ethernity-cloud-sdk-py 0.3.0__tar.gz → 0.3.2__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py.egg-info → ethernity_cloud_sdk_py-0.3.2}/PKG-INFO +1 -1
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/__pycache__/__init__.cpython-311.pyc +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/__pycache__/build.cpython-311.pyc +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/__pycache__/config.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/__pycache__/enums.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/__pycache__/init.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/__pycache__/private_key.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/__pycache__/publish.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/__pycache__/spinner.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/__pycache__/__init__.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/__pycache__/build.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/__pycache__/ipfs_client.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/__pycache__/publish.cpython-311.pyc +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/Dockerfile.base.tpl +1 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/Dockerfile.tpl +12 -2
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/scripts/binary-fs-build.sh +1 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/__pycache__/etny_crypto.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/__pycache__/etny_exec.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/__pycache__/etny_exec_flask.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/__pycache__/etny_exec_serv.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/__pycache__/key_generation.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/__pycache__/models.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/__pycache__/swift_stream_service.cpython-311.pyc +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/etny_crypto.py +54 -13
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/etny_exec.py +0 -2
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/get_sgx_report.c +142 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/models.py +21 -14
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/securelock.py.tmpl +432 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/build.py +12 -4
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/publish.py +124 -22
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/run/__pycache__/__init__.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/run/__pycache__/image_registry.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/run/__pycache__/image_registry_runner.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/run/__pycache__/public_key_service.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/run/image_registry.abi +1 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/run/image_registry.py +1 -1
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/templates/src/__pycache__/ethernity_task.cpython-311.pyc +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/templates/src/ethernity_task.py +1 -1
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/templates/src/serverless/__pycache__/__init__.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/templates/src/serverless/__pycache__/backend.cpython-311.pyc +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py.egg-info}/PKG-INFO +1 -1
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py.egg-info/SOURCES.txt +26 -13
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/setup.py +1 -1
- ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py/commands/__pycache__/__init__.cpython-311.pyc +0 -0
- ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/Dockerfile.base +0 -20
- ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/app/cert1-ca1-clean.crt +0 -10
- ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/app/cert1-ca1-clean.key +0 -6
- ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/app/enclave_pub_cert.pem +0 -10
- ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/app/input.txt +0 -1
- ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/app/payload.py +0 -25
- ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/app/public-cert-clean.pem +0 -10
- ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/app/result.txt +0 -1
- ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/app/transaction.txt +0 -1
- ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/securelock.py.tmpl +0 -468
- ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py/commands/pynithy/run/docker-compose-final.yml.tmpl +0 -66
- ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py/commands/pynithy/run/docker-compose-swift-stream.yml.tmpl +0 -27
- ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py/commands/pynithy/run/docker-compose.yml.tmpl +0 -61
