def verify_and_unseal_blob( public_key_pem, secret, blob_data ):
"""
verify and unseal a serialized string of JSON
"""
global CRYPTO_INITED
if not CRYPTO_INITED:
c_syndicate.crypto_init()
CRYPTO_INITED = True
# verify it
rc, sealed_data = syndicate_crypto.verify_and_parse_json( public_key_pem, blob_data )
if rc != 0:
logger.error("Failed to verify and parse blob, rc = %s" % rc)
return None
logger.info("Unsealing credential data")
rc, data = c_syndicate.symmetric_unseal( sealed_data, secret )
if rc != 0:
logger.error("Failed to unseal blob, rc = %s" % rc )
return None
return data
def verify_and_unseal_blob(public_key_pem, secret, blob_data):
"""
verify and unseal a serialized string of JSON
"""
global CRYPTO_INITED
if not CRYPTO_INITED:
c_syndicate.crypto_init()
CRYPTO_INITED = True
# verify it
rc, sealed_data = syndicate_crypto.verify_and_parse_json(
public_key_pem, blob_data)
if rc != 0:
logger.error("Failed to verify and parse blob, rc = %s" % rc)
return None
logger.info("Unsealing credential data")
rc, data = c_syndicate.symmetric_unseal(sealed_data, secret)
if rc != 0:
logger.error("Failed to unseal blob, rc = %s" % rc)
return None
return data
def unseal_observer_data( shared_secret, sealed_data ):
# decrypt the data, using the shared secret
rc, data = c_syndicate.symmetric_unseal( sealed_data, shared_secret )
if rc != 0:
log.error("Failed to decrypt data")
return (-errno.EINVAL, None)
# we're good!
return (0, data)
