def generate_signature(self, hash, private_key):
"""
Function to generate signature object
Parameters:
- hash is the combined array of all hashes calculated on the
message
- private_key is Client private key
Returns tuple(status, signature)
"""
try:
self.private_key = private_key
self.public_key = \
crypto_utility.get_verifying_key(private_key)
signature_res = \
self.private_key.sign_digest_deterministic(
bytes(hash),
sigencode=sigencode_der)
signature_base64 = crypto_utility.byte_array_to_base64(
signature_res)
except Exception as err:
logger.error("Exception occurred during signature generation: %s",
str(err))
return False, None
return True, signature_base64
def add_requester_signature(self, private_key):
"""
Calculate the signature of the request
as defined in Off-Chain Trusted Compute EEA spec 6.1.8.3
and set the requesterSignature parameter in the request.
"""
sig_obj = signature.ClientSignature()
status, sign = sig_obj.generate_signature(self.final_hash, private_key)
if status is True:
self.params_obj["requesterSignature"] = sign
# public signing key is shared to enclave manager to
# verify the signature.
# It is temporary approach to share the key with the worker.
verifying_key = crypto_utility.get_verifying_key(private_key)
self.set_verifying_key(verifying_key)
return True
else:
logger.error("Signing request failed")
return False
def test_verify_signature():
err_cnt = 0
read_json = read_json_file(
"wo_response.json", ["./"])
wo_response = json.loads(read_json)["result"]
wo_response["workOrderId"] = work_order_id
wo_response["workerId"] = worker_id
wo_response["requesterId"] = requester_id
wo_response["workerNonce"] = worker_nonce
try:
# imitate worker signature SHA-256/RSA-OAEP-4096
response_hash = sig_obj.calculate_response_hash(wo_response)
status, sign = sig_obj.generate_signature(
response_hash, worker_signing_key)
wo_response["workerSignature"] = sign
# test 1 step verification
status = sig_obj.verify_signature(
wo_response, worker_verifying_key, requester_nonce)
if status == SignatureStatus.PASSED:
logging.info("PASSED: verify_signature (1 step)")
else:
logging.info("FAILED: verify_signature (1 step)")
err_cnt += 1
except Exception as err:
logging.info("FAILED: verify_signature (1 step)")
err_cnt += 1
# generate extVerificationKey
ext_private_key = crypto_utility.generate_signing_keys()
ext_public_key = crypto_utility.get_verifying_key(ext_private_key)
wo_response["extVerificationKey"] = ext_public_key
# sign extVerificationKey with worker private key
concat_string = wo_response["extVerificationKey"] + requester_nonce
v_key_hash = crypto_utility.compute_message_hash(
bytes(concat_string, 'UTF-8'))
try:
status, sign = \
sig_obj.generate_signature(v_key_hash, worker_signing_key)
wo_response["extVerificationKeySignature"] = sign
# Sign wo_response with extVerificationKey
response_hash = sig_obj.calculate_response_hash(wo_response)
status, sign = \
sig_obj.generate_signature(response_hash, ext_private_key)
wo_response["workerSignature"] = sign
# test 2 step verification
status = sig_obj.verify_signature(
wo_response, worker_verifying_key, requester_nonce)
if status == SignatureStatus.PASSED:
logging.info("PASSED: verify_signature (2 step)")
else:
logging.info("FAILED: verify_signature (2 step)")
err_cnt += 1
except Exception as err:
logging.info("FAILED: verify_signature (2 step)")
err_cnt += 1
return err_cnt
"-----END PUBLIC KEY-----\n"
sig_obj = signature.ClientSignature()
# client values
worker_id = secrets.token_hex(32)
work_order_id = secrets.token_hex(32)
requester_id = secrets.token_hex(32)
requester_nonce = secrets.token_hex(16)
session_key = crypto_utility.generate_key()
session_iv = crypto_utility.generate_iv()
session_key_iv = crypto_utility.byte_array_to_hex(session_iv)
client_private_key = crypto_utility.generate_signing_keys()
client_public_key = crypto_utility.get_verifying_key(client_private_key)
# worker values
worker_nonce = secrets.token_hex(16)
worker_enc_key = rsa_public_key
worker_signing_key = crypto_utility.generate_signing_keys()
worker_verifying_key = crypto_utility.get_verifying_key(worker_signing_key)
# -----------------------------------------------------------------------------
def test_calculate_datahash():
read_json = read_json_file("wo_request.json", ["./"])
wo_request = json.loads(read_json)["params"]["inData"]
try:
