def compute_pdo_ccl_signature(private_key, enclave_id, enclave_signature,
channel_id, contract_id, creator_public_key_pem,
contract_code_hash, message_hash,
current_state_hash, previous_state_hash,
dependency_list):
k = crypto.SIG_PrivateKey(private_key)
message_byte_array = crypto.string_to_byte_array(enclave_id)
message_byte_array += crypto.base64_to_byte_array(enclave_signature)
message_byte_array += crypto.string_to_byte_array(channel_id)
message_byte_array += crypto.string_to_byte_array(contract_id)
message_byte_array += crypto.string_to_byte_array(creator_public_key_pem)
message_byte_array += crypto.base64_to_byte_array(contract_code_hash)
message_byte_array += crypto.base64_to_byte_array(message_hash)
message_byte_array += crypto.base64_to_byte_array(current_state_hash)
#in ccl initialize, previous state hash and dependencies are supposed to be empty
if previous_state_hash:
message_byte_array += crypto.base64_to_byte_array(previous_state_hash)
for d in dependency_list:
message_byte_array += crypto.string_to_byte_array(d.contract_id)
message_byte_array += crypto.string_to_byte_array(d.state_hash)
signature = k.SignMessage(message_byte_array)
encoded_signature = crypto.byte_array_to_base64(signature)
logger.debug("signed message string: " +
crypto.byte_array_to_base64(message_byte_array))
logger.debug("signed message hash: " + crypto.byte_array_to_hex(
crypto.compute_message_hash(message_byte_array)))
logger.debug("signature: %s", encoded_signature)
return encoded_signature
def LocalMain(config):
try:
key_config = config.get('Key', {})
keyfile = putils.find_file_in_path(key_config['FileName'],
key_config['SearchPath'])
logger.debug('read key from %s', keyfile)
with open(keyfile, "r") as f:
config['SigningKeyPrivate'] = f.read()
except FileNotFoundError as e:
logger.warning('Unable to locate signing key file')
sys.exit(-1)
try:
data_config = config.get('ProvisioningData', {})
config["SecretsFilePath"] = GetSecretsFilePath(data_config)
except Exception as e:
logger.warning(
'Unable to locate or create provisioning secrets data file')
sys.exit(-1)
signing_key = pcrypto.SIG_PrivateKey()
signing_key.Deserialize(config['SigningKeyPrivate'])
config['SigningKeyPublic'] = signing_key.GetPublicKey().Serialize()
RunProvisioningService(config)
def compute_pdo_add_enclave_signature(signing_key, verifying_key, contract_id, enclave_info_json_string):
signer = keys.ServiceKeys(crypto.SIG_PrivateKey(signing_key))
message = verifying_key + contract_id
message+= enclave_info_json_string
return signer.sign(message, encoding='raw')
def compute_pdo_update_contract_state_signature(signing_key, verifying_key, contract_enclave_id, contract_enclave_signature, \
state_update_info_string):
signer = keys.ServiceKeys(crypto.SIG_PrivateKey(signing_key))
message = crypto.string_to_byte_array(verifying_key + contract_enclave_id)
message += contract_enclave_signature
message += crypto.string_to_byte_array(state_update_info_string)
return signer.sign(message, encoding='raw')
def compute_pdo_signature_contract_registration(signing_key, verifying_key, contract_code_hash, \
provisioning_service_ids_array, nonce):
signer = keys.ServiceKeys(crypto.SIG_PrivateKey(signing_key))
message = crypto.string_to_byte_array(verifying_key) + contract_code_hash
for s in provisioning_service_ids_array:
message += crypto.string_to_byte_array(s)
message += crypto.string_to_byte_array(nonce)
return signer.sign(message, encoding='raw')
def compute_pdo_signature(private_key, tx_signer_public_key,
contract_code_hash, provisioning_service_ids_array):
k = crypto.SIG_PrivateKey(private_key)
message = tx_signer_public_key + contract_code_hash
for s in provisioning_service_ids_array:
message += s
message_byte_array = bytes(message, 'ascii')
signature = k.SignMessage(message_byte_array)
encoded_signature = crypto.byte_array_to_base64(signature)
logger.debug("signed message string:" + message)
logger.debug("signature: %s", encoded_signature)
return encoded_signature
def deserialize(self, serialized_profile):
"""deserialize the profile
"""
try:
serialized_profile = serialized_profile.decode('utf-8')
except AttributeError:
pass
profile_data = json.loads(serialized_profile)
pem_encoded_signing_key = profile_data.get('signing_key')
self.keys = ServiceKeys(crypto.SIG_PrivateKey(pem_encoded_signing_key))
def __init__(self, config):
self.__registry_helper = PdoRegistryHelper(
config['Sawtooth']['LedgerURL'])
self.SigningKey = pcrypto.SIG_PrivateKey(config['SigningKeyPrivate'])
self.PSPK = pcrypto.SIG_PublicKey(config['SigningKeyPublic'])
self.secrets_file_path = config['SecretsFilePath']
self.RequestMap = {
'secretRequest': self._secretreq,
'dataRequest': self._datareq,
}
def compute_pdo_add_enclave_signature(private_key, tx_signer_public_key,
contract_id,
enclave_info_quintuples_array):
k = crypto.SIG_PrivateKey(private_key)
#concatenate tx signer and contract id
message = tx_signer_public_key + contract_id
for s in enclave_info_quintuples_array:
for t in s['provisioning_key_state_secret_pairs']:
#concatenate each ps public key and signed secret
message += t['pspk']
message += t['encrypted_secret']
#concatenate encrypted state encryption key
message += s['encrypted_state_encryption_key']
#contatenate enclave's signature
message += s['signature']
message_byte_array = bytes(message, 'ascii')
signature = k.SignMessage(message_byte_array)
encoded_signature = crypto.byte_array_to_base64(signature)
logger.debug("signed message string:" + message)
logger.debug("signature: %s", encoded_signature)
return encoded_signature
def create_service_keys(cls):
signing_key = crypto.SIG_PrivateKey()
return cls(signing_key)
def read_from_file(cls, file_name, search_path=['.', './keys']):
full_file = putils.find_file_in_path(file_name, search_path)
with open(full_file, "r") as ff:
pem_encoded_signing_key = ff.read()
return cls(crypto.SIG_PrivateKey(pem_encoded_signing_key))
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import pdo.common.crypto as crypto
import logging
import sys
logger = logging.getLogger(__name__)
logger.setLevel(logging.WARN)
logger = logging.getLogger()
logging.basicConfig(level=logging.WARN)
# TEST ECDSA
try:
esk = crypto.SIG_PrivateKey()
esk.Generate()
epk = esk.GetPublicKey()
except Exception as exc:
logger.error(
"ERROR: Signature Private and Public keys generation test failed: ",
exc)
sys.exit(-1)
logger.debug("Signature Private and Public keys generation test successful!")
try:
eskString = esk.Serialize()
epkString = epk.Serialize()
hepkString = epk.SerializeXYToHex()
esk1 = crypto.SIG_PrivateKey(eskString)
epk1 = crypto.SIG_PublicKey(epkString)
eskString1 = esk1.Serialize()
def compute_creator_initialize_state_signature(creator_signing_key,
contract_enclave_signature):
signer = keys.ServiceKeys(crypto.SIG_PrivateKey(creator_signing_key))
return signer.sign(contract_enclave_signature, encoding='raw')
def test_ecdsa(sig_curve=crypto.SigCurve_UNDEFINED):
try:
if (sig_curve == crypto.SigCurve_UNDEFINED):
# test with private key from default constructor
esk = crypto.SIG_PrivateKey()
elif (sig_curve == crypto.SigCurve_SECP256K1
or sig_curve == crypto.SigCurve_SECP384R1):
# test with private key from curve-defined constructor
esk = crypto.SIG_PrivateKey(sig_curve)
else:
logger.error("ERROR: unsupported sigcurve " + crypto.sig_curve)
sys.exit(-1)
# test private key generation
esk.Generate()
# test public key retrieval from public key
epk = esk.GetPublicKey()
except Exception as exc:
logger.error(
"ERROR: Signature Private and Public keys generation test failed: ",
exc)
sys.exit(-1)
logger.debug(
"Signature Private and Public keys generation test successful!")
try:
# test private key serialization
eskString = esk.Serialize()
# test public key serialization
epkString = epk.Serialize()
# test public key xy serialization
hepkString = epk.SerializeXYToHex()
# test private key PEM constructor
esk1 = crypto.SIG_PrivateKey(eskString)
# test public key PEM constructor
epk1 = crypto.SIG_PublicKey(epkString)
# test private key serialization
eskString1 = esk1.Serialize()
# test public key serialization
epkString1 = epk1.Serialize()
# generate key pair for tests
esk2 = crypto.SIG_PrivateKey()
esk2.Generate()
epk2 = crypto.SIG_PublicKey(esk2)
# test private key deserialization
esk2.Deserialize(eskString1)
# test public key deserialization
epk2.Deserialize(epkString1)
# test PEM equivalence following deserialization-serialization steps
eskString2 = esk2.Serialize()
epkString2 = epk2.Serialize()
if eskString1 != eskString2 or epkString1 != epkString2:
logger.error(
"ERROR: PEM differ after deserialization-serialization steps")
sys.exit(-1)
except Exception as exc:
logger.error(
"ERROR: Signature Private and Public keys serialize/deserialize test failed: ",
exc)
sys.exit(-1)
logger.debug(
"Signature Private and Public keys serialize/deserialize test successful!"
)
try:
# test deserializing public key as private key
esk1.Deserialize(epkString1)
logger.error(
"ERROR: Signature invalid private key deserialize test failed: not detected."
)
sys.exit(-1)
except Exception as exc:
if (type(exc) == ValueError):
logger.debug(
"Signature invalid private key deserialize test successful!")
else:
logger.error(
"ERROR: Signature invalid private key deserialize test failed: ",
exc)
sys.exit(-1)
try:
# test deserializing private key as public key
epk1.Deserialize(eskString1)
logger.error(
"ERROR: Signature invalid public key deserialize test failed: not detected."
)
sys.exit(-1)
except Exception as exc:
if (type(exc) == ValueError):
logger.debug(
"Signature invalid public key deserialize test successful!")
else:
logger.error(
"ERROR: Signature invalid public key deserialize test failed: ",
exc)
sys.exit(-1)
try:
# test message signing and verification
msg = b'A message!'
sig = esk.SignMessage(msg)
res = epk.VerifySignature(msg, sig)
except Exception as exc:
logger.error(
"ERROR: Signature creation and verification test failed: ", exc)
sys.exit(-1)
if (res == 1):
logger.debug("Signature creation and verification test successful!")
else:
logger.error(
"ERROR: Signature creation and verification test failed: signature does not verify."
)
exit(-1)
try:
# test invalid signature verification
res = epk.VerifySignature(msg, bytes("invalid signature", 'ascii'))
except Exception as exc:
logger.error("ERROR: Invalid signature detection test failed: ", exc)
sys.exit(-1)
if (res != 1):
logger.debug("Invalid signature detection test successful!")
else:
logger.error("ERROR: Invalid signature detection test failed.")
exit(-1)
