def generate_signature(self, hash, private_key): """ Function to generate signature object Parameters: - hash is the combined array of all hashes calculated on the message - private_key is Client private key Returns tuple(status, signature) """ try: self.private_key = private_key self.public_key = \ crypto_utility.get_verifying_key(private_key) signature_res = \ self.private_key.sign_digest_deterministic( bytes(hash), sigencode=sigencode_der) signature_base64 = crypto_utility.byte_array_to_base64( signature_res) except Exception as err: logger.error("Exception occurred during signature generation: %s", str(err)) return False, None return True, signature_base64
def add_requester_signature(self, private_key): """ Calculate the signature of the request as defined in Off-Chain Trusted Compute EEA spec 6.1.8.3 and set the requesterSignature parameter in the request. """ sig_obj = signature.ClientSignature() status, sign = sig_obj.generate_signature(self.final_hash, private_key) if status is True: self.params_obj["requesterSignature"] = sign # public signing key is shared to enclave manager to # verify the signature. # It is temporary approach to share the key with the worker. verifying_key = crypto_utility.get_verifying_key(private_key) self.set_verifying_key(verifying_key) return True else: logger.error("Signing request failed") return False
def test_verify_signature(): err_cnt = 0 read_json = read_json_file( "wo_response.json", ["./"]) wo_response = json.loads(read_json)["result"] wo_response["workOrderId"] = work_order_id wo_response["workerId"] = worker_id wo_response["requesterId"] = requester_id wo_response["workerNonce"] = worker_nonce try: # imitate worker signature SHA-256/RSA-OAEP-4096 response_hash = sig_obj.calculate_response_hash(wo_response) status, sign = sig_obj.generate_signature( response_hash, worker_signing_key) wo_response["workerSignature"] = sign # test 1 step verification status = sig_obj.verify_signature( wo_response, worker_verifying_key, requester_nonce) if status == SignatureStatus.PASSED: logging.info("PASSED: verify_signature (1 step)") else: logging.info("FAILED: verify_signature (1 step)") err_cnt += 1 except Exception as err: logging.info("FAILED: verify_signature (1 step)") err_cnt += 1 # generate extVerificationKey ext_private_key = crypto_utility.generate_signing_keys() ext_public_key = crypto_utility.get_verifying_key(ext_private_key) wo_response["extVerificationKey"] = ext_public_key # sign extVerificationKey with worker private key concat_string = wo_response["extVerificationKey"] + requester_nonce v_key_hash = crypto_utility.compute_message_hash( bytes(concat_string, 'UTF-8')) try: status, sign = \ sig_obj.generate_signature(v_key_hash, worker_signing_key) wo_response["extVerificationKeySignature"] = sign # Sign wo_response with extVerificationKey response_hash = sig_obj.calculate_response_hash(wo_response) status, sign = \ sig_obj.generate_signature(response_hash, ext_private_key) wo_response["workerSignature"] = sign # test 2 step verification status = sig_obj.verify_signature( wo_response, worker_verifying_key, requester_nonce) if status == SignatureStatus.PASSED: logging.info("PASSED: verify_signature (2 step)") else: logging.info("FAILED: verify_signature (2 step)") err_cnt += 1 except Exception as err: logging.info("FAILED: verify_signature (2 step)") err_cnt += 1 return err_cnt
"-----END PUBLIC KEY-----\n" sig_obj = signature.ClientSignature() # client values worker_id = secrets.token_hex(32) work_order_id = secrets.token_hex(32) requester_id = secrets.token_hex(32) requester_nonce = secrets.token_hex(16) session_key = crypto_utility.generate_key() session_iv = crypto_utility.generate_iv() session_key_iv = crypto_utility.byte_array_to_hex(session_iv) client_private_key = crypto_utility.generate_signing_keys() client_public_key = crypto_utility.get_verifying_key(client_private_key) # worker values worker_nonce = secrets.token_hex(16) worker_enc_key = rsa_public_key worker_signing_key = crypto_utility.generate_signing_keys() worker_verifying_key = crypto_utility.get_verifying_key(worker_signing_key) # ----------------------------------------------------------------------------- def test_calculate_datahash(): read_json = read_json_file("wo_request.json", ["./"]) wo_request = json.loads(read_json)["params"]["inData"] try: