def __init__(self, kv_helper, worker_id): self._kv_helper = kv_helper self._worker_id = worker_id # Key pair for work order receipt signing # This is temporary approach self.private_key = crypto_utils.generate_signing_keys() self.public_key = self.private_key.get_verifying_key().to_pem()
def __init__(self, config, signup_data, measurements): self.config = config self.enclave_data = signup_data self.sealed_data = signup_data.sealed_data self.verifying_key = signup_data.verifying_key self.encryption_key = signup_data.encryption_key # TODO: EncryptionKeyNonce and EncryptionKeySignature are hardcoded # to dummy values. # Need to come up with a scheme to generate both for every unique # encryption key. self.encryption_key_nonce = "" self.encryption_key_signature = signup_data.encryption_key_signature self.enclave_id = signup_data.enclave_id self.extended_measurements = measurements # ProofDataType is one of TEE prefixed type # TODO: Read ProofDataType from config file self.proof_data_type = config.get("WorkerConfig")["ProofDataType"] self.proof_data = signup_data.proof_data # Key pair for work order receipt signing # This is temporary approach self.private_key = crypto_utils.generate_signing_keys() self.public_key = self.private_key.GetPublicKey().Serialize()
def configure_data_sdk(self, input_json, worker_obj, pre_test_response): logger.info("***Pre test*****\n%s\n", pre_test_response) logger.info("***Input json*****\n%s\n", input_json) jrpc_req_id = input_json["id"] client_private_key = crypto_utility.generate_signing_keys() wo_request = json.loads(pre_test_response.to_jrpc_string(jrpc_req_id)) wo_receipt_request_obj = WorkOrderReceiptRequest() wo_create_receipt = wo_receipt_request_obj.create_receipt( wo_request, ReceiptCreateStatus.PENDING.value, client_private_key) logger.info("Work order create receipt request : {} \n \n ".format( json.dumps(wo_create_receipt, indent=4))) return wo_create_receipt
def configure_data(self, input_json, worker_obj, pre_test_response): if input_json is None: with open( os.path.join(constants.work_order_receipt, "work_order_receipt.json"), "r") as file: input_json = file.read().rstrip('\n') #input_json = json.loads(input_json) logger.info("***Pre test*****\n%s\n", pre_test_response) logger.info("***Input json*****\n%s\n", input_json) # private_key of client private_key = enclave_helper.generate_signing_keys() self.add_json_values(input_json, worker_obj, private_key, self.tamper, pre_test_response) input_work_order = self.compute_signature(self.tamper) logger.info('''Compute Signature complete \n''') final_json = json.loads(input_work_order) return final_json
def configure_data(self, input_json, worker_obj, pre_test_response): # private_key of client private_key = enclave_helper.generate_signing_keys() if input_json is None: with open( os.path.join(constants.work_order_input_file, "work_order_success.json"), "r") as file: input_json = file.read().rstrip('\n') input_json = json.loads(input_json) self.add_json_values(input_json, worker_obj, private_key, constants.wo_submit_tamper) input_work_order = self.compute_signature(self.tamper) logger.info('Compute Signature complete \n') final_json_str = json.loads(input_work_order) return final_json_str
def Main(args=None): options = _parse_command_line(args) config = _parse_config_file(options.config) if config is None: logger.error("\n Error in parsing config file: {}\n".format( options.config)) sys.exit(-1) # mode should be one of listing or registry (default) mode = options.mode # Http JSON RPC listener uri uri = options.uri if uri: config["tcf"]["json_rpc_uri"] = uri # Setting blockchain type # if blockchain parameter is not passed, set to None # and None implies direct mode. blockchain = options.blockchain if blockchain: config['blockchain']['type'] = blockchain # Address of smart contract address = options.address if address: if mode == "listing": config["ethereum"]["direct_registry_contract_address"] = \ address elif mode == "registry": logger.error( "\n Only Worker registry listing address is supported." + "Worker registry address is unsupported \n") sys.exit(-1) # worker id worker_id = options.worker_id worker_id_hex = options.worker_id_hex worker_id = worker_id_hex if not worker_id \ else hex_utils.get_worker_id_from_name(worker_id) # work load id of worker workload_id = options.workload_id if not workload_id: logger.error("\nWorkload id is mandatory\n") sys.exit(-1) # work order input data in_data = options.in_data # show receipt in output show_receipt = options.receipt # show decrypted result in output show_decrypted_output = options.decrypted_output # requester signature for work order requests requester_signature = options.requester_signature # setup logging