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/LICENSE +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/MANIFEST.in +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/README.md +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/__init__.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/cli.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/__init__.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/build.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/config.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/enums.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/init.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/private_key.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/publish.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/__init__.py +0 -0
- /ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/pox.abi → /ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/abi/etnyImplementationV2.abi +0 -0
- {ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src → ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/abi}/image_registry.abi +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/etny_exec_flask.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/etny_exec_serv.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0/ethernity_cloud_sdk_py/commands/pynithy/run → ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src}/image_registry.abi +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/key_generation.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/build/securelock/src/swift_stream_service.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/ipfs_client.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/run/__init__.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/run/etny-securelock-test.yaml.tpl +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/run/image_registry_runner.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/pynithy/run/public_key_service.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/commands/spinner.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/templates/src/serverless/Dockerfile.serverless +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/templates/src/serverless/__init__.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/templates/src/serverless/backend.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py/templates/src/serverless/requirements.txt +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py.egg-info/dependency_links.txt +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py.egg-info/entry_points.txt +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py.egg-info/requires.txt +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/ethernity_cloud_sdk_py.egg-info/top_level.txt +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/setup.cfg +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/tests/__init__.py +0 -0
- {ethernity_cloud_sdk_py-0.3.0 → ethernity_cloud_sdk_py-0.3.2}/tests/test_example.py +0 -0
ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/__pycache__/__init__.cpython-311.pyc
ADDED
|
Binary file
|
|
Binary file
|
|
Binary file
|
ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/__pycache__/enums.cpython-311.pyc
ADDED
|
Binary file
|
|
Binary file
|
ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/__pycache__/private_key.cpython-311.pyc
ADDED
|
Binary file
|
ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/__pycache__/publish.cpython-311.pyc
ADDED
|
Binary file
|
ethernity_cloud_sdk_py-0.3.2/ethernity_cloud_sdk_py/commands/__pycache__/spinner.cpython-311.pyc
ADDED
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
FROM registry.ethernity.cloud:443/debuggingdelight/ethernity-cloud-sdk-registry/sconecuratedimages/crosscompilers AS build-sgx-module
|
|
2
|
+
|
|
3
|
+
COPY src/get_sgx_report.c /etny-securelock/
|
|
4
|
+
|
|
5
|
+
RUN cd /etny-securelock/ && scone-gcc -shared -fPIC -O3 -o get_sgx_report.so get_sgx_report.c
|
|
6
|
+
|
|
1
7
|
FROM etny-securelock-serverless AS release
|
|
2
8
|
|
|
3
9
|
COPY ./src/serverless/requirements.txt /requirements.txt
|
|
@@ -11,12 +17,15 @@ ENV IMAGE_REGISTRY_ADDRESS=__IMAGE_REGISTRY_ADDRESS__
|
|
|
11
17
|
ENV RPC_URL=__RPC_URL__
|
|
12
18
|
ENV CHAIN_ID=__CHAIN_ID__
|
|
13
19
|
ENV TRUSTED_ZONE_IMAGE=__TRUSTED_ZONE_IMAGE__
|
|
20
|
+
ENV NETWORK_TYPE=__NETWORK_TYPE__
|
|
14
21
|
|
|
15
22
|
RUN mkdir binary-fs-dir
|
|
16
23
|
|
|
17
24
|
COPY ./src /etny-securelock/
|
|
18
25
|
COPY ./scripts/* /etny-securelock/
|
|
19
26
|
|
|
27
|
+
COPY --from=build-sgx-module /etny-securelock/get_sgx_report.so /etny-securelock/get_sgx_report.so
|
|
28
|
+
|
|
20
29
|
RUN /etny-securelock/binary-fs-build.sh
|
|
21
30
|
|
|
22
31
|
FROM registry.ethernity.cloud:443/debuggingdelight/ethernity-cloud-sdk-registry/sconecuratedimages/crosscompilers AS build
|
|
@@ -38,12 +47,13 @@ RUN openssl genrsa -3 -out /enclave-key.pem 3072
|
|
|
38
47
|
|
|
39
48
|
ENV SCONE_HEAP=__MEMORY_TO_ALLOCATE__
|
|
40
49
|
ENV SCONE_LOG=FATAL
|
|
50
|
+
ENV SCONE_DEBUG=0
|
|
41
51
|
ENV SCONE_STACK=4M
|
|
42
|
-
ENV SCONE_ALLOW_DLOPEN=
|
|
52
|
+
ENV SCONE_ALLOW_DLOPEN=2
|
|
43
53
|
ENV SCONE_EXTENSIONS_PATH=/lib/libbinary-fs.so
|
|
44
54
|
|
|
45
55
|
# Disabled production mode for testnet
|
|
46
|
-
|
|
56
|
+
__SCONE_SIGN__
|
|
47
57
|
|
|
48
58
|
RUN rm -rf /enclave-key.pem
|
|
49
59
|
|
|
@@ -11,6 +11,7 @@ sed -i "s/__IMAGE_REGISTRY_ADDRESS__/${IMAGE_REGISTRY_ADDRESS}/g" securelock.py.
