def _read_signer(key_filename):
"""Reads the given file as a hex key.
Args:
key_filename: The filename where the key is stored. If None,
defaults to the default key for the current user.
Returns:
Signer: the signer
Raises:
CliException: If unable to read the file.
"""
filename = key_filename
if filename is None:
filename = os.path.join(config.get_key_dir(), 'validator.priv')
try:
with open(filename, 'r') as key_file:
signing_key = key_file.read().strip()
except IOError as e:
raise CliException('Unable to read key file: {}'.format(str(e)))
try:
private_key = Secp256k1PrivateKey.from_hex(signing_key)
except ParseError as e:
raise CliException('Unable to read key in file: {}'.format(str(e)))
context = create_context('secp256k1')
crypto_factory = CryptoFactory(context)
return crypto_factory.new_signer(private_key)
def test_deserialized_wait_timer(self):
wait_timer = \
EnclaveWaitTimer(
validator_address='1600 Pennsylvania Avenue NW',
duration=3.14159,
previous_certificate_id='Bond. James Bond.',
local_mean=2.71828)
serialized = wait_timer.serialize()
private_key = self._create_random_key()
wait_timer.signature = \
create_context('secp256k1').sign(serialized.encode(), private_key)
copy_wait_timer = \
EnclaveWaitTimer.wait_timer_from_serialized(
serialized,
wait_timer.signature)
self.assertEqual(wait_timer.validator_address,
copy_wait_timer.validator_address)
self.assertAlmostEqual(wait_timer.request_time,
copy_wait_timer.request_time)
self.assertAlmostEqual(wait_timer.duration, copy_wait_timer.duration)
self.assertEqual(wait_timer.previous_certificate_id,
copy_wait_timer.previous_certificate_id)
self.assertAlmostEqual(wait_timer.local_mean,
copy_wait_timer.local_mean)
self.assertEqual(wait_timer.signature, copy_wait_timer.signature)
self.assertEqual(serialized, copy_wait_timer.serialize())
def is_valid_batch(batch):
# validate batch signature
header = BatchHeader()
header.ParseFromString(batch.header)
context = create_context('secp256k1')
public_key = Secp256k1PublicKey.from_hex(header.signer_public_key)
if not context.verify(batch.header_signature,
batch.header,
public_key):
LOGGER.debug("batch failed signature validation: %s",
batch.header_signature)
return False
# validate all transactions in batch
for txn in batch.transactions:
if not is_valid_transaction(txn):
return False
txn_header = TransactionHeader()
txn_header.ParseFromString(txn.header)
if txn_header.batcher_public_key != header.signer_public_key:
LOGGER.debug("txn batcher public_key does not match signer"
"public_key for batch: %s txn: %s",
batch.header_signature,
txn.header_signature)
return False
return True
def _create_key(self, key_name='validator.priv'):
context = create_context('secp256k1')
private_key = context.new_random_private_key()
priv_file = os.path.join(self._temp_dir, key_name)
with open(priv_file, 'w') as priv_fd:
priv_fd.write(private_key.as_hex())
return context.get_public_key(private_key).as_hex()
def setUpClass(cls):
super().setUpClass()
context = create_context('secp256k1')
private_key = Secp256k1PrivateKey.from_hex(PRIVATE)
signer = CryptoFactory(context).new_signer(private_key)
cls.factory = ValidatorRegistryMessageFactory(
signer=signer)
def __init__(self, signer):
self._factory = MessageFactory(family_name="suomi_validator_registry",
family_version="1.0",
namespace="6a4372",
signer=signer)
self.public_key_hash = hashlib.sha256(
signer.get_public_key().as_hex().encode()).hexdigest()
self._report_private_key = \
serialization.load_pem_private_key(
self.__REPORT_PRIVATE_KEY_PEM__.encode(),
password=None,
backend=backends.default_backend())
# First we need to create a public/private key pair for the PoET
# enclave to use.
context = create_context('secp256k1')
self._poet_private_key = Secp256k1PrivateKey.from_hex(
"1f70fa2518077ad18483f48e77882d11983b537fa5f7cf158684d2c670fe4f1f")
self.poet_public_key = context.get_public_key(self._poet_private_key)
def is_valid_block(block):
# validate block signature
header = BlockHeader()
header.ParseFromString(block.header)
context = create_context('secp256k1')
public_key = Secp256k1PublicKey.from_hex(header.signer_public_key)
if not context.verify(block.header_signature,
block.header,
public_key):
LOGGER.debug("block failed signature validation: %s",
block.header_signature)
return False
# validate all batches in block. These are not all batches in the
# batch_ids stored in the block header, only those sent with the block.
if not all(map(is_valid_batch, block.batches)):
return False
return True
def test_deserialized_wait_certificate(self):
wait_timer = \
EnclaveWaitTimer(
validator_address='1600 Pennsylvania Avenue NW',
duration=3.14159,
previous_certificate_id='Smart, Maxwell Smart',
local_mean=2.71828)
wait_certificate = \
EnclaveWaitCertificate.wait_certificate_with_wait_timer(
wait_timer=wait_timer,
nonce='Eeny, meeny, miny, moe.',
block_hash='Indigestion. Pepto Bismol.')