config["Logging"] = {"LogFile": "__screen__", "LogLevel": "INFO"} plogger.setup_loggers(config.get("Logging", {})) sys.stdout = plogger.stream_to_logger(logging.getLogger("STDOUT"), logging.DEBUG) sys.stderr = plogger.stream_to_logger(logging.getLogger("STDERR"), logging.WARN) logger.info("******* Hyperledger Avalon Generic client *******") if mode == "registry" and address: logger.error("\n Worker registry contract address is unsupported \n") sys.exit(-1) # Retrieve JSON RPC uri from registry list for direct mode. if not uri and mode == "listing": if not blockchain: uri = _retrieve_uri_from_registry_list(config) if uri is None: logger.error("\n Unable to get http JSON RPC uri \n") sys.exit(-1) # Prepare worker worker_registry = _create_worker_registry_instance(blockchain, config) worker_obj, worker_id = _get_first_active_worker(worker_registry, worker_id, config) if worker_obj is None: logger.error("Cannot proceed without a valid worker") sys.exit(-1) # Create session key and iv to sign work order request session_key = crypto_utility.generate_key() session_iv = crypto_utility.generate_iv() s_key = session_key s_iv = session_iv logger.info( "**********Worker details Updated with Worker ID" + "*********\n%s\n", worker_id) # Create work order verification_key = worker_obj.verification_key code, wo_params = _create_work_order_params(worker_id, workload_id, in_data, worker_obj.encryption_key, session_key, session_iv) if not code: logger.error("Work order submission failed") exit(1) client_private_key = crypto_utility.generate_signing_keys() if requester_signature: # Add requester signature and requester verifying_key if wo_params.add_requester_signature(client_private_key) is False: logger.info("Work order request signing failed") exit(1) # Submit work order jrpc_req_id = random.randint(0, 100000) logger.info("Work order submit request : %s, \n \n ", wo_params.to_jrpc_string(jrpc_req_id)) work_order = _create_work_order_instance(blockchain, config) jrpc_req_id += 1 wo_id = wo_params.get_worker_id() response = work_order.work_order_submit(wo_params.get_work_order_id(), wo_params.get_worker_id(), wo_params.get_requester_id(), wo_params.to_string(), id=jrpc_req_id) logger.info("Work order submit response : {}\n ".format(response)) if blockchain is None: if "error" in response and response["error"]["code"] != \ WorkOrderStatus.PENDING: sys.exit(1) else: if response != ContractResponse.SUCCESS: sys.exit(1) # Create receipt wo_receipt = _create_work_order_receipt_instance(blockchain, config) if show_receipt and wo_receipt: jrpc_req_id += 1 _create_work_order_receipt(wo_receipt, wo_params, client_private_key, jrpc_req_id) # Retrieve work order result res = _get_work_order_result(work_order, wo_params.get_work_order_id(), jrpc_req_id + 1) if res: logger.info("Work order get result : {}\n ".format( json.dumps(res, indent=4))) # Check if result field is present in work order response if "result" in res: # Verify work order response signature if _verify_wo_res_signature(res['result'], worker_obj.verification_key, wo_params.get_requester_nonce()) \ is False: logger.error( "Work order response signature verification Failed") sys.exit(1) # Decrypt work order response if show_decrypted_output: decrypted_res = crypto_utility.decrypted_response( res['result'], session_key, session_iv) logger.info("\nDecrypted response:\n {}".format(decrypted_res)) else: logger.error("\n Work order get result failed {}\n".format(res)) sys.exit(1) else: logger.error("\n Work order get result failed {}\n".format(res)) sys.exit(1) if show_receipt and wo_receipt: # Retrieve receipt jrpc_req_id += 1 retrieve_wo_receipt \ = _retrieve_work_order_receipt(wo_receipt, wo_params, jrpc_req_id) # Verify receipt signature if _verify_receipt_signature(retrieve_wo_receipt) is False: logger.error("Receipt signature verification Failed") sys.exit(1)
def Main(args=None): options = _parse_command_line(args) config = _parse_config_file(options.config) if config is None: logger.error("\n Error in parsing config file: {}\n".format( options.config)) sys.exit(-1) # mode should be one of listing or registry (default) mode = options.mode # Http JSON RPC listener uri uri = options.uri if uri: config["tcf"]["json_rpc_uri"] = uri # Address of smart contract address = options.address if address: if mode == "listing": config["ethereum"]["direct_registry_contract_address"] = \ address elif mode == "registry": logger.error( "\n Only Worker registry listing address is supported." + "Worker registry address is unsupported \n") sys.exit(-1) # worker id worker_id = options.worker_id worker_id_hex = options.worker_id_hex worker_id = worker_id_hex if not worker_id \ else hex_utils.get_worker_id_from_name(worker_id) # work load