def evaluate(self) :
"""
evaluate the request using the enclave service
"""
encrypted_session_key = self.__encrypt_session_key()
# Encrypt the request
serialized_byte_array = crypto.string_to_byte_array(self.__serialize_for_encryption())
encrypted_request_raw = crypto.SKENC_EncryptMessage(self.session_key, serialized_byte_array)
encrypted_request = crypto.byte_array_to_base64(encrypted_request_raw)
try :
self.contract_state.push_state_to_eservice(self.enclave_service)
encoded_encrypted_response = self.enclave_service.send_to_contract(encrypted_session_key, encrypted_request)
logger.debug("raw response from enclave: %s", encoded_encrypted_response)
except Exception as e:
logger.warn('contract invocation failed; %s', str(e))
raise InvocationException('contract invocation failed') from e
try :
decrypted_response = self.__decrypt_response(encoded_encrypted_response)
response_string = crypto.byte_array_to_string(decrypted_response)
response_parsed = json.loads(response_string[0:-1])
logger.debug("parsed response: %s", response_parsed)
contract_response = ContractResponse(self, response_parsed)
except Exception as e:
logger.warn('contract response is invalid; %s', str(e))
raise InvocationException('contract response is invalid') from e
return contract_response
def evaluate(self):
encrypted_session_key = self.__encrypt_session_key()
# Encrypt the request
serialized_byte_array = crypto.string_to_byte_array(
self.__serialize_for_encryption())
encrypted_request_raw = crypto.SKENC_EncryptMessage(
self.session_key, serialized_byte_array)
encrypted_request = crypto.byte_array_to_base64(encrypted_request_raw)
try:
# Check and conditionally put the encrypted state into the block store if it is non-empty
state_hash_b64 = self.contract_state.getStateHash(encoding='b64')
if state_hash_b64:
block_store_len = self.enclave_service.block_store_head(
state_hash_b64)
if block_store_len <= 0:
# This block wasn't present in the block store of this enclave service - need to send it
logger.debug(
"Block store did not contain block '%s' - sending it",
state_hash_b64)
ret = self.enclave_service.block_store_put(
state_hash_b64, self.contract_state.encrypted_state)
if ret != True:
logger.exception("block_store_put failed for key %s",
state_hash_b64)
raise
encoded_encrypted_response = self.enclave_service.send_to_contract(
encrypted_session_key, encrypted_request)
if encoded_encrypted_response == None:
logger.exception(
"send_to_contract failed but no exception was thrown")
raise
logger.debug("raw response from enclave: %s",
encoded_encrypted_response)
except:
logger.exception('contract invocation failed')
raise
try:
decrypted_response = self.__decrypt_response(
encoded_encrypted_response)
response_string = crypto.byte_array_to_string(decrypted_response)
response_parsed = json.loads(response_string[0:-1])
logger.debug("parsed response: %s", response_parsed)
contract_response = ContractResponse(self, response_parsed)
except Exception as e:
logger.exception('contract response is invalid: ' + str(e))
raise
return contract_response
def evaluate(self) :
"""
evaluate the request using the enclave service
"""
assert self.operation == 'update'
# Encrypt the request
serialized_byte_array = crypto.string_to_byte_array(self.__serialize_for_encryption())
encrypted_request = bytes(crypto.SKENC_EncryptMessage(self.session_key, serialized_byte_array))
encrypted_key = bytes(self.enclave_keys.encrypt(self.session_key))
try :
self.contract_state.push_state_to_eservice(self.enclave_service)
encrypted_response = self.enclave_service.send_to_contract(encrypted_key, encrypted_request)
except Exception as e:
logger.warn('contract invocation failed; %s', str(e))
raise InvocationException('contract invocation failed') from e
try :
decrypted_response = crypto.SKENC_DecryptMessage(self.session_key, encrypted_response)
except Exception as e:
logger.exception('failed to decrypt response; %s', encrypted_response)
raise InvocationException('contract response cannot be decrypted')
try :
response_string = crypto.byte_array_to_string(decrypted_response)
response_parsed = json.loads(response_string[0:-1])
logger.debug("parsed response: %s", response_parsed)
except Exception as e:
logger.exception('contract response is invalid; %s', str(e))
raise InvocationException('failed to parse contract response') from e
# if response_parsed['Status'] is False :
# raise InvocationException(response_parsed['InvocationResponse'])
try :
if response_parsed['Status'] and response_parsed['StateChanged'] :
contract_response = UpdateStateResponse(self, response_parsed)
else :
contract_response = ContractResponse(self, response_parsed)
except Exception as e:
logger.exception('contract response is invalid; %s', str(e))
raise InvocationException('contract response is invalid') from e
return contract_response
def save(self, config, password):
"""serialize the profile, encrypt it and write it to disk
"""
serialized_profile = self.serialize()
skenc_key = Profile.__encryption_key__(password)
encrypted_profile = crypto.SKENC_EncryptMessage(
skenc_key, serialized_profile)
encrypted_profile = bytes(encrypted_profile)
profile_file = Profile.__profile_file_name__(config, self.name)
profile_dir = os.path.dirname(profile_file)
if not os.path.isdir(profile_dir):
os.makedirs(profile_dir)
with open(profile_file, "wb") as pf:
pf.write(encrypted_profile)
logger.info('profile saved to %s', profile_file)
#TEST AES-GCM
try:
iv = crypto.SKENC_GenerateIV()
except Exception as exc:
logger.error("ERROR: Symmetric encryption iv generation test failed: ",
exc)
sys.exit(-1)
try:
key = crypto.SKENC_GenerateKey()
except Exception as exc:
logger.error("ERROR: Symmetric encryption key generation test failed: ",
exc)
sys.exit(-1)
try:
crypto.SKENC_EncryptMessage(iv, None, msg)
logger.error(
"ERROR: Symmetric encryption invalid key detection test failed: not detected."
)
sys.exit(-1)
except Exception as exc:
if (type(exc) == ValueError):
logger.debug(
"Symmetric encryption invalid key detection test successful!")
else:
logger.error(
"ERROR: Symmetric encryption invalid key detection test failed: ",
exc)
sys.exit(-1)
try:
crypto.SKENC_EncryptMessage(None, key, msg)
def __encrypt_request(self):
serialized_byte_array = crypto.string_to_byte_array(
self.__serialize_for_encryption())
encrypted_request = crypto.SKENC_EncryptMessage(
self.session_key, self.session_iv, serialized_byte_array)
return crypto.byte_array_to_base64(encrypted_request)