serialized = wait_certificate.serialize()
private_key = self._create_random_key()
wait_certificate.signature = \
create_context('secp256k1').sign(serialized.encode(), private_key)
copy_wait_certificate = \
EnclaveWaitCertificate.wait_certificate_from_serialized(
serialized,
wait_certificate.signature)
self.assertAlmostEqual(wait_certificate.request_time,
copy_wait_certificate.request_time)
self.assertAlmostEqual(wait_certificate.duration,
copy_wait_certificate.duration)
self.assertEqual(wait_certificate.previous_certificate_id,
copy_wait_certificate.previous_certificate_id)
self.assertAlmostEqual(wait_certificate.local_mean,
copy_wait_certificate.local_mean)
self.assertEqual(wait_certificate.validator_address,
copy_wait_certificate.validator_address)
self.assertEqual(wait_certificate.nonce, copy_wait_certificate.nonce)
self.assertEqual(wait_certificate.block_hash,
copy_wait_certificate.block_hash)
self.assertEqual(wait_certificate.signature,
copy_wait_certificate.signature)
self.assertEqual(serialized, copy_wait_certificate.serialize())
def is_valid_transaction(txn):
# validate transactions signature
header = TransactionHeader()
header.ParseFromString(txn.header)
context = create_context('secp256k1')
public_key = Secp256k1PublicKey.from_hex(header.signer_public_key)
if not context.verify(txn.header_signature,
txn.header,
public_key):
LOGGER.debug("transaction signature invalid for txn: %s",
txn.header_signature)
return False
# verify the payload field matches the header
txn_payload_sha512 = hashlib.sha512(txn.payload).hexdigest()
if txn_payload_sha512 != header.payload_sha512:
LOGGER.debug("payload doesn't match payload_sha512 of the header"
"for txn: %s", txn.header_signature)
return False
return True
def load_identity_signer(key_dir, key_name):
"""Loads a private key from the key directory, based on a validator's
identity.
Args:
key_dir (str): The path to the key directory.
key_name (str): The name of the key to load.
Returns:
Signer: the cryptographic signer for the key
"""
key_path = os.path.join(key_dir, '{}.priv'.format(key_name))
if not os.path.exists(key_path):
raise LocalConfigurationError(
"No such signing key file: {}".format(key_path))
if not os.access(key_path, os.R_OK):
raise LocalConfigurationError(
"Key file is not readable: {}".format(key_path))
LOGGER.info('Loading signing key: %s', key_path)
try:
with open(key_path, 'r') as key_file:
private_key_str = key_file.read().strip()
except IOError as e:
raise LocalConfigurationError("Could not load key file: {}".format(
str(e)))
try:
private_key = Secp256k1PrivateKey.from_hex(private_key_str)
except signing.ParseError as e:
raise LocalConfigurationError("Invalid key in file {}: {}".format(
key_path, str(e)))
context = signing.create_context('secp256k1')
crypto_factory = CryptoFactory(context)
return crypto_factory.new_signer(private_key)
def test_block_publisher_doesnt_finalize_block(
self, mock_utils, mock_validator_registry_view,
mock_consensus_state, mock_poet_enclave_factory,
mock_consensus_state_store, mock_poet_key_state_store,
mock_signup_info, mock_wait_certificate, mock_poet_settings_view,
mock_block_wrapper):
""" Test verifies that PoET Block Publisher doesn't finalize
a candidate block that doesn't have a valid wait certificate.
"""
# create a mock_validator_registry_view with
# get_validator_info that does nothing
mock_validator_registry_view.return_value.get_validator_info. \
return_value = \
ValidatorInfo(
name='validator_001',
id='validator_deadbeef',
signup_info=SignUpInfo(
poet_public_key='00112233445566778899aabbccddeeff'))
# create a mock_wait_certificate that pretends to fail
mock_wait_certificate.create_wait_certificate.side_effect = \
ValueError('Unit test fake failure')
# create a mock_consensus_state that returns a mock with
# the following settings:
mock_state = MockConsensusState().create_mock_consensus_state()
mock_consensus_state.consensus_state_for_block_id.return_value = \
mock_state
# create mock_batch_publisher
context = create_context('secp256k1')
private_key = context.new_random_private_key()
crypto_factory = CryptoFactory(context)
signer = crypto_factory.new_signer(private_key)
mock_batch_publisher = mock.Mock(identity_signer=signer)
mock_block_cache = mock.MagicMock()
mock_state_view_factory = mock.Mock()
# create mock_block_header with the following fields
mock_block = mock.Mock(identifier='0123456789abcdefedcba9876543210')
mock_block.header.signer_public_key = \
'90834587139405781349807435098745'
mock_block.header.previous_block_id = '2'
mock_block.header.block_num = 1
mock_block.header.state_root_hash = '6'
mock_block.header.batch_ids = '4'
# check test
with mock.patch('suomi_poet.poet_consensus.poet_block_publisher.'
'LOGGER') as mock_logger:
block_publisher = \
poet_block_publisher.PoetBlockPublisher(
block_cache=mock_block_cache,
state_view_factory=mock_state_view_factory,
batch_publisher=mock_batch_publisher,
data_dir=self._temp_dir,
config_dir=self._temp_dir,
validator_id='validator_deadbeef')
with mock.patch('suomi_poet.poet_consensus.'