id of worker workload_id = options.workload_id if not workload_id: logger.error("\nWorkload id is mandatory\n") sys.exit(-1) # work order input data in_data = options.in_data # Option to send input data in plain text in_data_plain_text = options.in_data_plain # show receipt in output show_receipt = options.receipt # show decrypted result in output show_decrypted_output = options.decrypted_output # requester signature for work order requests requester_signature = options.requester_signature # setup logging config["Logging"] = {"LogFile": "__screen__", "LogLevel": "INFO"} plogger.setup_loggers(config.get("Logging", {})) sys.stdout = plogger.stream_to_logger(logging.getLogger("STDOUT"), logging.DEBUG) sys.stderr = plogger.stream_to_logger(logging.getLogger("STDERR"), logging.WARN) logger.info("******* Hyperledger Avalon Generic client *******") if mode == "registry" and address: logger.error("\n Worker registry contract address is unsupported \n") sys.exit(-1) # Retrieve JSON RPC uri from registry list if not uri and mode == "listing": uri = _retrieve_uri_from_registry_list(config) if uri is None: logger.error("\n Unable to get http JSON RPC uri \n") sys.exit(-1) # Prepare worker # JRPC request id. Choose any integer value jrpc_req_id = 31 worker_registry = JRPCWorkerRegistryImpl(config) if not worker_id: # Get first worker from worker registry worker_id = _lookup_first_worker(worker_registry, jrpc_req_id) if worker_id is None: logger.error("\n Unable to get worker \n") sys.exit(-1) # Retrieve worker details jrpc_req_id += 1 worker_retrieve_result = worker_registry.worker_retrieve( worker_id, jrpc_req_id) logger.info("\n Worker retrieve response: {}\n".format( json.dumps(worker_retrieve_result, indent=4))) if "error" in worker_retrieve_result: logger.error("Unable to retrieve worker details\n") sys.exit(1) # Create session key and iv to sign work order request session_key = crypto_utility.generate_key() session_iv = crypto_utility.generate_iv() # Initializing Worker Object worker_obj = worker_details.SGXWorkerDetails() worker_obj.load_worker(worker_retrieve_result['result']['details']) # Do worker verification _do_worker_verification(worker_obj) logger.info( "**********Worker details Updated with Worker ID" + "*********\n%s\n", worker_id) # Create work order if in_data_plain_text: # As per TC spec, if encryptedDataEncryptionKey is "-" then # input data is not encrypted encrypted_data_encryption_key = "-" else: # As per TC spec, if encryptedDataEncryptionKey is not # provided then set it to None which means # use default session key to encrypt input data encrypted_data_encryption_key = None wo_params = _create_work_order_params(worker_id, workload_id, in_data, worker_obj.encryption_key, session_key, session_iv, encrypted_data_encryption_key) client_private_key = crypto_utility.generate_signing_keys() if requester_signature: # Add requester signature and requester verifying_key if wo_params.add_requester_signature(client_private_key) is False: logger.info("Work order request signing failed") exit(1) # Submit work order logger.info("Work order submit request : %s, \n \n ", wo_params.to_jrpc_string(jrpc_req_id)) work_order = JRPCWorkOrderImpl(config) jrpc_req_id += 1 response = work_order.work_order_submit(wo_params.get_work_order_id(), wo_params.get_worker_id(), wo_params.get_requester_id(), wo_params.to_string(), id=jrpc_req_id) logger.info("Work order submit response : {}\n ".format( json.dumps(response, indent=4))) if "error" in response and response["error"]["code"] != \ WorkOrderStatus.PENDING: sys.exit(1) # Create receipt wo_receipt = JRPCWorkOrderReceiptImpl(config) if show_receipt: jrpc_req_id += 1 _create_work_order_receipt(wo_receipt, wo_params, client_private_key, jrpc_req_id) # Retrieve work order result jrpc_req_id += 1 res = work_order.work_order_get_result(wo_params.get_work_order_id(), jrpc_req_id) logger.info("Work order get result : {}\n ".format( json.dumps(res, indent=4))) # Check if result field is present in work order response if "result" in res: # Verify work order response signature if _verify_wo_res_signature(res['result'], worker_obj.verification_key, wo_params.get_requester_nonce()) is False: logger.error("Work order response signature verification Failed") sys.exit(1) # Decrypt work order response if show_decrypted_output: decrypted_res = crypto_utility.decrypted_response( res['result'], session_key, session_iv) logger.info("\nDecrypted response:\n {}".format(decrypted_res)) else: logger.error("\n Work order get result failed {}\n".format(res)) sys.exit(1) if show_receipt: # Retrieve receipt jrpc_req_id += 1 retrieve_wo_receipt \ = _retrieve_work_order_receipt(wo_receipt, wo_params, jrpc_req_id) # Verify receipt signature if "result" in retrieve_wo_receipt: if _verify_receipt_signature(retrieve_wo_receipt) is False: logger.error("Receipt signature verification Failed") sys.exit(1) else: logger.info("Work Order receipt retrieve failed") sys.exit(1)