|
|
|
11
11
|
sed -i "s/__RPC_URL__/${RPC_URL}/g" securelock.py.tmp
|
|
12
12
|
sed -i "s/__CHAIN_ID__/${CHAIN_ID}/g" securelock.py.tmp
|
|
13
13
|
sed -i "s/__TRUSTED_ZONE_IMAGE__/${TRUSTED_ZONE_IMAGE}/g" securelock.py.tmp
|
|
14
|
+
sed -i "s/__NETWORK_TYPE__/${NETWORK_TYPE}/g" securelock.py.tmp
|
|
14
15
|
mv securelock.py.tmp securelock.py
|
|
15
16
|
|
|
16
17
|
pyinstaller securelock.py
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
@@ -13,6 +13,9 @@ from tinyec import ec
|
|
|
13
13
|
from Crypto.PublicKey import ECC
|
|
14
14
|
from nacl.public import Box, PrivateKey, PublicKey
|
|
15
15
|
from base64 import a85encode
|
|
16
|
+
from eth_account import Account
|
|
17
|
+
import ecdsa
|
|
18
|
+
from ecdsa.util import sigencode_der, sigdecode_der
|
|
16
19
|
|
|
17
20
|
|
|
18
21
|
class etny_crypto:
|
|
@@ -44,7 +47,7 @@ class etny_crypto:
|
|
|
44
47
|
return (ciphertext, nonce, auth_tag, cipher_text_public_key)
|
|
45
48
|
|
|
46
49
|
@staticmethod
|
|
47
|
-
def
|
|
50
|
+
def decrypt_aes_gcm(ciphertext, nonce, auth_tag, secret_key):
|
|
48
51
|
aes_cipher = AES.new(secret_key, AES.MODE_GCM, nonce)
|
|
49
52
|
plaintext = aes_cipher.decrypt_and_verify(ciphertext, auth_tag)
|
|
50
53
|
return plaintext
|
|
@@ -54,7 +57,7 @@ class etny_crypto:
|
|
|
54
57
|
(ciphertext, nonce, authTag, ciphertextPubKey) = encrypted_msg
|
|
55
58
|
shared_ecc_key = priv_key * ciphertextPubKey
|
|
56
59
|
secret_key = etny_crypto.ecc_point_to_256_bit_key(shared_ecc_key)
|
|
57
|
-
plaintext = etny_crypto.
|
|
60
|
+
plaintext = etny_crypto.decrypt_aes_gcm(ciphertext, nonce, authTag, secret_key)
|
|
58
61
|
return plaintext
|
|
59
62
|
|
|
60
63
|
@staticmethod
|
|
@@ -88,12 +91,8 @@ class etny_crypto:
|
|
|
88
91
|
return private_key_data
|
|
89
92
|
|
|
90
93
|
@staticmethod
|
|
91
|
-
def decrypt(
|
|
92
|
-
|
|
93
|
-
with open(private_key_file) as f:
|
|
94
|
-
private_key_data = str.encode(f.read())
|
|
95
|
-
|
|
96
|
-
private_key_data = etny_crypto.clean_private_key(private_key_data)
|
|
94
|
+
def decrypt(private_key_pem, encrypted_msg):
|
|
95
|
+
private_key_data = etny_crypto.clean_private_key(private_key_pem)
|
|
97
96
|
# decode der with asn1 library
|
|
98
97
|
# - get the octet string (field-2) containing the raw key
|
|
99
98
|
asn1_object, _ = decoder.decode(private_key_data)
|
|
@@ -159,9 +158,51 @@ class etny_crypto:
|
|
|
159
158
|
result = bytes(emph_key.public_key) + ciphertext
|
|
160
159
|
return result.hex()
|
|
161
160
|
|
|
161
|
+
@staticmethod
|
|
162
|
+
def get_private_key_int(private_key_pem: bytes) -> int:
|
|
163
|
+
"""
|
|
164
|
+
Extracts the raw private key integer from a PEM-encoded private key via ASN.1 decoding.
|
|
165
|
+
Args:
|
|
166
|
+
private_key_pem (bytes): PEM-encoded private key.
|
|
167
|
+
Returns:
|
|
168
|
+
int: The private key scalar.
|
|
169
|
+
"""
|
|
170
|
+
private_key = etny_crypto.clean_private_key(private_key_pem)
|
|
171
|
+
asn1_object, _ = decoder.decode(private_key)
|
|
172
|
+
raw_keys = asn1_object.getComponentByName('field-2').asOctets()
|
|
173
|
+
asn1_object, _ = decoder.decode(raw_keys)
|
|
174
|
+
private_key_bytes = asn1_object.getComponentByName('field-1').asOctets()
|
|
175
|
+
return int.from_bytes(private_key_bytes, byteorder="big")
|
|
162
176
|
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
177
|
+
@staticmethod
|
|
178
|
+
def sign_data(private_key_pem: bytes, data: bytes) -> bytes:
|
|
179
|
+
"""
|
|
180
|
+
Signs data using the private key with ECDSA (secp384r1, SHA-256) and returns DER-encoded signature.