'poet_block_publisher.json') as _:
self.assertFalse(
block_publisher.finalize_block(
block_header=mock_block.header))
# Could be a hack, but verify that the appropriate log message is
# generated - so we at least have some faith that the failure was
# because of what we are testing and not something else. I know
# that this is fragile if the log message is changed, so would
# accept any suggestions on a better way to verify that the
# function fails for the reason we expect.
(message, *_), _ = mock_logger.error.call_args
self.assertTrue('Failed to create wait certificate: ' in message)
def _signer():
context = create_context('secp256k1')
return CryptoFactory(context).new_signer(context.new_random_private_key())
def test_block_publisher_doesnt_claim_readiness(
self, mock_utils, mock_validator_registry_view,
mock_consensus_state, mock_poet_enclave_factory,
mock_consensus_state_store, mock_poet_key_state_store,
mock_signup_info, mock_wait_time, mock_poet_settings_view,
mock_block_wrapper):
""" Test verifies that PoET Block Publisher doesn't
claims readiness if the wait timer hasn't expired
"""
# create a mock_validator_registry_view with
# get_validator_info that does nothing
mock_validator_registry_view.return_value.get_validator_info. \
return_value = \
ValidatorInfo(
name='validator_001',
id='validator_deadbeef',
signup_info=SignUpInfo(
poet_public_key='00112233445566778899aabbccddeeff'))
# create a mock_consensus_state that returns a mock with
# the following settings:
mock_state = MockConsensusState.create_mock_consensus_state()
mock_consensus_state.consensus_state_for_block_id.return_value = \
mock_state
mock_consensus_state_store.return_value.__getitem__.return_value = \
mock_consensus_state
# Create mock key state
mock_poet_key_state_store.return_value.__getitem__.return_value = \
mock.Mock(
sealed_signup_data='sealed signup data',
has_been_refreshed=False)
# create mock_signup_info
mock_signup_info.unseal_signup_data.return_value = \
'00112233445566778899aabbccddeeff'
# create mock_batch_publisher
context = create_context('secp256k1')
private_key = context.new_random_private_key()
crypto_factory = CryptoFactory(context)
signer = crypto_factory.new_signer(private_key)
mock_batch_publisher = mock.Mock(identity_signer=signer)
mock_block_cache = mock.MagicMock()
mock_state_view_factory = mock.Mock()
# create mock_block_header with the following fields
mock_block = mock.Mock(identifier='0123456789abcdefedcba9876543210')
mock_block.header.signer_public_key = \
'90834587139405781349807435098745'
mock_block.header.previous_block_id = '2'
mock_block.header.block_num = 1
mock_block.header.state_root_hash = '6'
mock_block.header.batch_ids = '4'
# create a mock_wait_timer that hasn't expired yet
my_wait_time = mock.Mock()
my_wait_time.has_expired.return_value = False
mock_wait_time.create_wait_timer.return_value = my_wait_time
# create mock_poet_enclave_module
mock_poet_enclave_module = mock.Mock()
mock_poet_enclave_module.return_value = \
mock_poet_enclave_factory.get_poet_enclave_module.return_value
# check test
block_publisher = \
poet_block_publisher.PoetBlockPublisher(
block_cache=mock_block_cache,
state_view_factory=mock_state_view_factory,
batch_publisher=mock_batch_publisher,
data_dir=self._temp_dir,
config_dir=self._temp_dir,
validator_id='validator_deadbeef')
# check initialize_block() first to set wait_timer
self.assertTrue(
block_publisher.initialize_block(block_header=mock_block.header))
# check that block_publisher only claims readiness
# when the wait_timer has expired
self.assertFalse(
block_publisher.check_publish_block(
block_header=mock_block.header))
def test_no_validator_registry(
self, mock_utils, mock_validator_registry_view,
mock_consensus_state, mock_poet_enclave_factory,
mock_consensus_state_store, mock_poet_key_state_store,
mock_signup_info, mock_poet_settings_view, mock_block_wrapper):
""" Test verifies that PoET Block Publisher fails
if a validator doesn't have any signup info
in the validator registry (the validator is not listed
in the validator registry)
"""
# create a mock_validator_registry_view that throws KeyError
mock_validator_registry_view.return_value.get_validator_info. \
side_effect = KeyError('Non-existent validator')
# create a mock_wait_certificate that does nothing in check_valid
mock_wait_certificate = mock.Mock()
mock_wait_certificate.check_valid.return_value = None
mock_utils.deserialize_wait_certificate.return_value = \
mock_wait_certificate
# create a mock_consensus_state that returns a mock with
# the following settings:
mock_state = MockConsensusState.create_mock_consensus_state()
mock_consensus_state.consensus_state_for_block_id.return_value = \
mock_state
mock_poet_key_state_store.return_value = \
_MockPoetKeyStateStore(active_key=None)
# create mock_signup_info
mock_signup_info.create_signup_info.return_value = \
mock.Mock(
poet_public_key='poet public key',
proof_data='proof data',
anti_sybil_id='anti-sybil ID',
sealed_signup_data='sealed signup data')
mock_signup_info.block_id_to_nonce.return_value = 'nonce'
# create mock_batch_publisher
context = create_context('secp256k1')
private_key = context.new_random_private_key()
crypto_factory = CryptoFactory(context)
signer = crypto_factory.new_signer(private_key)
mock_batch_publisher = mock.Mock(identity_signer=signer)