def __init__(self, kv_helper): self._kv_helper = kv_helper # Key pair for work order receipt signing # This is temporary approach self.private_key = crypto_utils.generate_signing_keys() self.public_key = self.private_key.GetPublicKey().Serialize()
def evaluate(self, message): """Create and submit workorder and wait for result.""" self.result_text.set("Waiting for evaluation result...") self.update() # Create, sign, and submit workorder. # Convert workloadId to hex. workload_id = "heart-disease-eval" workload_id = workload_id.encode("UTF-8").hex() session_iv = utility.generate_iv() session_key = utility.generate_key() requester_nonce = secrets.token_hex(16) work_order_id = secrets.token_hex(32) requester_id = secrets.token_hex(32) wo_params = WorkOrderParams() wo_params.create_request( work_order_id, worker_id, workload_id, requester_id, session_key, session_iv, requester_nonce, result_uri=" ", notify_uri=" ", worker_encryption_key=worker_obj.encryption_key, data_encryption_algorithm="AES-GCM-256") wo_params.add_in_data(message) wo_params.add_encrypted_request_hash() private_key = utility.generate_signing_keys() if requester_signature: # Add requester signature and requester verifying_key if wo_params.add_requester_signature(private_key) is False: logger.info("Work order request signing failed") exit(1) # Set text for JSON sidebar req_id = 51 self.request_json = wo_params.to_jrpc_string(req_id) work_order_instance = direct_jrpc.get_work_order_instance() response = work_order_instance.work_order_submit( wo_params.get_work_order_id(), wo_params.get_worker_id(), wo_params.get_requester_id(), wo_params.to_string(), id=req_id) logger.info("Work order submit response : {}\n ".format( json.dumps(response, indent=4))) if "error" in response and response["error"]["code"] != \ WorkOrderStatus.PENDING: sys.exit(1) # Create work order receipt req_id += 1 wo_receipt_instance = direct_jrpc.get_work_order_receipt_instance() wo_request = json.loads(self.request_json) wo_receipt_obj = WorkOrderReceiptRequest() wo_create_receipt = wo_receipt_obj.create_receipt( wo_request, ReceiptCreateStatus.PENDING.value, private_key) logger.info("Work order create receipt request : {} \n \n ".format( json.dumps(wo_create_receipt, indent=4))) # Submit work order create receipt jrpc request wo_receipt_resp = wo_receipt_instance.work_order_receipt_create( wo_create_receipt["workOrderId"], wo_create_receipt["workerServiceId"], wo_create_receipt["workerId"], wo_create_receipt["requesterId"], wo_create_receipt["receiptCreateStatus"], wo_create_receipt["workOrderRequestHash"], wo_create_receipt["requesterGeneratedNonce"], wo_create_receipt["requesterSignature"], wo_create_receipt["signatureRules"], wo_create_receipt["receiptVerificationKey"], req_id) logger.info("Work order create receipt response : {} \n \n ".format( wo_receipt_resp)) # Retrieve result and set GUI result text res = work_order_instance.work_order_get_result(work_order_id, req_id) self.result_json = json.dumps(res, indent=4) if "result" in res: sig_obj = signature.ClientSignature() status = sig_obj.verify_signature(res['result'], worker_obj.verification_key, wo_params.get_requester_nonce()) try: if status == SignatureStatus.PASSED: logger.info("Signature verification Successful") decrypted_res = utility. \ decrypted_response( res['result'], session_key, session_iv) logger.info( "\n" + "Decrypted response:\n {}".format(decrypted_res)) else: logger.info("Signature verification Failed") sys.exit(1) except Exception as err: logger.info("ERROR: Failed to decrypt response: %s", str(err)) sys.exit(1) else: logger.info("\n Work order get result failed {}\n".format(res)) sys.exit(1) # Set text for JSON sidebar self.result_text.set(decrypted_res[0]["data"]) # Retrieve receipt # Set text for JSON sidebar req_id += 1 self.receipt_json = json.dumps( wo_receipt_instance.work_order_receipt_retrieve( work_order_id, req_id), indent=4)
