Fix WPE requester and crypto issues

manju956 · rranjan3 · commit 65853e715d87 · 2020-12-03T10:43:06.000+05:30
Signed-off-by: manju956 &lt;manjunath.a.c@intel.com&gt;
diff --git a/common/crypto_utils/avalon_crypto_utils/worker_signing.py b/common/crypto_utils/avalon_crypto_utils/worker_signing.py
@@ -21,7 +21,7 @@
 import avalon_crypto_utils.crypto_utility as crypto_utility
 from utility.hex_utils import hex_to_byte_array
 import avalon_crypto_utils.worker_hash as worker_hash
-
+from error_code.error_status import SignatureStatus
 
 logger = logging.getLogger(__name__)
 logger.setLevel(logging.DEBUG)
@@ -167,7 +167,7 @@ def _verify_wo_verification_key_signature(self,
 
         concat_string = wo_response["extVerificationKey"] + requester_nonce
         v_key_sig = wo_response["extVerificationKeySignature"]
-        v_key_hash = crypto_utility.compute_message_hash(
+        v_key_hash = worker_hash.WorkerHash().compute_message_hash(
             bytes(concat_string, 'UTF-8'))
         decoded_v_key_sig = crypto_utility.base64_to_byte_array(v_key_sig)
         return self.verify_signature_from_pubkey(decoded_v_key_sig,
@@ -229,7 +229,7 @@ def verify_update_receipt_signature(self, input_json):
             str(input_json_params["updateType"]) + \
             input_json_params["updateData"]
         concat_hash = bytes(concat_string, 'UTF-8')
-        final_hash = crypto_utility.compute_message_hash(concat_hash)
+        final_hash = worker_hash.WorkerHash().compute_message_hash(concat_hash)
         signature = input_json_params["updateSignature"]
         verification_key = \
             input_json_params["receiptVerificationKey"].encode("ascii")
@@ -259,7 +259,8 @@ def verify_create_receipt_signature(self, input_json):
             input_json_params["workOrderRequestHash"] + \
             input_json_params["requesterGeneratedNonce"]
         concat_hash = bytes(concat_string, "UTF-8")
-        final_hash = bytes(crypto_utility.compute_message_hash(concat_hash))
+        final_hash = bytes(
+            worker_hash.WorkerHash().compute_message_hash(concat_hash))
         signature = input_json_params["requesterSignature"]
         verification_key = \
             input_json_params["receiptVerificationKey"].encode("ascii")
diff --git a/enclave_manager/avalon_enclave_manager/wpe/wpe_requester.py b/enclave_manager/avalon_enclave_manager/wpe/wpe_requester.py
@@ -26,6 +26,7 @@
 import utility.logger as plogger
 import utility.hex_utils as hex_utils
 import avalon_crypto_utils.worker_encryption as worker_encryption
+import avalon_crypto_utils.worker_signing as worker_signing
 from database import connector
 from error_code.error_status import SignatureStatus
 from http_client.http_jrpc_client import HttpJrpcClient
@@ -89,7 +90,7 @@ def get_unique_verification_key(self, verification_key_nonce):
 
         # Create session key and iv to sign work order request
         worker_encrypt = worker_encryption.WorkerEncrypt()
-        session_key = worker_encrypt.generate_key()
+        session_key = worker_encrypt.generate_session_key()
         session_iv = worker_encrypt.generate_iv()
 
         wo_req = self._construct_wo_req(
@@ -103,14 +104,8 @@ def get_unique_verification_key(self, verification_key_nonce):
             if self._verify_res_signature(wo_response_json,
                                           self._worker.verification_key,
                                           wo_req["params"]["requesterNonce"]):
-                decrypted_res = worker_encrypt.decrypted_response(
-                    wo_response_json, session_key, session_iv)
-                # Response contains an array of results. In this case, the
-                # array has single element and the data field is of interest.
-                # The data contains result,verification_key and
-                # verification_key_signature delimited by ' '.
-                # @TODO : Update to use multiple out_data fields.
-                return decrypted_res[0]['data']
+                return self.decrypt_wo_response(
+                    wo_response_json, session_key, session_iv, worker_encrypt)
             return None
         else:
             logger.error("Could not get a unique id from the KME : {}"
@@ -144,7 +139,7 @@ def register_wo_processor(self, unique_verification_id,
 
         # Create session key and iv to sign work order request
         worker_encrypt = worker_encryption.WorkerEncrypt()
-        session_key = worker_encrypt.generate_key()
+        session_key = worker_encrypt.generate_session_key()
         session_iv = worker_encrypt.generate_iv()
 
         wo_req = self._construct_wo_req(
@@ -158,12 +153,8 @@ def register_wo_processor(self, unique_verification_id,
             if "error" not in wo_response_json and self._verify_res_signature(
                     wo_response_json, self._worker.verification_key,
                     wo_req["params"]["requesterNonce"]):
-                decrypted_res = worker_encrypt.decrypted_response(
-                    wo_response_json, session_key, session_iv)
-                # Response contains an array of results. In this case, the
-                # array has single element and the data field is of interest.
-                # It is integer with status of registration.
-                return decrypted_res[0]['data']
+                return self.decrypt_wo_response(
+                    wo_response_json, session_key, session_iv, worker_encrypt)
             return None
         else:
             logger.error("Could not register this WPE with the KME : {}"
@@ -186,7 +177,7 @@ def preprocess_work_order(self, wo_request, encryption_key):
 
         # Create session key and iv to sign work order request
         worker_encrypt = worker_encryption.WorkerEncrypt()
-        session_key = worker_encrypt.generate_key()
+        session_key = worker_encrypt.generate_session_key()
         session_iv = worker_encrypt.generate_iv()
 
         wo_req = self._construct_wo_req(
@@ -200,17 +191,32 @@ def preprocess_work_order(self, wo_request, encryption_key):
             if self._verify_res_signature(wo_response_json,
                                           self._worker.verification_key,
                                           wo_req["params"]["requesterNonce"]):
-                decrypted_res = worker_encrypt.decrypted_response(
-                    wo_response_json, session_key, session_iv)
-                # Response contains an array of results. In this case, the
-                # array has single element and the data field is of interest.
-                return decrypted_res[0]['data']
+                return self.decrypt_wo_response(
+                    wo_response_json, session_key, session_iv, worker_encrypt)
             return None
         else:
             logger.error("Could not preprocess work order at KME : {}"
                          .format(response))
             return response
 
+    def decrypt_wo_response(self, wo_response, session_key,
+                            session_iv, worker_encrypt):
+        """
+        Decrypt work order response using session key
+        Parameters:
+            @param wo_response - JSON encoded work order response
+            @param session_key - One time symmetric encryption key
+            @param session_iv - Initialization vector
+            @param worker_encrypt - WorkerEncrypt class object
+        Returns:
+            decrypted response data in plain
+        """
+        decrypted_res = worker_encrypt.decrypt_work_order_data_json(
+            wo_response["outData"], session_key, session_iv)
+        # Response contains an array of results. In this case, the
+        # array has single element and the data field is of interest.
+        return decrypted_res[0]['data'].decode("utf-8")
+
     def _construct_wo_req(self, in_data, workload_id, encryption_key,
                           session_key, session_iv):
         """