mock_block_cache = mock.MagicMock()
mock_state_view_factory = mock.Mock()
# create mock_block_header with the following fields
mock_block = mock.Mock(identifier='0123456789abcdefedcba9876543210')
mock_block.header.signer_public_key = \
'90834587139405781349807435098745'
mock_block.header.previous_block_id = '2'
mock_block.header.block_num = 1
mock_block.header.state_root_hash = '6'
mock_block.header.batch_ids = '4'
# check test
block_publisher = \
poet_block_publisher.PoetBlockPublisher(
block_cache=mock_block_cache,
state_view_factory=mock_state_view_factory,
batch_publisher=mock_batch_publisher,
data_dir=self._temp_dir,
config_dir=self._temp_dir,
validator_id='validator_deadbeef')
self.assertFalse(
block_publisher.initialize_block(block_header=mock_block.header))
# check that batch publisher was called to send out
# the txn header and txn for the validator registry update
self.assertTrue(mock_batch_publisher.send.called)
def test_z_policy(self, mock_utils, mock_validator_registry_view,
mock_consensus_state, mock_poet_enclave_factory,
mock_consensus_state_store, mock_poet_key_state_store,
mock_signup_info, mock_poet_settings_view,
mock_block_wrapper):
""" Z Policy: Test verifies that PoET Block Publisher fails
if a validator attempts to claim more blocks frequently than is allowed
"""
# create a mock_validator_registry_view with
# get_validator_info that does nothing
mock_validator_registry_view.return_value.get_validator_info. \
return_value = \
ValidatorInfo(
name='validator_001',
id='validator_deadbeef',
signup_info=SignUpInfo(
poet_public_key='00112233445566778899aabbccddeeff'))
# create a mock_wait_certificate that does nothing in check_valid
mock_wait_certificate = mock.Mock()
mock_wait_certificate.check_valid.return_value = None
mock_utils.deserialize_wait_certificate.return_value = \
mock_wait_certificate
# create a mock_consensus_state that returns a mock with
# the following settings:
mock_state = MockConsensusState.create_mock_consensus_state(
claiming_too_frequently=True)
mock_consensus_state.consensus_state_for_block_id.return_value = \
mock_state
mock_consensus_state_store.return_value.__getitem__.return_value = \
mock_consensus_state
# Create mock key state
mock_poet_key_state_store.return_value.__getitem__.return_value = \
mock.Mock(
sealed_signup_data='sealed signup data',
has_been_refreshed=False)
# create mock_signup_info
mock_signup_info.unseal_signup_data.return_value = \
'00112233445566778899aabbccddeeff'
# create mock_batch_publisher
context = create_context('secp256k1')
private_key = context.new_random_private_key()
crypto_factory = CryptoFactory(context)
signer = crypto_factory.new_signer(private_key)
mock_batch_publisher = mock.Mock(identity_signer=signer)
mock_block_cache = mock.MagicMock()
mock_state_view_factory = mock.Mock()
# create mock_block_header with the following fields
mock_block = mock.Mock(identifier='0123456789abcdefedcba9876543210')
mock_block.header.signer_public_key = \
'90834587139405781349807435098745'
mock_block.header.previous_block_id = '2'
mock_block.header.block_num = 1
mock_block.header.state_root_hash = '6'
mock_block.header.batch_ids = '4'
# check test
with mock.patch('suomi_poet.poet_consensus.poet_block_publisher.'
'LOGGER') as mock_logger:
block_publisher = \
poet_block_publisher.PoetBlockPublisher(
block_cache=mock_block_cache,
state_view_factory=mock_state_view_factory,
batch_publisher=mock_batch_publisher,
data_dir=self._temp_dir,
config_dir=self._temp_dir,
validator_id='validator_deadbeef')
self.assertFalse(
block_publisher.initialize_block(
block_header=mock_block.header))
# Could be a hack, but verify that the appropriate log message is
# generated - so we at least have some faith that the failure was
# because of what we are testing and not something else. I know
# that this is fragile if the log message is changed, so would
# accept any suggestions on a better way to verify that the
# function fails for the reason we expect.
(message, *_), _ = mock_logger.info.call_args
self.assertTrue('Validator is claiming blocks too '
'frequently' in message)
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ------------------------------------------------------------------------------
import random
import string
import hashlib
from suomi_signing import create_context
CONTEXT = create_context('secp256k1')
def random_name(length=16):
return ''.join(random.SystemRandom().choice(string.ascii_uppercase +
string.digits)
for _ in range(length))
def create_random_private_key():
return CONTEXT.new_random_private_key()
def create_random_public_key():
return CONTEXT.get_public_key(create_random_private_key())
class _PoetEnclaveSimulator(object):
# A lock to protect threaded access
_lock = threading.Lock()
# The private key we generate to sign the certificate ID when creating
# the random wait timeout value
_context = create_context('secp256k1')
_seal_private_key = Secp256k1PrivateKey.new_random()
# The basename and enclave measurement values we will put into and verify
# are in the enclave quote in the attestation verification report.
__VALID_BASENAME__ = \
bytes.fromhex(
'b785c58b77152cbe7fd55ee3851c4990'
'00000000000000000000000000000000')
__VALID_ENCLAVE_MEASUREMENT__ = \
bytes.fromhex(
'c99f21955e38dbb03d2ca838d3af6e43'
'ef438926ed02db4cc729380c8c7a174e')