def Main(args=None): ParseCommandLine(args) config["Logging"] = {"LogFile": "__screen__", "LogLevel": "INFO"} plogger.setup_loggers(config.get("Logging", {})) sys.stdout = plogger.stream_to_logger(logging.getLogger("STDOUT"), logging.DEBUG) sys.stderr = plogger.stream_to_logger(logging.getLogger("STDERR"), logging.WARN) logger.info("***************** AVALON *****************") # Connect to registry list and retrieve registry if not off_chain: registry_list_instance = direct_jrpc.get_worker_registry_list_instance( ) # Lookup returns tuple, first element is number of registries and # second is element is lookup tag and # third is list of organization ids. registry_count, lookup_tag, registry_list = \ registry_list_instance.registry_lookup() logger.info("\n Registry lookup response: registry count: {} " + "lookup tag: {} registry list: {}\n".format( registry_count, lookup_tag, registry_list)) if (registry_count == 0): logger.warn("No registries found") sys.exit(1) # Retrieve the first registry details. registry_retrieve_result = registry_list_instance.registry_retrieve( registry_list[0]) logger.info("\n Registry retrieve response: {}\n".format( registry_retrieve_result)) config["tcf"]["json_rpc_uri"] = registry_retrieve_result[0] # Prepare worker req_id = 31 global worker_id worker_registry_instance = direct_jrpc.get_worker_registry_instance() if not worker_id: worker_lookup_result = worker_registry_instance.worker_lookup( worker_type=WorkerType.TEE_SGX, id=req_id) logger.info("\n Worker lookup response: {}\n".format( json.dumps(worker_lookup_result, indent=4))) if "result" in worker_lookup_result and \ "ids" in worker_lookup_result["result"].keys(): if worker_lookup_result["result"]["totalCount"] != 0: worker_id = worker_lookup_result["result"]["ids"][0] else: logger.error("ERROR: No workers found") sys.exit(1) else: logger.error("ERROR: Failed to lookup worker") sys.exit(1) req_id += 1 worker_retrieve_result = worker_registry_instance.worker_retrieve( worker_id, req_id) logger.info("\n Worker retrieve response: {}\n".format( json.dumps(worker_retrieve_result, indent=4))) worker_obj.load_worker(worker_retrieve_result["result"]["details"]) logger.info( "**********Worker details Updated with Worker ID" + "*********\n%s\n", worker_id) # Convert workloadId to hex workload_id = "echo-result".encode("UTF-8").hex() work_order_id = secrets.token_hex(32) requester_id = secrets.token_hex(32) session_iv = utility.generate_iv() session_key = utility.generate_key() requester_nonce = secrets.token_hex(16) # Create work order wo_params = WorkOrderParams( work_order_id, worker_id, workload_id, requester_id, session_key, session_iv, requester_nonce, result_uri=" ", notify_uri=" ", worker_encryption_key=worker_obj.encryption_key, data_encryption_algorithm="AES-GCM-256") # Add worker input data if input_data_hash: # Compute data hash for data params inData data_hash = utility.compute_data_hash(message) # Convert data_hash to hex data_hash = hex_utils.byte_array_to_hex_str(data_hash) wo_params.add_in_data(message, data_hash) else: wo_params.add_in_data(message) # Encrypt work order request hash wo_params.add_encrypted_request_hash() private_key = utility.generate_signing_keys() if requester_signature: # Add requester signature and requester verifying_key if wo_params.add_requester_signature(private_key) is False: logger.info("Work order request signing failed") exit(1) # Submit work order logger.info("Work order submit request : %s, \n \n ", wo_params.to_jrpc_string(req_id)) work_order_instance = direct_jrpc.get_work_order_instance() req_id += 1 response = work_order_instance.work_order_submit( wo_params.get_work_order_id(), wo_params.get_worker_id(), wo_params.get_requester_id(), wo_params.to_string(), id=req_id) logger.info("Work order submit response : {}\n ".format( json.dumps(response, indent=4))) if "error" in response and response["error"]["code"] != \ WorkOrderStatus.PENDING: sys.exit(1) # Create receipt wo_receipt_instance = direct_jrpc.get_work_order_receipt_instance() req_id += 1 # Create work order receipt object using WorkOrderReceiptRequest class wo_request = json.loads(wo_params.to_jrpc_string(req_id)) wo_receipt_obj = WorkOrderReceiptRequest() wo_create_receipt = wo_receipt_obj.create_receipt( wo_request, ReceiptCreateStatus.PENDING.value, private_key) logger.info("Work order create receipt request : {} \n \n ".format( json.dumps(wo_create_receipt, indent=4))) # Submit work order create receipt jrpc request wo_receipt_resp = wo_receipt_instance.work_order_receipt_create( wo_create_receipt["workOrderId"], wo_create_receipt["workerServiceId"], wo_create_receipt["workerId"], wo_create_receipt["requesterId"], wo_create_receipt["receiptCreateStatus"], wo_create_receipt["workOrderRequestHash"], wo_create_receipt["requesterGeneratedNonce"], wo_create_receipt["requesterSignature"], wo_create_receipt["signatureRules"], wo_create_receipt["receiptVerificationKey"], req_id) logger.info("Work order create receipt response : {} \n \n ".format( wo_receipt_resp)) # Retrieve result req_id += 1 res = work_order_instance.work_order_get_result(work_order_id, req_id) logger.info("Work order get result : {}\n ".format( json.dumps(res, indent=4))) sig_obj = signature.ClientSignature() if "result" in res: status = sig_obj.verify_signature(res['result'], worker_obj.verification_key, wo_params.get_requester_nonce()) try: if status == SignatureStatus.PASSED: logger.info( "Work order response signature verification Successful") decrypted_res = utility.decrypted_response( res['result'], session_key, session_iv) logger.info("\nDecrypted response:\n {}".format(decrypted_res)) if input_data_hash: decrypted_data = decrypted_res[0]["data"] data_hash_in_resp = (decrypted_res[0]["dataHash"]).upper() # Verify data hash in response if utility.verify_data_hash(decrypted_data, data_hash_in_resp) is False: sys.exit(1) else: logger.info("Signature verification Failed") sys.exit(1) except Exception as err: logger.error("ERROR: Failed to decrypt response: %s", str(err)) sys.exit(1) else: logger.info("\n Work order get result failed {}\n".format(res)) sys.exit(1) # Retrieve receipt receipt_res = wo_receipt_instance.work_order_receipt_retrieve( work_order_id, id=req_id) logger.info("\n Retrieve receipt response:\n {}".format( json.dumps(receipt_res, indent=4))) # Retrieve last update to receipt by passing 0xFFFFFFFF req_id += 1 receipt_update_retrieve = \ wo_receipt_instance.work_order_receipt_update_retrieve( work_order_id, None, 1 << 32, id=req_id) logger.info("\n Last update to receipt receipt is:\n {}".format( json.dumps(receipt_update_retrieve, indent=4))) if "result" in receipt_update_retrieve: status = sig_obj.verify_update_receipt_signature( receipt_update_retrieve['result']) if status == SignatureStatus.PASSED: logger.info("Work order receipt retrieve signature" + " verification Successful") else: logger.info("Work order receipt retrieve signature" + " verification failed!!") sys.exit(1) else: logger.info("Work order receipt update failed") # Receipt lookup based on requesterId req_id += 1 receipt_lookup_res = wo_receipt_instance.work_order_receipt_lookup( requester_id=requester_id, id=req_id) logger.info("\n Work order receipt lookup response :\n {}".format( json.dumps(receipt_lookup_res, indent=4)))
def parse_command_line(config, args): LOGGER.info("***************** AVALON *****************") global input_json_str global input_json_dir global server_uri global output_json_file_name global consensus_file_name global sig_obj global worker_obj global private_key global encrypted_session_key global session_iv parser = argparse.ArgumentParser() parser.add_argument("--logfile", help="Name of the log file. " + "Use __screen__ for standard output", type=str) parser.add_argument("-p", "--private_key", help="Private Key of the Client", type=str, default=None) parser.add_argument("--loglevel", help="Logging level", type=str) parser.add_argument("-i", "--input_file", help="JSON input file name", type=str, default="input.json") parser.add_argument("--input_dir", help="Logging level", type=str, default=[]) parser.add_argument("-c", "--connect_uri", help="URI to send requests to", type=str, default=[]) parser.add_argument( "output_file", help="JSON output file name", type=str, default="output.json", nargs="?") options = parser.parse_args(args) if config.get("Logging") is None: config["Logging"] = { "LogFile": "__screen__", "LogLevel": "INFO" } if options.logfile: config["Logging"]["LogFile"] = options.logfile if options.loglevel: config["Logging"]["LogLevel"] = options.loglevel.upper() input_json_str = None input_json_dir = None if options.connect_uri: server_uri = options.connect_uri else: LOGGER.error("ERROR: Please enter the server URI") if options.input_dir: LOGGER.info("Load Json Directory from %s", options.input_dir) input_json_dir = options.input_dir elif options.input_file: try: LOGGER.info("load JSON input from %s", options.input_file) with open(options.input_file, "r") as file: input_json_str = file.read() except Exception as err: LOGGER.error("ERROR: Failed to read from file %s: %s", options.input_file, str(err)) else: LOGGER.info("No input found") if options.output_file: output_json_file_name = options.output_file else: output_json_file_name = None if options.private_key: private_key = options.private_key else: # Generating the private Key for the client private_key = enclave_helper.generate_signing_keys() # Initializing Signature object, Worker Object sig_obj = signature.ClientSignature() worker_obj = worker.SGXWorkerDetails()
