def _verfify_uid_signature(self, params):
"""
Verify uid signature received from KME.
Parameters :
params: Parameters received in request
Returns :
JSON RPC response containing uid signature verification result.
"""
# Public key generated by KME to be used for registration
verify_key = params["uniqueVerificationKey"]
# Digital signature computed on hash of concatenated
# string of unique id and nonce
verify_key_sig = params["uniqueVerificationKeySignature"]
verify_key_sig_bytes = hex_to_byte_array(verify_key_sig)
verify_key_bytes = hex_to_byte_array(verify_key)
b64_verify_key = verify_key_bytes.decode("utf-8")
concat_str = b64_verify_key + self._nonce
str_hash = worker_hash.WorkerHash().compute_message_hash(
concat_str.encode("utf-8"))
result = self.sign.verify_signature_from_pubkey(
verify_key_sig_bytes, str_hash, verify_key_bytes)
verification_result = 0 if result is True else -1
return json.dumps({"verification_result": verification_result})
def verify_encryption_key_signature(
self, encryption_key_signature, encryption_key, verifying_key):
"""
Utils function to verify integrity of worker encryption key using
worker verification key
@params encryption_key_signature - Signature computed on hash
of encryption key
@params encryption_key - Public encryption key of the worker
@params verifying_key - Public signing key or verification key
of the worker
returns SignatureStatus.PASSED in case of successful verification
SignatureStatus.FAILED in case of verification failure
"""
_verification_key = VerifyingKey.from_pem(verifying_key)
encrypt_key_sig_bytes = hex_to_byte_array(encryption_key_signature)
encrypt_key_bytes = crypto_utility.string_to_byte_array(encryption_key)
encryption_key_hash = crypto_utility.compute_message_hash(
encrypt_key_bytes)
sig_result = _verification_key.verify_digest(
bytes(encrypt_key_sig_bytes),
bytes(encryption_key_hash),
sigdecode=sigdecode_der)
if sig_result:
return SignatureStatus.PASSED
return SignatureStatus.FAILED
def test_hex_to_byte_arrary(self):
"""
Tests to verify hex_to_byte_array(hex_str) function
"""
hex_str = "abcd1234"
bin_hex = hex_to_byte_array(hex_str)
self.assertEqual(bin_hex, b'\xab\xcd\x124')
hex_str = "ccddba4321"
bin_hex = hex_to_byte_array(hex_str)
self.assertEqual(bin_hex, b'\xcc\xdd\xbaC!')
hex_str = "aabb6789ccdd"
bin_hex = hex_to_byte_array(hex_str)
self.assertEqual(bin_hex, b'\xaa\xbbg\x89\xcc\xdd')
# Negative test cases
hex_str = "hello"
bin_hex = hex_to_byte_array(hex_str)
self.assertEqual(bin_hex, None)
hex_str = None
bin_hex = hex_to_byte_array(hex_str)
self.assertEqual(bin_hex, None)
def verify_wo_keys_signature(self, signature, pre_proc_json):
"""
Verifies signature of pre-processed work order keys(by KME worker)
Parameters:
signature: Digital signature in bytes computed on
pre-processed work order keys
pre_proc_json: Pre processed JSON(by KME worker) having work order
keys needed in encrypted format to process client
work order request
Returns:
0 on successful signature verification, -1 on failure
"""
wo_keys_hash = self.calculate_wo_pre_proc_keys_hash(pre_proc_json)
uid_pem_bytes = hex_to_byte_array(self.uid)
result = self.sign.verify_signature_from_pubkey(
signature, wo_keys_hash, uid_pem_bytes)
return 0 if result is True else -1
def verify_encryption_key_signature(self, encryption_key_signature,
encryption_key, verifying_key):
"""
Utils function to verify integrity of worker encryption key using
worker verification key
@params encryption_key_signature - Signature computed on hash
of encryption key
@params encryption_key - Public encryption key of the worker
@params verifying_key - Public signing key or verification key
of the worker
returns SignatureStatus.PASSED in case of successful verification
SignatureStatus.FAILED in case of verification failure
"""
encrypt_key_sig_bytes = hex_to_byte_array(encryption_key_signature)
encrypt_key_bytes = crypto_utility.string_to_byte_array(encryption_key)
encryption_key_hash = worker_hash.WorkerHash().compute_message_hash(
encrypt_key_bytes)
return self.verify_signature_from_pubkey(encrypt_key_sig_bytes,
encryption_key_hash,
verifying_key)