# We use the report private key PEM to create the private key used to
# sign attestation verification reports. On the flip side, the report
# public key PEM is used to create the public key used to verify the
# signature on the attestation verification reports.
__REPORT_PRIVATE_KEY_PEM__ = \
'-----BEGIN PRIVATE KEY-----\n' \
'MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCsy/NmLwZP6Uj0\n' \
'p5mIiefgK8VOK7KJ34g3h0/X6aFOd/Ff4j+e23wtQpkxsjVHWLM5SjElGhfpVDhL\n' \
'1WAMsQI9bpCWR4sjV6p7gOJhv34nkA2Grj5eSHCAJRQXCl+pJ9dYIeKaNoaxkdtq\n' \
'+Xme//ohtkkv/ZjMTfsjMl0RLXokJ+YhSuTpNSovRaCtZfLB5MihVJuV3Qzb2ROh\n' \
'KQxcuyPy9tBtOIrBWJaFiXOLRxAijs+ICyzrqUBbRfoAztkljIBx9KNItHiC4zPv\n' \
'o6DxpGSO2yMQSSrs13PkfyGWVZSgenEYOouEz07X+H5B29PPuW5mCl4nkoH3a9gv\n' \
'rI6VLEx9AgMBAAECggEAImfFge4RCq4/eX85gcc7pRXyBjuLJAqe+7d0fWAmXxJg\n' \
'vB+3XTEEi5p8GDoMg7U0kk6kdGe6pRnAz9CffEduU78FCPcbzCCzcD3cVWwkeUok\n' \
'd1GQV4OC6vD3DBNjsrGdHg45KU18CjUphCZCQhdjvXynG+gZmWxZecuYXkg4zqPT\n' \
'LwOkcdWBPhJ9CbjtiYOtKDZbhcbdfnb2fkxmvnAoz1OWNfVFXh+x7651FrmL2Pga\n' \
'xGz5XoxFYYT6DWW1fL6GNuVrd97wkcYUcjazMgunuUMC+6XFxqK+BoqnxeaxnsSt\n' \
'G2r0sdVaCyK1sU41ftbEQsc5oYeQ3v5frGZL+BgrYQKBgQDgZnjqnVI/B+9iarx1\n' \
'MjAFyhurcKvFvlBtGKUg9Q62V6wI4VZvPnzA2zEaR1J0cZPB1lCcMsFACpuQF2Mr\n' \
'3VDyJbnpSG9q05POBtfLjGQdXKtGb8cfXY2SwjzLH/tvxHm3SP+RxvLICQcLX2/y\n' \
'GTJ+mY9C6Hs6jIVLOnMWkRWamQKBgQDFITE3Qs3Y0ZwkKfGQMKuqJLRw29Tyzw0n\n' \
'XKaVmO/pEzYcXZMPBrFhGvdmNcJLo2fcsmGZnmit8RP4ChwHUlD11dH1Ffqw9FWc\n' \
'387i0chlE5FhQPirSM8sWFVmjt2sxC4qFWJoAD/COQtKHgEaVKVc4sH/yRostL1C\n' \
'r+7aWuqzhQKBgQDcuC5LJr8VPGrbtPz1kY3mw+r/cG2krRNSm6Egj6oO9KFEgtCP\n' \
'zzjKQU9E985EtsqNKI5VdR7cLRLiYf6r0J6j7zO0IAlnXADP768miUqYDuRw/dUw\n' \
'JsbwCZneefDI+Mp325d1/egjla2WJCNqUBp4p/Zf62f6KOmbGzzEf6RuUQKBgG2y\n' \
'E8YRiaTOt5m0MXUwcEZk2Hg5DF31c/dkalqy2UYU57aPJ8djzQ8hR2x8G9ulWaWJ\n' \
'KiCm8s9gaOFNFt3II785NfWxPmh7/qwmKuUzIdWFNxAsbHQ8NvURTqyccaSzIpFO\n' \
'hw0inlhBEBQ1cB2r3r06fgQNb2BTT0Itzrd5gkNVAoGBAJcMgeKdBMukT8dKxb4R\n' \
'1PgQtFlR3COu2+B00pDyUpROFhHYLw/KlUv5TKrH1k3+E0KM+winVUIcZHlmFyuy\n' \
'Ilquaova1YSFXP5cpD+PKtxRV76Qlqt6o+aPywm81licdOAXotT4JyJhrgz9ISnn\n' \
'J13KkHoAZ9qd0rX7s37czb3O\n' \
'-----END PRIVATE KEY-----'
_report_private_key = \
serialization.load_pem_private_key(
__REPORT_PRIVATE_KEY_PEM__.encode(),
password=None,
backend=backends.default_backend())
# The anti-sybil ID for this particular validator. This will get set when
# the enclave is initialized
_anti_sybil_id = None
MINIMUM_WAIT_TIME = 1.0
@classmethod
def initialize(cls, config_dir, data_dir):
# See if our configuration file exists. If so, then we are going to
# see if there is a configuration value for the validator ID. If so,
# then we'll use that when constructing the simulated anti-Sybil ID.
# Otherwise, we are going to fall back on trying to create one that is
# unique.
validator_id = datetime.datetime.now().isoformat()
config_file = os.path.join(config_dir, 'poet_enclave_simulator.toml')
if os.path.exists(config_file):
LOGGER.info('Loading PoET enclave simulator config from : %s',
config_file)
try:
with open(config_file) as fd:
toml_config = toml.loads(fd.read())
except IOError as e:
LOGGER.info(
'Error loading PoET enclave simulator configuration: %s',
e)
LOGGER.info('Continuing with default configuration')
invalid_keys = set(toml_config.keys()).difference(['validator_id'])
if invalid_keys:
LOGGER.warning(
'Ignoring invalid keys in PoET enclave simulator config: '
'%s', ', '.join(sorted(list(invalid_keys))))
validator_id = toml_config.get('validator_id', validator_id)
LOGGER.debug('PoET enclave simulator creating anti-Sybil ID from: %s',
validator_id)
# Create an anti-Sybil ID that is unique for this validator
cls._anti_sybil_id = hashlib.sha256(validator_id.encode()).hexdigest()
@classmethod
def shutdown(cls):
pass
@classmethod
def get_enclave_measurement(cls):
return cls.__VALID_ENCLAVE_MEASUREMENT__.hex()
@classmethod
def get_enclave_basename(cls):
return cls.__VALID_BASENAME__.hex()
@classmethod
def create_signup_info(cls, originator_public_key_hash, nonce):
with cls._lock:
# First we need to create a public/private key pair for the PoET
# enclave to use.
# Counter ID is a placeholder for a hardware counter in a TEE.
poet_private_key = Secp256k1PrivateKey.new_random()
poet_public_key = \
cls._context.get_public_key(poet_private_key)
counter_id = None
# Simulate sealing (encrypting) the signup data.
signup_data = {
'poet_private_key': poet_private_key.as_hex(),
'poet_public_key': poet_public_key.as_hex(),
'counter_id': counter_id
}
sealed_signup_data = \
base64.b64encode(
dict2json(signup_data).encode()).decode('utf-8')
# Build up a fake SGX quote containing:
# 1. The basename
# 2. The report body that contains:
# a. The enclave measurement
# b. The report data SHA256(SHA256(OPK)|PPK)
sgx_basename = \
sgx_structs.SgxBasename(name=cls.__VALID_BASENAME__)
sgx_measurement = \
sgx_structs.SgxMeasurement(
m=cls.__VALID_ENCLAVE_MEASUREMENT__)
hash_input = \
'{0}{1}'.format(
originator_public_key_hash.upper(),
poet_public_key.as_hex().upper()).encode()
report_data = hashlib.sha256(hash_input).digest()
sgx_report_data = sgx_structs.SgxReportData(d=report_data)
sgx_report_body = \
sgx_structs.SgxReportBody(
mr_enclave=sgx_measurement,
report_data=sgx_report_data)
sgx_quote = \
sgx_structs.SgxQuote(
basename=sgx_basename,
report_body=sgx_report_body)
# Create a fake PSE manifest. A base64 encoding of the
# originator public key hash should suffice.
pse_manifest = \
base64.b64encode(originator_public_key_hash.encode())
timestamp = datetime.datetime.now().isoformat()
# Fake our "proof" data.
verification_report = {
'epidPseudonym':
cls._anti_sybil_id,
'id':
base64.b64encode(
hashlib.sha256(
timestamp.encode()).hexdigest().encode()).decode(),
'isvEnclaveQuoteStatus':
'OK',
'isvEnclaveQuoteBody':
base64.b64encode(sgx_quote.serialize_to_bytes()).decode(),
'pseManifestStatus':
'OK',
'pseManifestHash':
hashlib.sha256(base64.b64decode(pse_manifest)).hexdigest(),
'nonce':
nonce,
'timestamp':
timestamp
}
# Serialize the verification report, sign it, and then put
# in the proof data
verification_report_json = dict2json(verification_report)
signature = \
cls._report_private_key.sign(
verification_report_json.encode(),
padding.PKCS1v15(),
hashes.SHA256())
proof_data_dict = {
'evidence_payload': {
'pse_manifest': pse_manifest.decode()
},
'verification_report': verification_report_json,
'signature': base64.b64encode(signature).decode()
}
proof_data = dict2json(proof_data_dict)
return \
EnclaveSignupInfo(
poet_public_key=signup_data['poet_public_key'],
proof_data=proof_data,
anti_sybil_id=cls._anti_sybil_id,
sealed_signup_data=sealed_signup_data)
@classmethod
def deserialize_signup_info(cls, serialized_signup_info):
return \
EnclaveSignupInfo.signup_info_from_serialized(
serialized_signup_info=serialized_signup_info)
@classmethod
def unseal_signup_data(cls, sealed_signup_data):
"""
Args:
sealed_signup_data: Sealed signup data that was returned
previously in a EnclaveSignupInfo object from a call to
create_signup_info
Returns:
A string The hex encoded PoET public key that was extracted from
the sealed data
"""
# Reverse the process we used in creating "sealed" signup info.
# Specifically, we will do a base 64 decode, which gives us JSON
# we can convert back to a dictionary we can use to get the
# data we need
signup_data = \
json2dict(base64.b64decode(sealed_signup_data.encode()).decode())
return signup_data.get('poet_public_key')
@classmethod
def release_signup_data(cls, sealed_signup_data):
"""
Args:
sealed_signup_data: Sealed signup data that was returned
previously in a EnclaveSignupInfo object from a call to
create_signup_info
"""
# This is a standin method to release enclave resources associated
# with this signup. This is not currently relevant to the simulator
# but it must match the interface with the HW enclave.
pass
@classmethod
def create_wait_timer(cls, sealed_signup_data, validator_address,
previous_certificate_id, local_mean):
with cls._lock:
# Extract keys from the 'sealed' signup data
signup_data = \
json2dict(
base64.b64decode(sealed_signup_data.encode()).decode())
poet_private_key = signup_data['poet_private_key']
if poet_private_key is None:
raise \
ValueError(
'Invalid signup data. No poet private key.')
try:
poet_private_key = Secp256k1PrivateKey.from_hex(
poet_private_key)
except ParseError:
raise \
ValueError(
'Invalid signup data. Badly formatted poet key(s).')