def Main(args=None): parser = GenericClient(args) generic_client_obj = None if parser.is_direct_mode(): generic_client_obj = DirectModelGenericClient(parser.get_config()) elif parser.get_blockchain_type() in ["fabric", "ethereum"]: generic_client_obj = ProxyModelGenericClient( parser.get_config(), parser.get_blockchain_type()) else: logging.error("Invalid inputs to generic client") sys.exit(-1) # Retrieve JSON RPC uri from registry list if not parser.uri() and parser.mode() == "listing": self._uri = self.retrieve_uri_from_registry_list(self._config) # Prepare worker worker_id = parser.get_worker_id() if worker_id is None: logging.error("worker id is missing") sys.exit(-1) if worker_id is None: logging.error("\n Unable to get worker {}\n".format(worker_id)) sys.exit(-1) # Retrieve worker details worker_obj = generic_client_obj.get_worker_details(worker_id) if worker_obj is None: logging.error("Unable to retrieve worker details\n") sys.exit(-1) # Create session key and iv to sign work order request session_key = crypto_utility.generate_key() session_iv = crypto_utility.generate_iv() # Do worker verification generic_client_obj.do_worker_verification(worker_obj) logging.info( "**********Worker details Updated with Worker ID" + "*********\n%s\n", worker_id) # Create work order if parser.in_data_plain_text(): # As per TC spec, if encryptedDataEncryptionKey is "-" then # input data is not encrypted encrypted_data_encryption_key = "-" else: # As per TC spec, if encryptedDataEncryptionKey is not # provided then set it to None which means # use default session key to encrypt input data encrypted_data_encryption_key = None code, wo_params = generic_client_obj.create_work_order_params( worker_id, parser.workload_id(), parser.in_data(), worker_obj.encryption_key, session_key, session_iv, encrypted_data_encryption_key) if not code: logging.error("Work order request creation failed \ \n {}".format(wo_params)) sys.exit(-1) client_private_key = crypto_utility.generate_signing_keys() if parser.requester_signature(): # Add requester signature and requester verifying_key if wo_params.add_requester_signature(client_private_key) is False: logging.info("Work order request signing failed") sys.exit(-1) submit_status, wo_submit_res = generic_client_obj.submit_work_order( wo_params) if submit_status: # Create receipt if parser.show_receipt(): generic_client_obj.create_work_order_receipt( wo_params, client_private_key) work_order_id = wo_params.get_work_order_id() # Retrieve work order result status, wo_res = generic_client_obj.get_work_order_result( work_order_id) # Check if result field is present in work order response if status: # Verify work order response signature if generic_client_obj.verify_wo_response_signature( wo_res['result'], worker_obj.verification_key, wo_params.get_requester_nonce()) is False: logging.error("Work order response signature" " verification Failed") sys.exit(-1) # Decrypt work order response if parser.show_decrypted_output(): decrypted_res = generic_client_obj.decrypt_wo_response( wo_res['result']) logging.info( "\nDecrypted response:\n {}".format(decrypted_res)) else: logging.error("\n Work order get result failed\n") sys.exit(-1) if parser.show_receipt(): # Retrieve receipt retrieve_wo_receipt = \ generic_client_obj.retrieve_work_order_receipt( work_order_id) # Verify receipt signature if retrieve_wo_receipt: if "result" in retrieve_wo_receipt: if generic_client_obj.verify_receipt_signature( retrieve_wo_receipt) is False: logging.error("Receipt signature verification Failed") sys.exit(-1) else: logging.info("Work Order receipt retrieve failed") sys.exit(-1) else: logging.error("Work order submit failed {}".format(wo_submit_res)) sys.exit(-1)
def test_verify_signature(): err_cnt = 0 read_json = read_json_file( "wo_response.json", ["./"]) wo_response = json.loads(read_json)["result"] wo_response["workOrderId"] = work_order_id wo_response["workerId"] = worker_id wo_response["requesterId"] = requester_id wo_response["workerNonce"] = worker_nonce try: # imitate worker signature SHA-256/RSA-OAEP-4096 response_hash = sig_obj.calculate_response_hash(wo_response) status, sign = sig_obj.generate_signature( response_hash, worker_signing_key) wo_response["workerSignature"] = sign # test 1 step verification status = sig_obj.verify_signature( wo_response, worker_verifying_key, requester_nonce) if status == SignatureStatus.PASSED: logging.info("PASSED: verify_signature (1 step)") else: logging.info("FAILED: verify_signature (1 step)") err_cnt += 1 except Exception as err: logging.info("FAILED: verify_signature (1 step)") err_cnt += 1 # generate extVerificationKey ext_private_key = crypto_utility.generate_signing_keys() ext_public_key = crypto_utility.get_verifying_key(ext_private_key) wo_response["extVerificationKey"] = ext_public_key # sign extVerificationKey with worker private key concat_string = wo_response["extVerificationKey"] + requester_nonce v_key_hash = crypto_utility.compute_message_hash( bytes(concat_string, 'UTF-8')) try: status, sign = \ sig_obj.generate_signature(v_key_hash, worker_signing_key) wo_response["extVerificationKeySignature"] = sign # Sign wo_response with extVerificationKey response_hash = sig_obj.calculate_response_hash(wo_response) status, sign = \ sig_obj.generate_signature(response_hash, ext_private_key) wo_response["workerSignature"] = sign # test 2 step verification status = sig_obj.verify_signature( wo_response, worker_verifying_key, requester_nonce) if status == SignatureStatus.PASSED: logging.info("PASSED: verify_signature (2 step)") else: logging.info("FAILED: verify_signature (2 step)") err_cnt += 1 except Exception as err: logging.info("FAILED: verify_signature (2 step)") err_cnt += 1 return err_cnt
