def test_generate_client_signature():
logging.info("Testing generate_client_signature...")
worker_obj = worker.SGXWorkerDetails()
worker_obj.encryption_key = worker_enc_key
encrypted_session_key = crypto_utility.generate_encrypted_key(
session_key, worker_obj.encryption_key)
encrypted_session_key_hex = \
crypto_utility.byte_array_to_hex(encrypted_session_key)
read_json = read_json_file("wo_request.json", ["./"])
wo_submit_request = json.loads(read_json)
wo_request = wo_submit_request["params"]
wo_request["workOrderId"] = work_order_id
wo_request["workerId"] = worker_id
wo_request["requesterId"] = requester_id
wo_request["sessionKeyIv"] = session_key_iv
wo_request["encryptedSessionKey"] = encrypted_session_key_hex
wo_request["requesterNonce"] = requester_nonce
try:
input_json_str = json.dumps(wo_submit_request)
input_json_str, status = sig_obj.generate_client_signature(
input_json_str, worker_obj, client_private_key, session_key,
session_iv, encrypted_session_key)
if status == SignatureStatus.PASSED:
logging.info("PASSED: generate_client_signature")
return 0
else:
logging.info("FAILED: generate_client_signature")
return 1
except Exception as err:
return 1
def __init__(self,
work_order_id,
worker_id,
workload_id,
requester_id,
session_key,
session_iv,
requester_nonce,
verifying_key=None,
payload_format="JSON-RPC",
response_timeout_msecs=6000,
result_uri=None,
notify_uri=None,
worker_encryption_key=None,
data_encryption_algorithm=None):
self.params_obj = {}
self.set_work_order_id(work_order_id)
self.set_response_timeout_msecs(response_timeout_msecs)
self.set_payload_format(payload_format)
if result_uri:
self.set_result_uri(result_uri)
if notify_uri:
self.set_notify_uri(notify_uri)
self.set_worker_id(worker_id)
self.set_workload_id(workload_id)
self.set_requester_id(requester_id)
if worker_encryption_key:
self.set_worker_encryption_key(
worker_encryption_key.encode("UTF-8").hex())
if data_encryption_algorithm:
self.set_data_encryption_algorithm(data_encryption_algorithm)
encrypted_session_key = crypto_utility.generate_encrypted_key(
session_key, worker_encryption_key)
self.set_encrypted_session_key(
crypto.byte_array_to_hex(encrypted_session_key))
self.session_iv = session_iv
self.set_session_key_iv(crypto.byte_array_to_hex(session_iv))
self.set_requester_nonce(requester_nonce)
self.params_obj["encryptedRequestHash"] = ""
self.params_obj["requesterSignature"] = ""
self.params_obj["inData"] = []
self.session_key = session_key
def __init__(
self, work_order_id, worker_id, workload_id,
requester_id, session_key, session_iv,
requester_nonce, verifying_key=None, payload_format="JSON-RPC",
response_timeout_msecs=6000, result_uri=None,
notify_uri=None, worker_encryption_key=None,
data_encryption_algorithm=None):
self.params_obj = {}
self.set_work_order_id(work_order_id)
self.set_response_timeout_msecs(response_timeout_msecs)
self.set_payload_format(payload_format)
if result_uri:
self.set_result_uri(result_uri)
if notify_uri:
self.set_notify_uri(notify_uri)
self.set_worker_id(worker_id)
self.set_workload_id(workload_id)
self.set_requester_id(requester_id)
if worker_encryption_key:
self.set_worker_encryption_key(
worker_encryption_key)
if data_encryption_algorithm:
self.set_data_encryption_algorithm(data_encryption_algorithm)
if worker_encryption_key and session_key:
try:
encrypted_session_key = crypto_utility.generate_encrypted_key(
session_key, worker_encryption_key)
self.set_encrypted_session_key(
crypto_utility.byte_array_to_hex(encrypted_session_key))
except Exception as err:
raise ValueError("Encrypting Session key failed: \
Invalid session key or worker encryption key")
self.session_iv = session_iv
self.set_session_key_iv(
crypto_utility.byte_array_to_hex(session_iv)
)
self.set_requester_nonce(requester_nonce)
self.params_obj["encryptedRequestHash"] = ""
self.params_obj["requesterSignature"] = ""
self.params_obj["inData"] = []
self.session_key = session_key
def local_main(config):
if not input_json_str and not input_json_dir:
LOGGER.error("JSON input file is not provided")
exit(1)
if not output_json_file_name:
LOGGER.error("JSON output file is not provided")
exit(1)
if not server_uri:
LOGGER.error("Server URI is not provided")
exit(1)
LOGGER.info("Execute work order")
uri_client = HttpJrpcClient(server_uri)
response = None
wo_id = None
if input_json_dir:
directory = os.fsencode(input_json_dir)
files = os.listdir(directory)
for file in sorted(files):
LOGGER.info("---------------- Input file name: %s -------------\n",
file.decode("utf-8"))
input_json_str1 = futils.read_json_file(
(directory.decode("utf-8") + file.decode("utf-8")))