# In a TEE implementation we would increment the HW counter here.
# We can't usefully simulate a HW counter though.
# Create some value from the cert ID. We are just going to use
# the seal key to sign the cert ID. We will then use the
# low-order 64 bits to change that to a number [0, 1]
tag = \
base64.b64decode(
cls._context.sign(
previous_certificate_id.encode(),
cls._seal_private_key))
tagd = float(struct.unpack('Q', tag[-8:])[0]) / (2**64 - 1)
# Now compute the duration with a minimum wait time guaranteed
duration = \
_PoetEnclaveSimulator.MINIMUM_WAIT_TIME \
- local_mean * math.log(tagd)
# Create and sign the wait timer
wait_timer = \
EnclaveWaitTimer(
validator_address=validator_address,
duration=duration,
previous_certificate_id=previous_certificate_id,
local_mean=local_mean)
wait_timer.signature = \
cls._context.sign(
wait_timer.serialize().encode(),
poet_private_key)
return wait_timer
@classmethod
def deserialize_wait_timer(cls, serialized_timer, signature):
return \
EnclaveWaitTimer.wait_timer_from_serialized(
serialized_timer=serialized_timer,
signature=signature)
@classmethod
def create_wait_certificate(cls, sealed_signup_data, wait_timer,
block_hash):
with cls._lock:
# Extract keys from the 'sealed' signup data
if sealed_signup_data is None:
raise ValueError('Sealed Signup Data is None')
signup_data = \
json2dict(
base64.b64decode(sealed_signup_data.encode()).decode())
poet_private_key = signup_data['poet_private_key']
poet_public_key = signup_data['poet_public_key']
if poet_private_key is None or poet_public_key is None:
raise \
ValueError(
'Invalid signup data. No poet key(s).')
try:
poet_public_key = Secp256k1PublicKey.from_hex(poet_public_key)
poet_private_key = Secp256k1PrivateKey.from_hex(
poet_private_key)
except ParseError:
raise \
ValueError(
'Invalid signup data. Badly formatted poet key(s).')
# Several criteria need to be met before we can create a wait
# certificate:
# 1. This signup data was used to sign this timer.
# i.e. the key sealed / unsealed by the TEE signed this
# wait timer.
# 2. This timer has expired
# 3. This timer has not timed out
#
# In a TEE implementation we would check HW counter agreement.
# We can't usefully simulate a HW counter though.
# i.e. wait_timer.counter_value == signup_data.counter.value
#
# Note - we make a concession for the genesis block (i.e., a wait
# timer for which the previous certificate ID is the Null
# identifier) in that we don't require the timer to have expired
# and we don't worry about the timer having timed out.
if wait_timer is None or \
not cls._context.verify(
wait_timer.signature,
wait_timer.serialize().encode(),
poet_public_key):
raise \
ValueError(
'Validator is not using the current wait timer')
is_not_genesis_block = \
(wait_timer.previous_certificate_id !=
NULL_BLOCK_IDENTIFIER)
now = time.time()
expire_time = \
wait_timer.request_time + \
wait_timer.duration
if is_not_genesis_block and now < expire_time:
raise \
ValueError(
'Cannot create wait certificate because timer has '
'not expired')
time_out_time = \
wait_timer.request_time + \
wait_timer.duration + \
TIMER_TIMEOUT_PERIOD
if is_not_genesis_block and time_out_time < now:
raise \
ValueError(
'Cannot create wait certificate because timer '
'has timed out')
# Create a random nonce for the certificate. For our "random"
# nonce we will take the timer signature, concat that with the
# current time, JSON-ize it and create a SHA-256 hash over it.
# Probably not considered random by security professional
# standards, but it is good enough for the simulator.
random_string = \
dict2json({
'wait_timer_signature': wait_timer.signature,
'now': datetime.datetime.utcnow().isoformat()
})
nonce = hashlib.sha256(random_string.encode()).hexdigest()
# First create a new enclave wait certificate using the data
# provided and then sign the certificate with the PoET private key
wait_certificate = \
EnclaveWaitCertificate.wait_certificate_with_wait_timer(
wait_timer=wait_timer,
nonce=nonce,
block_hash=block_hash)
wait_certificate.signature = \
cls._context.sign(
wait_certificate.serialize().encode(),
poet_private_key)
# In a TEE implementation we would increment the HW counter here
# to prevent replay.
# We can't usefully simulate a HW counter though.
return wait_certificate
@classmethod
def deserialize_wait_certificate(cls, serialized_certificate, signature):
return \
EnclaveWaitCertificate.wait_certificate_from_serialized(
serialized_certificate=serialized_certificate,
signature=signature)
@classmethod
def verify_wait_certificate(cls, certificate, poet_public_key):
# Since the signing module uses a hex-encoded string as the canonical
# format for public keys and we should be handed a public key that was
# part of signup information created by us, don't bother decoding
# the public key.
try:
poet_public_key = Secp256k1PublicKey.from_hex(poet_public_key)
except ParseError:
raise \
ValueError(
'Invalid signup data. Badly formatted poet key(s).')
if not \
cls._context.verify(
certificate.signature,
certificate.serialize().encode(),
poet_public_key):
raise ValueError('Wait certificate signature does not match')
def handle(self, connection_id, message_content):
"""
When the validator receives an AuthorizationChallengeSubmit message, it
will verify the public key against the signature. If the public key is
verified, the requested roles will be checked against the stored roles
to see if the public key is included in the policy. If the node’s
response is accepted, the node’s public key will be stored and the
requester may start sending messages for the approved roles.
