = getattr(self, k, None) if v: return cbor.Tag(tag=f.suit_key, value=v.to_suit()) return None
def generate_static_auth_data_for_auth_key(doc_type, name_spaces, credential_key, auth_key, issuer_key, issuer_cert): # First, randomize the order the digest IDs are used num_elems = 0 for ns_name in name_spaces.keys(): num_elems += len(name_spaces[ns_name]) digest_ids = list(range(num_elems)) random.shuffle(digest_ids) # Along with value_digests for the MSO, generate digest_id_mapping which is sent # to the mDL along with the MSO # # DigestIdMapping = { # NameSpace => [ + IssuerSignedItemBytes ] # } # # ; Defined in ISO 18013-5 # ; # NameSpace = String # DataElementIdentifier = String # DigestID = uint # IssuerAuth = COSE_Sign1 ; The payload is MobileSecurityObjectBytes # # IssuerSignedItemBytes = #6.24(bstr .cbor IssuerSignedItem) # # IssuerSignedItem = { # "digestID" : uint, ; Digest ID for issuer data auth # "random" : bstr, ; Random value for issuer data auth # "elementIdentifier" : DataElementIdentifier, ; Data element identifier # "elementValue" : DataElementValue ; Data element value # } # value_digests = {} digest_id_mapping = {} digest_id_index = 0 for ns_name in name_spaces.keys(): value_digests_for_ns = {} issuer_signed_item_for_ns = [] for elem in name_spaces[ns_name]: digest_id = digest_ids[digest_id_index] elem_random = bytes(random.randint(0, 255) for i in range(32)) digest_id_index += 1 # Calculate the digest # TODO: send to the device the issuer signed item bytes encoded_issuer_signed_item = cbor.dumps( cbor.Tag( 24, cbor.dumps({ "random": elem_random, "digestID": digest_id, "elementValue": elem["value"], "elementIdentifier": elem["name"], }))) encoded_issuer_signed_item_value_null = cbor.dumps( cbor.Tag( 24, cbor.dumps({ "random": elem_random, "digestID": digest_id, "elementValue": None, "elementIdentifier": elem["name"], }))) digest = hashlib.sha256(encoded_issuer_signed_item).digest() value_digests_for_ns[digest_id] = digest value_digests[ns_name] = value_digests_for_ns issuer_signed_item_for_ns.append( encoded_issuer_signed_item_value_null) digest_id_mapping[ns_name] = issuer_signed_item_for_ns now = datetime.datetime.now(datetime.timezone.utc) signed_time = now valid_from = now # MSO is valid for one year valid_to = now + datetime.timedelta(days=365) validity_info = { "signed": cbor.Tag(6, signed_time.isoformat()), "validFrom": cbor.Tag(6, valid_from.isoformat()), "validUntil": cbor.Tag(6, valid_to.isoformat()), # expectedUpdate not set } device_key_info = { "deviceKey": to_cose_key(auth_key), # keyAuthorizations and keyInfo not set } mobile_security_object = { "version": "1", "digestAlgorithm": "SHA-256", "valueDigests": value_digests, "deviceKeyInfo": device_key_info, "docType": doc_type, "validityInfo": validity_info, } mobile_security_object_bytes = cbor.dumps( cbor.Tag(24, cbor.dumps(mobile_security_object))) signature_with_mso = cose_sign1_sign(issuer_key, mobile_security_object_bytes, False, issuer_cert) static_auth_data = { "digestIdMapping": digest_id_mapping, "issuerAuth": signature_with_mso, } encoded_static_auth_data = cbor.dumps(static_auth_data) return encoded_static_auth_data
def setup_test_data(database): db = database.get_sqlite3() c = db.cursor() # Erika Mustermann # mdl_acp_cbor = cbor.dumps([{ "id": 0, "userAuthenticationRequired": True, "timeoutMillis": 1000 }], ) with open("erika_portrait.jpg", "rb") as f: portrait = f.read() mdl_ns_cbor = cbor.dumps({ "org.iso.18013.5.1": [{ "name": "family_name", "value": "Mustermann", "accessControlProfiles": [0] }, { "name": "given_name", "value": "Erika", "accessControlProfiles": [0] }, { "name": "portrait", "value": portrait, "accessControlProfiles": [0] }, { "name": "birth_date", "value": cbor.Tag(6, "1971-09-01"), "accessControlProfiles": [0] }], "org.aamva.18013.5.1": [{ "name": "real_id", "value": True, "accessControlProfiles": [0] }] }) c.execute( "INSERT INTO persons (person_id, name, portrait) VALUES (10, 'Erika Mustermann', ?);", [portrait]) # get 'now(UTC)' to create a new timestamp for 'data_timestamp' now = datetime.datetime.now(datetime.timezone.utc) data_timestamp = datetime.datetime.timestamp(now) c.execute( "INSERT INTO documents (document_id, person_id, doc_type, access_control_profiles, name_spaces, data_timestamp) " "VALUES (11, 10, 'org.iso.18013.5.1.mDL', ?, ?, ?);", (mdl_acp_cbor, mdl_ns_cbor, data_timestamp)) c.execute( "INSERT INTO issued_documents (issued_document_id, document_id, provisioning_code) " "VALUES (12, 11, '1001');") # John Doe # with open("john_doe_portrait.jpg", "rb") as f: portrait = f.read() mdl_ns_cbor = cbor.dumps({ "org.iso.18013.5.1": [{ "name": "family_name", "value": "Doe", "accessControlProfiles": [0] }, { "name": "given_name", "value": "John", "accessControlProfiles": [0] }, { "name": "portrait", "value": portrait, "accessControlProfiles": [0] }], "org.aamva.18013.5.1": [{ "name": "real_id", "value": True, "accessControlProfiles": [0] }] }) c.execute( "INSERT INTO persons (person_id, name, portrait) VALUES (20, 'John Doe', ?);", [portrait]) # get 'now(UTC)' to create a new timestamp for 'data_timestamp' now = datetime.datetime.now(datetime.timezone.utc) data_timestamp = datetime.datetime.timestamp(now) c.execute( "INSERT INTO documents (document_id, person_id, doc_type, access_control_profiles, name_spaces, data_timestamp) " "VALUES (21, 20, 'org.iso.18013.5.1.mDL', ?, ?, ?);", (mdl_acp_cbor, mdl_ns_cbor, data_timestamp)) c.execute( "INSERT INTO issued_documents (issued_document_id, document_id, provisioning_code) " "VALUES (22, 21, '2001');") db.commit()