|
|
181
|
+
Args:
|
|
182
|
+
private_key_pem (bytes): PEM-encoded private key.
|
|
183
|
+
data (bytes): Data to sign.
|
|
184
|
+
Returns:
|
|
185
|
+
bytes: DER-encoded signature.
|
|
186
|
+
"""
|
|
187
|
+
priv_int = etny_crypto.get_private_key_int(private_key_pem)
|
|
188
|
+
sk = ecdsa.SigningKey.from_secret_exponent(priv_int, curve=ecdsa.curves.NIST384p, hashfunc=hashlib.sha256)
|
|
189
|
+
sig_der = sk.sign_deterministic(data, hashfunc=hashlib.sha256, sigencode=sigencode_der)
|
|
190
|
+
return sig_der
|
|
191
|
+
|
|
192
|
+
@staticmethod
|
|
193
|
+
def verify_signature(public_key_hex: str, data: bytes, sig_der: bytes) -> bool:
|
|
194
|
+
if public_key_hex.startswith('0x'):
|
|
195
|
+
public_key_hex = public_key_hex[2:]
|
|
196
|
+
pub_bytes = bytes.fromhex(public_key_hex)
|
|
197
|
+
curve = ecdsa.curves.NIST384p
|
|
198
|
+
try:
|
|
199
|
+
vk = ecdsa.VerifyingKey.from_string(
|
|
200
|
+
pub_bytes,
|
|
201
|
+
curve=curve,
|
|
202
|
+
hashfunc=hashlib.sha256,
|
|
203
|
+
valid_encodings={"raw", "compressed", "uncompressed", "hybrid"} # Add 'raw' here
|
|
204
|
+
)
|
|
205
|
+
assert vk.verify(sig_der, data, hashfunc=hashlib.sha256, sigdecode=sigdecode_der)
|
|
206
|
+
return True
|
|
207
|
+
except:
|
|
208
|
+
return False
|
|
@@ -33,14 +33,12 @@ class TaskStatus:
|
|
|
33
33
|
INPUT_CHECKSUM_ERROR = 7
|
|
34
34
|
EXECVE = 8
|
|
35
35
|
|
|
36
|
-
|
|
37
36
|
def execute_task_v3(payload_data, input_data, extra_globals=None):
|
|
38
37
|
base_globals = {"___etny_result___": ___etny_result___, **sdkFunctions}
|
|
39
38
|
if extra_globals:
|
|
40
39
|
base_globals.update(extra_globals)
|
|
41
40
|
return Exec(payload_data, input_data, globals=base_globals)
|
|
42
41
|
|
|
43
|
-
|
|
44
42
|
def Exec(payload_data, input_data, globals=None, locals=None):
|
|
45
43
|
try:
|
|
46
44
|
if globals is None:
|
|
@@ -0,0 +1,142 @@
|
|
|
1
|
+
#include <stdint.h>
|
|
2
|
+
#include <stdio.h>
|
|
3
|
+
#include <string.h>
|
|
4
|
+
#include <stdlib.h>
|
|
5
|
+
// Define sgx_status_t as uint32_t (from public SGX docs)
|
|
6
|
+
typedef uint32_t sgx_status_t;
|
|
7
|
+
#define SGX_SUCCESS 0x0000
|
|
8
|
+
#define SGX_ERROR_UNEXPECTED 0x0001 // Add other error codes as needed
|
|
9
|
+
// Function to generate report using inline assembly (invokes ENCLU[EREPORT])
|
|
10
|
+
sgx_status_t generate_sgx_report(const void* target_info, const void* report_data, void* report) {
|
|
11
|
+
sgx_status_t status;
|
|
12
|
+
__asm__ volatile (
|
|
13
|
+
"movl $0, %%eax;\n\t" // Set EAX = 0 (EREPORT leaf)
|
|
14
|
+
"enclu;\n\t"
|
|
15
|
+
: "=a" (status) // Output: status from RAX (EAX for 32-bit)
|
|
16
|
+
: "b" (target_info), // RBX = address of target_info
|
|
17
|
+
"c" (report_data), // RCX = address of report_data
|
|
18
|
+
"d" (report) // RDX = address of report (output)
|
|
19
|
+
: "memory", "cc" // Clobbers: memory and condition codes (if affected)
|
|
20
|
+
);
|
|
21
|
+
return status;
|
|
22
|
+
}
|
|
23
|
+
// Function to convert byte array to hex string (uses static buffer to avoid malloc)
|
|
24
|
+
const char* bytes_to_hex(const uint8_t* buf, size_t len) {
|
|
25
|
+
static char hex_buffer[65]; // 32 bytes -> 64 chars + null
|
|
26
|
+
if (len != 32) return NULL;
|
|
27
|
+
for (size_t i = 0; i < len; ++i) {
|
|
28
|
+
sprintf(hex_buffer + 2 * i, "%02x", buf[i]);
|
|
29
|
+
}
|
|
30
|
+
hex_buffer[64] = '\0';
|
|
31
|
+
return hex_buffer;
|
|
32
|
+
}
|
|
33
|
+
const char* get_mr_enclave() {
|
|
34
|
+
// Stack allocation with required alignments
|
|
35
|
+
uint8_t target_info[512] __attribute__((aligned(512)));
|
|
36
|
+
uint8_t report_data[64] __attribute__((aligned(128)));
|
|
37
|
+
uint8_t report[432] __attribute__((aligned(512)));
|
|
38
|
+
// Zero-initialize for a simple self-report (target_info all zeros means report for current enclave)
|
|
39
|
+
memset(target_info, 0, sizeof(target_info));
|
|
40
|
+
memset(report_data, 0, sizeof(report_data));
|
|
41
|
+
memset(report, 0, sizeof(report));
|
|
42
|
+
// Generate the report
|
|
43
|
+
sgx_status_t status = generate_sgx_report(target_info, report_data, report);
|
|
44
|
+
if (status == SGX_SUCCESS) {
|
|
45
|
+
// Extract mr_enclave from correct offset (bytes 64-96 in sgx_report_t)
|
|
46
|
+
return bytes_to_hex(report + 64, 32);
|
|
47
|
+
}
|
|
48
|
+
return NULL;
|
|
49
|
+
}
|
|
50
|
+
// Helper function for left rotation of uint8_t
|
|
51
|
+
static inline uint8_t rotl(uint8_t x, uint8_t n) {
|
|
52
|
+
return (x << n) | (x >> (8 - n));
|
|
53
|
+
}
|
|
54
|
+
// Obfuscated function to generate a deterministic 32-byte string based on MR_ENCLAVE
|
|
55
|
+
void generate_obfuscated_string(const uint8_t* mr_enclave, uint8_t* output) {
|
|
56
|
+
uint8_t temp[32];
|
|
57
|
+
memcpy(temp, mr_enclave, 32);
|
|
58
|
+
// Initial bogus mix to alter even indices (different constant for variety)
|
|
59
|
+
for (int j = 0; j < 32; j += 2) {
|
|
60
|
+
temp[j] ^= 0xA7; // Arbitrary XOR, changed from original
|
|
61
|
+
}
|
|
62
|
+
// PRNG state for deterministic pseudo-random mixing (LCG parameters from PCG for good period)
|
|
63
|
+
uint64_t prng_state = 0x853C49E6748FBA28ULL; // Arbitrary fixed seed
|
|
64
|
+
const uint64_t multiplier = 6364136223846793005ULL;
|
|
65
|
+
const uint64_t increment = 1442695040888963407ULL;
|
|
66
|
+
// High iteration count for debugger tedium (increased from original)
|
|
67
|
+
const int max_iter = 1024;
|
|
68
|
+
uint8_t mix_var = 0;
|
|
69
|
+
for (int iter = 0; iter < max_iter; iter++) {
|
|
70
|
+
// Opaque predicate (always false for integer iter >=0, as discriminant isn't perfect square)
|
|
71
|
+
// Checked more frequently than original for added conditional branching tedium
|
|
72
|
+
if (iter % 3 == 0) {
|
|
73
|
+
if ((5 * iter * iter + 2) == (iter * 4)) {
|
|
74
|
+
// Dead path: never executed, but confuses control flow analysis
|
|
75
|
+
memset(temp, 0xFF, 32);
|
|
76
|
+
iter = max_iter; // Bogus exit
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
// Advance PRNG and get mix type (0-3)
|
|
80
|
+
prng_state = prng_state * multiplier + increment;
|
|
81
|
+
uint8_t mix_type = (prng_state >> 59) % 4; // Use higher bits for better distribution
|
|
82
|
+
// Advance and get three indices (0-31)
|
|
83
|
+
prng_state = prng_state * multiplier + increment;
|
|
84
|
+
uint8_t idx1 = (prng_state >> 59) % 32;
|
|
85
|
+
prng_state = prng_state * multiplier + increment;
|
|
86
|
+
uint8_t idx2 = (prng_state >> 59) % 32;
|
|
87
|
+
prng_state = prng_state * multiplier + increment;
|
|
88
|
+
uint8_t idx3 = (prng_state >> 59) % 32;
|
|
89
|
+
// Variable mixing operations based on type (different from original mixes)
|
|
90
|
+
switch (mix_type) {
|
|
91
|
+
case 0: // Addition with wrap, then XOR (uses three indices)
|
|
92
|
+
mix_var = (temp[idx1] + temp[idx2] + temp[idx3]) & 0xFF;
|
|
93
|
+
temp[idx1] ^= mix_var;
|
|
94
|
+
break;
|
|
95
|
+
case 1: { // Dynamic rotation left, then subtract
|
|
96
|
+
uint8_t shift = (temp[idx3] % 8) + 1; // Avoid zero shift
|
|
97
|
+
temp[idx1] = rotl(temp[idx1], shift);
|
|
98
|
+
temp[idx1] = (temp[idx1] - temp[idx2]) & 0xFF;
|
|
99
|
+
break;
|
|
100
|
+
}
|
|
101
|
+
case 2: // XOR chain across indices
|
|
102
|
+
temp[idx1] ^= temp[idx2];
|
|
103
|
+
temp[idx2] ^= temp[idx3];
|
|
104
|
+
temp[idx3] ^= temp[idx1];
|
|
105
|
+
break;
|
|
106
|
+
case 3: { // Multiply-like (shift-add) with wrap, then rotate right
|
|
107
|
+
uint8_t rshift = temp[idx2] % 8;
|
|
108
|
+
mix_var = ((temp[idx1] << 1) + temp[idx2]) & 0xFF;
|
|
109
|
+
temp[idx1] = mix_var ^ temp[idx3];
|
|
110
|
+
temp[idx1] = (temp[idx1] >> rshift) | (temp[idx1] << (8 - rshift));
|
|
111
|
+
break;
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
// Additional bogus conditional (always true, nested for extra stepping)
|
|
115
|
+
if ((iter * iter % 2) != 1) { // Always true for even/odd pattern, but simple
|
|
116
|
+
// No-op path, but adds branch
|
|
117
|
+
} else {
|
|
118
|
+
// Dead, never hit
|
|
119
|
+
temp[0] = 0;
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
memcpy(output, temp, 32);
|
|
123
|
+
}
|
|
124
|
+
const char* get_mr_signer() {
|
|
125
|
+
// Stack allocation with required alignments
|
|
126
|
+
uint8_t target_info[512] __attribute__((aligned(512)));
|
|
127
|
+
uint8_t report_data[64] __attribute__((aligned(128)));
|
|
128
|
+
uint8_t report[432] __attribute__((aligned(512)));
|
|
129
|
+
// Zero-initialize for a simple self-report (target_info all zeros means report for current enclave)
|
|
130
|
+
memset(target_info, 0, sizeof(target_info));
|
|
131
|
+
memset(report_data, 0, sizeof(report_data));
|
|
132
|
+
memset(report, 0, sizeof(report));
|
|
133
|
+
// Generate the report
|
|
134
|
+
sgx_status_t status = generate_sgx_report(target_info, report_data, report);
|
|
135
|
+
if (status == SGX_SUCCESS) {
|
|
136
|
+
// Extract mr_enclave from correct offset (bytes 64-96 in sgx_report_t) for obfuscation
|
|
137
|
+
uint8_t output[32];
|
|
138
|
+
generate_obfuscated_string(report + 64, output);
|
|
139
|
+
return bytes_to_hex(output, 32);
|
|
140
|
+
}
|
|
141
|
+
return NULL;
|
|
142
|
+
}
|
|
@@ -1,3 +1,20 @@
|
|
|
1
|
+
"""
|
|
2
|
+
Module: models.py
|
|
3
|
+
|
|
4
|
+
This module defines data models and factories for handling orders and metadata in a blockchain-based task processing system. It includes classes for orders, base metadata, versioned payload and input metadata (V0 and V3), and factories to create metadata objects based on version strings. Additionally, it provides a class for DO (Data Owner?) request metadata, parsing and exposing properties like image hash, public key, and node address. The models support versioning, with V3 including checksums (potentially signed) for integrity verification.