If the requester wanted a role that is either not available on the
endpoint, the requester does not have access to one of the roles
requested, or the previous message was not an
AuthorizationChallengeRequest, the challenge will be rejected and the
connection will be closed.
"""
if self._network.get_connection_status(connection_id) != \
ConnectionStatus.AUTH_CHALLENGE_REQUEST:
LOGGER.debug("Connection's previous message was not a"
" AuthorizationChallengeRequest, Remove connection to"
"%s",
connection_id)
return AuthorizationChallengeSubmitHandler \
._network_violation_result()
auth_challenge_submit = AuthorizationChallengeSubmit()
auth_challenge_submit.ParseFromString(message_content)
try:
payload = self._challenge_payload_cache[connection_id]
except KeyError:
LOGGER.debug("Connection's challenge payload expired before a"
"response was received. %s", connection_id)
return AuthorizationChallengeSubmitHandler \
._network_violation_result()
context = create_context('secp256k1')
try:
public_key = Secp256k1PublicKey.from_hex(
auth_challenge_submit.public_key)
except ParseError:
LOGGER.warning('Authorization Challenge Request cannot be '
'verified. Invalid public key %s',
auth_challenge_submit.public_key)
return AuthorizationChallengeSubmitHandler \
._network_violation_result()
if not context.verify(auth_challenge_submit.signature,
payload,
public_key):
LOGGER.warning("Signature was not able to be verifed. Remove "
"connection to %s", connection_id)
return AuthorizationChallengeSubmitHandler \
._network_violation_result()
roles = self._network.roles
for role in auth_challenge_submit.roles:
if role == RoleType.Value("NETWORK") or role == \
RoleType.Value("ALL"):
permitted = False
if "network" in roles:
permitted = self._permission_verifier.check_network_role(
auth_challenge_submit.public_key)
if not permitted:
return AuthorizationChallengeSubmitHandler \
._network_violation_result()
self._network.update_connection_public_key(
connection_id,
auth_challenge_submit.public_key)
if RoleType.Value("NETWORK") in auth_challenge_submit.roles:
# Need to send ConnectionRequest to authorize ourself with the
# connection if they initialized the connection
try:
is_outbound_connection = self._network.is_outbound_connection(
connection_id)
except KeyError:
# Connection has gone away, drop message
return HandlerResult(HandlerStatus.DROP)
if not is_outbound_connection:
self._network.send_connect_request(connection_id)
else:
# If this is an outbound connection, authorization is complete
# for both connections and peering/topology build out can
# begin.
self._gossip.connect_success(connection_id)
auth_challenge_result = AuthorizationChallengeResult(
roles=[RoleType.Value("NETWORK")])
LOGGER.debug("Connection: %s is approved", connection_id)
self._network.update_connection_status(
connection_id,
ConnectionStatus.CONNECTED)
return HandlerResult(
HandlerStatus.RETURN,
message_out=auth_challenge_result,
message_type=validator_pb2.Message.AUTHORIZATION_CHALLENGE_RESULT)
def test_block_publisher_finalize_block(
self, mock_utils, mock_validator_registry_view,
mock_consensus_state, mock_poet_enclave_factory,
mock_consensus_state_store, mock_poet_key_state_store,
mock_signup_info, mock_wait_certificate, mock_poet_settings_view,
mock_block_wrapper):
""" Test verifies that PoET Block Publisher finalizes the block,
meaning that the candidate block is good and should be generated.
"""
# create a mock_validator_registry_view with
# get_validator_info that does nothing
mock_validator_registry_view.return_value.get_validator_info. \
return_value = \
ValidatorInfo(
name='validator_001',
id='validator_deadbeef',
signup_info=SignUpInfo(
poet_public_key='00112233445566778899aabbccddeeff'))
# create a mock_wait_certificate that does nothing in check_valid
my_wait_certificate = mock.Mock()
my_wait_certificate.check_valid.return_value = None
mock_wait_certificate.create_wait_certificate.return_value = \
my_wait_certificate
# create a mock_consensus_state that returns a mock with
# the following settings:
mock_state = MockConsensusState().create_mock_consensus_state()
mock_consensus_state.consensus_state_for_block_id.return_value = \
mock_state
# create mock_batch_publisher
context = create_context('secp256k1')
private_key = context.new_random_private_key()
crypto_factory = CryptoFactory(context)
signer = crypto_factory.new_signer(private_key)
mock_batch_publisher = mock.Mock(identity_signer=signer)
mock_block_cache = mock.MagicMock()
mock_state_view_factory = mock.Mock()
# create mock_block_header with the following fields
mock_block = mock.Mock(identifier='0123456789abcdefedcba9876543210')
mock_block.header.signer_public_key = \
'90834587139405781349807435098745'
mock_block.header.previous_block_id = '2'
mock_block.header.block_num = 1
mock_block.header.state_root_hash = '6'
mock_block.header.batch_ids = '4'
# check test
block_publisher = \
poet_block_publisher.PoetBlockPublisher(
block_cache=mock_block_cache,
state_view_factory=mock_state_view_factory,
batch_publisher=mock_batch_publisher,
data_dir=self._temp_dir,
config_dir=self._temp_dir,
validator_id='validator_deadbeef')
with mock.patch('suomi_poet.poet_consensus.'
'poet_block_publisher.json') as _:
self.assertTrue(
block_publisher.finalize_block(block_header=mock_block.header))