# -----------------------------------------------------------------
# If Client request is WorkOrderSubmit, a requester payload's
# signature with the requester private signing key is generated.
if "WorkOrderSubmit" in input_json_str1:
# Update workOrderId , workerId and workloadId
input_json_obj = json.loads(input_json_str1)
wo_id = hex(random.randint(1, 2**64 - 1))
input_json_obj["params"]["workOrderId"] = wo_id
input_json_obj["params"]["workerId"] = worker_obj.worker_id
# Convert workloadId to a hex string and update the request
workload_id = input_json_obj["params"]["workloadId"]
workload_id_hex = workload_id.encode("UTF-8").hex()
input_json_obj["params"]["workloadId"] = workload_id_hex
input_json_str1 = json.dumps(input_json_obj)
# Generate session iv an encrypted session key
session_iv = enclave_helper.generate_iv()
session_key = enclave_helper.generate_key()
encrypted_session_key = enclave_helper.generate_encrypted_key(
session_key, worker_obj.encryption_key)
input_json_str1, status = sig_obj.generate_client_signature(
input_json_str1, worker_obj, private_key, session_key,
session_iv, encrypted_session_key)
if status != SignatureStatus.PASSED:
LOGGER.info("Generate signature failed\n")
exit(1)
if input_json_str1 is None:
continue
# -----------------------------------------------------------------
# Update the worker ID
if response:
if "workerId" in input_json_str1:
# Retrieve the worker id from the "WorkerRetrieve"
# response and update the worker id information for
# further json requests.
if "result" in response and \
"ids" in response["result"].keys():
input_json_final = json.loads(input_json_str1)
worker_id = response["result"]["ids"][0]
input_json_final["params"]["workerId"] = worker_id
input_json_str1 = json.dumps(input_json_final)
LOGGER.info("********** Worker details Updated with "
"Worker ID*********\n%s\n",
input_json_str1)
# -----------------------------------------------------------------
if "WorkOrderGetResult" in input_json_str1 or \
"WorkOrderReceiptRetrieve":
input_json_obj = json.loads(input_json_str1)
input_json_obj["params"]["workOrderId"] = wo_id
input_json_str1 = json.dumps(input_json_obj)
LOGGER.info("*********Request Json********* \n%s\n",
input_json_str1)
response = uri_client._postmsg(input_json_str1)
LOGGER.info("**********Received Response*********\n%s\n", response)
# -----------------------------------------------------------------
# Worker details are loaded into Worker_Obj
if "WorkerRetrieve" in input_json_str1 and "result" in response:
worker_obj.load_worker(response["result"]["details"])
# -----------------------------------------------------------------
# Poll for "WorkOrderGetResult" and break when you get the result
while("WorkOrderGetResult" in input_json_str1 and
"result" not in response):
if response["error"]["code"] != WorkOrderStatus.PENDING:
break
response = uri_client._postmsg(input_json_str1)
LOGGER.info("Received Response: %s, \n \n ", response)
time.sleep(3)
# -----------------------------------------------------------------
# Verify the signature
if "WorkOrderGetResult" in input_json_str1:
if "error" in response:
# Response has error, hence skip Signature verification
LOGGER.info("Work order response has error; "
"skipping signature verification")
continue
sig_bool = sig_obj.verify_signature(
response['result'], worker_obj.verification_key)
try:
if sig_bool > 0:
LOGGER.info("Signature Verified")
enclave_helper.decrypted_response(
response['result'], session_key, session_iv)
else:
LOGGER.info("Signature verification Failed")
exit(1)
except Exception as e:
LOGGER.error("ERROR: Failed to analyze " +
"Signature Verification")
exit(1)
# -----------------------------------------------------------------
else:
LOGGER.info("Input Request %s", input_json_str)
response = uri_client._postmsg(input_json_str)
LOGGER.info("Received Response: %s , \n \n ", response)
exit(0)
def create_request(self,
work_order_id,
worker_id,
workload_id,
requester_id,
session_key,
session_iv,
requester_nonce,
verifying_key=None,
payload_format="JSON-RPC",
response_timeout_msecs=6000,
result_uri=None,
notify_uri=None,
worker_encryption_key=None,
data_encryption_algorithm=None,
encrypted_session_key=None):
"""validate and creates workorder request with received values"""
if work_order_id:
self.set_work_order_id(work_order_id)
self.set_response_timeout_msecs(response_timeout_msecs)
self.set_payload_format(payload_format)
self.set_requester_nonce(requester_nonce)
self.session_key = session_key
self.set_workload_id(workload_id)
self.set_worker_id(worker_id)
if requester_id is not None:
self.set_requester_id(requester_id)
if session_iv:
self.set_session_key_iv(
crypto_utility.byte_array_to_hex(session_iv))
if result_uri:
self.set_result_uri(result_uri)
if notify_uri:
self.set_notify_uri(notify_uri)
if worker_encryption_key:
self.set_worker_encryption_key(worker_encryption_key)
if data_encryption_algorithm:
self.set_data_encryption_algorithm(data_encryption_algorithm)
self.set_encrypted_session_key(encrypted_session_key)
code, err_msg = WOcheck.schema_validation("sdk_WorkOrderSubmit",
self.params_obj)