"3isoueUA1x01+U0HDnY5ZR0CAwEAAQ==\n"\ "-----END PUBLIC KEY-----\n" sig_obj = signature.ClientSignature() # client values worker_id = secrets.token_hex(32) work_order_id = secrets.token_hex(32) requester_id = secrets.token_hex(32) requester_nonce = secrets.token_hex(16) session_key = crypto_utility.generate_key() session_iv = crypto_utility.generate_iv() session_key_iv = crypto_utility.byte_array_to_hex(session_iv) client_private_key = crypto_utility.generate_signing_keys() client_public_key = crypto_utility.get_verifying_key(client_private_key) # worker values worker_nonce = secrets.token_hex(16) worker_enc_key = rsa_public_key worker_signing_key = crypto_utility.generate_signing_keys() worker_verifying_key = crypto_utility.get_verifying_key(worker_signing_key) # ----------------------------------------------------------------------------- def test_calculate_datahash(): read_json = read_json_file("wo_request.json", ["./"]) wo_request = json.loads(read_json)["params"]["inData"]
def Main(args=None): ParseCommandLine(args) config["Logging"] = { "LogFile": "__screen__", "LogLevel": "INFO" } plogger.setup_loggers(config.get("Logging", {})) sys.stdout = plogger.stream_to_logger( logging.getLogger("STDOUT"), logging.DEBUG) sys.stderr = plogger.stream_to_logger( logging.getLogger("STDERR"), logging.WARN) logger.info("***************** AVALON *****************") # Connect to registry list and retrieve registry if not off_chain: direct_wrapper.init_worker_registry_list(config) registry_lookup_result = direct_wrapper.registry_lookup() if (registry_lookup_result[0] == 0): logger.warn("No registries found") sys.exit(1) registry_retrieve_result = direct_wrapper.registry_retrieve( registry_lookup_result[2][0]) config["tcf"]["json_rpc_uri"] = registry_retrieve_result[0] # Prepare worker direct_wrapper.init_worker_registry(config) global worker_id if not worker_id: worker_lookup_json = jrpc_request.WorkerLookupJson( 1, worker_type=1) worker_lookup_result = direct_wrapper.worker_lookup( worker_lookup_json) if "result" in worker_lookup_result and \ "ids" in worker_lookup_result["result"].keys(): if worker_lookup_result["result"]["totalCount"] != 0: worker_id = \ worker_lookup_result["result"]["ids"][0] else: logger.error("ERROR: No workers found") sys.exit(1) else: logger.error("ERROR: Failed to lookup worker") sys.exit(1) worker_retrieve_json = jrpc_request.WorkerRetrieveJson(2, worker_id) worker_obj.load_worker( direct_wrapper.worker_retrieve( worker_retrieve_json)["result"]["details"]) logger.info("********** Worker details Updated with Worker ID" + "*********\n%s\n", worker_id) # Convert workloadId to hex workload_id = "echo-result" workload_id = workload_id.encode("UTF-8").hex() # Create work order wo_submit_json = jrpc_request.WorkOrderSubmitJson( 3, 6000, "pformat", worker_id, workload_id, "0x2345", worker_encryption_key=base64.b64decode( worker_obj.worker_encryption_key).hex(), data_encryption_algorithm="AES-GCM-256") wo_id = wo_submit_json.get_work_order_id() # Sign work order private_key = utility.generate_signing_keys() session_key = utility.generate_key() session_iv = utility.generate_iv() encrypted_session_key = utility.generate_encrypted_key( session_key, worker_obj.worker_encryption_key) # Generate one time key used for encrypting inData data_key = utility.generate_key() # Initialization vector of size 12 bytes with all zeros. data_iv = bytearray(12) encrypted_key = utility.generate_encrypted_key( data_key, worker_obj.worker_encryption_key) encrypted_data_encryption_key = utility.encrypt_data( encrypted_key, session_key) encrypted_data_encryption_key_str = ''.join( format(i, '02x') for i in encrypted_data_encryption_key) data_iv_str = ''.join(format(i, '02x') for i in data_iv) wo_submit_json.add_in_data( message, None, encrypted_data_encryption_key_str, data_iv_str) # Submit work order direct_wrapper.init_work_order(config) direct_wrapper.work_order_submit( wo_submit_json, encrypted_session_key, worker_obj, private_key, session_key, session_iv, data_key, data_iv) # Retrieve result wo_get_result_json = jrpc_request.WorkOrderGetResultJson(4, wo_id) direct_wrapper.work_order_get_result( wo_get_result_json, session_key, session_iv, data_key, data_iv)