def verify_update_receipt_signature(self, input_json): """ Function to verify the signature of work order receipt update Parameters: - input_json is dictionary contains payload returned by the WorkOrderReceiptUpdateRetrieve API as define EEA spec 7.2.7 Returns enum type SignatureStatus """ input_json_params = input_json['result'] concat_string = input_json_params["workOrderId"] + \ str(input_json_params["updateType"]) + \ input_json_params["updateData"] concat_hash = bytes(concat_string, 'UTF-8') final_hash = crypto.compute_message_hash(concat_hash) signature = input_json_params["updateSignature"] verification_key = input_json_params["receiptVerificationKey"] try: _verifying_key = crypto.SIG_PublicKey(verification_key) except Exception as error: logger.info("Error in verification key : %s", error) return SignatureStatus.INVALID_VERIFICATION_KEY decoded_signature = crypto.base64_to_byte_array(signature) sig_result = _verifying_key.VerifySignature( final_hash, decoded_signature) if sig_result == 1: return SignatureStatus.PASSED elif sig_result == 0: return SignatureStatus.FAILED else: return SignatureStatus.INVALID_SIGNATURE_FORMAT
def __init__(self, verifying_key, encryption_key): """ initialize the object :param verifying_key: PEM encoded ECDSA verifying key :param encryption_key: PEM encoded RSA encryption key """ self._verifying_key = crypto.SIG_PublicKey(verifying_key) self._encryption_key = crypto.PKENC_PublicKey(encryption_key)
def verify_signature(self,response_str,worker): """ Function to verify the signature received from the enclave Parameters: - response_str is json payload returned by the Worker Service in response to successful workorder submit request as per TCF API 6.1.2 Work Order Result Payload - worker is a worker object to store all the common details of worker as per TCF API 8.1 Common Data for All Worker Types """ input_json = json.loads(response_str) if ( self.tcs_worker['HashingAlgorithm'] != worker.hashing_algorithm ): logger.error("ERROR: Signing the request failed. Hashing algorithm is not supported for %s", worker.hashing_algorithm ) return SignatureStatus.ERROR_RESPONSE if ( self.tcs_worker['SigningAlgorithm'] != worker.signing_algorithm): logger.error("ERROR: Signing the request failed. Signing algorithm is not supported for %s", worker.signing_algorithm ) return SignatureStatus.ERROR_RESPONSE #Checking for a error response. if 'error' in input_json.keys(): return SignatureStatus.ERROR_RESPONSE input_json_params = input_json['result'] #Checking if error is response if 'code' in input_json_params.keys() and input_json_params['code'] < 0 : return SignatureStatus.ERROR_RESPONSE nonce = (input_json_params['workerNonce']).encode('UTF-8') signature = input_json_params['workerSignature'] hash_string_1 = self.__calculate_hash_on_concatenated_string(input_json_params, nonce) data_objects = input_json_params['outData'] data_objects.sort(key = lambda x:x['index']) hash_string_2 = self.__calculate_datahash(data_objects) concat_string = hash_string_1+ hash_string_2 concat_hash = bytes(concat_string, 'UTF-8') final_hash = crypto.compute_message_hash(concat_hash) verify_key = worker.worker_typedata_verification_key try: _verifying_key = crypto.SIG_PublicKey(verify_key) except Exception as error: logger.info("Error in verification key : %s", error) return SignatureStatus.INVALID_VERIFICATION_KEY decoded_signature = crypto.base64_to_byte_array(signature) sig_result =_verifying_key.VerifySignature(final_hash, decoded_signature) if sig_result == 1 : return SignatureStatus.PASSED elif sig_result == 0 : return SignatureStatus.FAILED else : return SignatureStatus.INVALID_SIGNATURE_FORMAT
def verify_signature(self, input_json, verification_key): """ Function to verify the signature received from the enclave Parameters: - input_json is dictionary contains payload returned by the Worker Service in response to successful workorder submit request as per TCF API 6.1.2 Work Order Result Payload - verification_key is ECDSA/SECP256K1 public key used to verify signatures created by the Enclave. Returns enum type SignatureStatus """ input_json_params = input_json['result'] nonce = (input_json_params['workerNonce']).encode('UTF-8') signature = input_json_params['workerSignature'] hash_string_1 = self.__calculate_hash_on_concatenated_string( input_json_params, nonce) data_objects = input_json_params['outData'] data_objects.sort(key=lambda x: x['index']) hash_string_2 = self.calculate_datahash(data_objects) concat_string = hash_string_1 + hash_string_2 concat_hash = bytes(concat_string, 'UTF-8') final_hash = crypto.compute_message_hash(concat_hash) try: _verifying_key = crypto.SIG_PublicKey(verification_key) except Exception as error: logger.info("Error in verification key : %s", error) return SignatureStatus.INVALID_VERIFICATION_KEY decoded_signature = crypto.base64_to_byte_array(signature) sig_result = _verifying_key.VerifySignature(final_hash, decoded_signature) if sig_result == 1: return SignatureStatus.PASSED elif sig_result == 0: return SignatureStatus.FAILED else: return SignatureStatus.INVALID_SIGNATURE_FORMAT
esk = crypto.SIG_PrivateKey() esk.Generate() epk = esk.GetPublicKey() except Exception as exc: logger.error( "ERROR: Signature Private and Public keys generation test failed: ", exc) sys.exit(-1) logger.debug("Signature Private and Public keys generation test successful!") try: eskString = esk.Serialize() epkString = epk.Serialize() hepkString = epk.SerializeXYToHex() esk1 = crypto.SIG_PrivateKey(eskString) epk1 = crypto.SIG_PublicKey(epkString) eskString1 = esk1.Serialize() epkString1 = epk1.Serialize() esk2 = crypto.SIG_PrivateKey() esk2.Generate() epk2 = crypto.SIG_PublicKey(esk2) eskString = esk.Serialize() esk2.Deserialize(eskString1) epk2.Deserialize(epkString1) eskString2 = esk2.Serialize() epkString2 = epk2.Serialize() except Exception as exc: logger.error( "ERROR: Signature Private and Public keys serialize/deserialize " + "test failed: ", exc) sys.exit(-1)