|
|
5
|
+
|
|
6
|
+
Key Features:
|
|
7
|
+
- Order model: Represents blockchain orders with attributes like owner, processor, requests, and status.
|
|
8
|
+
- Metadata base and subclasses: Abstract base for metadata with version, IPFS hash, and optional checksum; V0 is hash-only, V3 includes checksum.
|
|
9
|
+
- Factories: Dynamically create versioned metadata objects from strings (e.g., "v3:hash:checksum").
|
|
10
|
+
- DOReqMetadata: Parses request metadata into accessible properties, integrating with factories for payload/input objects.
|
|
11
|
+
- No external dependencies beyond standard Python.
|
|
12
|
+
|
|
13
|
+
Usage Context: Used in trustedzone.py to fetch and parse order/request metadata from smart contracts, enabling validation and processing in secure environments like Ethernity/Etny.
|
|
14
|
+
|
|
15
|
+
Potential Security Notes: Checksums in V3 can be signed (0x-prefixed), but validation logic is external (e.g., in trustedzone.py). Assumes metadata strings are trusted from blockchain; malformed inputs could raise ValueError.
|
|
16
|
+
"""
|
|
17
|
+
|
|
1
18
|
class Order:
|
|
2
19
|
def __init__(self, req, order_id):
|
|
3
20
|
self.id = order_id
|
|
@@ -141,6 +158,10 @@ class DOReqMetadata:
|
|
|
141
158
|
def image_hash(self):
|
|
142
159
|
return self.image_metadata.split(':')[1]
|
|
143
160
|
|
|
161
|
+
@property
|
|
162
|
+
def trustedzone_image_name(self):
|
|
163
|
+
return self.image_metadata.split(':')[2]
|
|
164
|
+
|
|
144
165
|
@property
|
|
145
166
|
def payload_metadata(self):
|
|
146
167
|
return self._metadata2
|
|
@@ -161,17 +182,3 @@ class DOReqMetadata:
|
|
|
161
182
|
def node_address(self):
|
|
162
183
|
return self._metadata4
|
|
163
184
|
|
|
164
|
-
|
|
165
|
-
# add_do_req(..., 'v3:image_:....:...:', 'v3:payload_hash:checksum', 'v3::0', 'node_address')
|
|
166
|
-
'''
|
|
167
|
-
input + payload
|
|
168
|
-
v0: 'ipfs_hash'
|
|
169
|
-
v3: 'v3:file_ipfs_hash:file_checksum'
|
|
170
|
-
|
|
171
|
-
image
|
|
172
|
-
v0: 'ipfs_hash:image_name'
|
|
173
|
-
v3: 'v3:image_ipfs_hash:image_name:docker_Compose_ipfs_hash:client_challenge_ipfs_hash:client_public_cert'
|
|
174
|
-
'''
|
|
175
|
-
if __name__ == '__main__':
|
|
176
|
-
obj = PayloadFactory.create_payload_metadata('v3:some_img_hash:fucker')
|
|
177
|
-
obj2 = PayloadFactory.create_payload_metadata('must not!')
|