# When the WorkorderSubmit request fails basic Json Validation
# the init object created is deleted to avoid futhur processing
# on that object by the user.
if not code:
return util.create_error_response(
WorkOrderStatus.INVALID_PARAMETER_FORMAT_OR_VALUE, 0, err_msg)
self.set_worker_encryption_key(
worker_encryption_key.encode("UTF-8").hex())
self.session_iv = session_iv
self.params_obj["encryptedRequestHash"] = ""
self.params_obj["requesterSignature"] = ""
self.params_obj["inData"] = list()
if encrypted_session_key is None:
try:
encrypted_session_key = crypto_utility.generate_encrypted_key(
session_key, worker_encryption_key)
self.set_encrypted_session_key(
crypto_utility.byte_array_to_hex(encrypted_session_key))
except Exception as err:
return util.create_error_response(
WorkOrderStatus.INVALID_PARAMETER_FORMAT_OR_VALUE, 0, err)
return None
def Main(args=None):
ParseCommandLine(args)
config["Logging"] = {
"LogFile": "__screen__",
"LogLevel": "INFO"
}
plogger.setup_loggers(config.get("Logging", {}))
sys.stdout = plogger.stream_to_logger(
logging.getLogger("STDOUT"), logging.DEBUG)
sys.stderr = plogger.stream_to_logger(
logging.getLogger("STDERR"), logging.WARN)
logger.info("***************** AVALON *****************")
# Connect to registry list and retrieve registry
if not off_chain:
direct_wrapper.init_worker_registry_list(config)
registry_lookup_result = direct_wrapper.registry_lookup()
if (registry_lookup_result[0] == 0):
logger.warn("No registries found")
sys.exit(1)
registry_retrieve_result = direct_wrapper.registry_retrieve(
registry_lookup_result[2][0])
config["tcf"]["json_rpc_uri"] = registry_retrieve_result[0]
# Prepare worker
direct_wrapper.init_worker_registry(config)
global worker_id
if not worker_id:
worker_lookup_json = jrpc_request.WorkerLookupJson(
1, worker_type=1)
worker_lookup_result = direct_wrapper.worker_lookup(
worker_lookup_json)
if "result" in worker_lookup_result and \
"ids" in worker_lookup_result["result"].keys():
if worker_lookup_result["result"]["totalCount"] != 0:
worker_id = \
worker_lookup_result["result"]["ids"][0]
else:
logger.error("ERROR: No workers found")
sys.exit(1)
else:
logger.error("ERROR: Failed to lookup worker")
sys.exit(1)
worker_retrieve_json = jrpc_request.WorkerRetrieveJson(2, worker_id)
worker_obj.load_worker(
direct_wrapper.worker_retrieve(
worker_retrieve_json)["result"]["details"])
logger.info("********** Worker details Updated with Worker ID" +
"*********\n%s\n", worker_id)
# Convert workloadId to hex
workload_id = "echo-result"
workload_id = workload_id.encode("UTF-8").hex()
# Create work order
wo_submit_json = jrpc_request.WorkOrderSubmitJson(
3, 6000, "pformat",
worker_id, workload_id, "0x2345",
worker_encryption_key=base64.b64decode(
worker_obj.worker_encryption_key).hex(),
data_encryption_algorithm="AES-GCM-256")
wo_id = wo_submit_json.get_work_order_id()
# Sign work order
private_key = utility.generate_signing_keys()
session_key = utility.generate_key()
session_iv = utility.generate_iv()
encrypted_session_key = utility.generate_encrypted_key(
session_key, worker_obj.worker_encryption_key)
# Generate one time key used for encrypting inData
data_key = utility.generate_key()
# Initialization vector of size 12 bytes with all zeros.
data_iv = bytearray(12)
encrypted_key = utility.generate_encrypted_key(
data_key, worker_obj.worker_encryption_key)
encrypted_data_encryption_key = utility.encrypt_data(
encrypted_key, session_key)
encrypted_data_encryption_key_str = ''.join(
format(i, '02x') for i in encrypted_data_encryption_key)
data_iv_str = ''.join(format(i, '02x') for i in data_iv)
wo_submit_json.add_in_data(
message, None, encrypted_data_encryption_key_str, data_iv_str)
# Submit work order
direct_wrapper.init_work_order(config)
direct_wrapper.work_order_submit(
wo_submit_json, encrypted_session_key, worker_obj, private_key,
session_key, session_iv, data_key, data_iv)
# Retrieve result
wo_get_result_json = jrpc_request.WorkOrderGetResultJson(4, wo_id)
direct_wrapper.work_order_get_result(
wo_get_result_json, session_key, session_iv, data_key, data_iv)