From 521fe5e7d4643e2ac2675792d54ef3d866d8679d Mon Sep 17 00:00:00 2001 From: gruenwaldi <waldemar.gruenwald@ubirch.com> Date: Wed, 15 Feb 2023 18:11:09 +0100 Subject: [PATCH] this is for testing UbirchWrapper.py --- examples/UbirchWrapper.py | 29 ++++++------- ubirch/__init__.py | 1 + ubirch/ubirch_backend_keys.py | 77 +++++++++++++++++++++++++++++++++++ 3 files changed, 93 insertions(+), 14 deletions(-) create mode 100644 ubirch/ubirch_backend_keys.py diff --git a/examples/UbirchWrapper.py b/examples/UbirchWrapper.py index 27086ea..b6199b3 100644 --- a/examples/UbirchWrapper.py +++ b/examples/UbirchWrapper.py @@ -6,7 +6,8 @@ import ubirch from ubirch.ubirch_protocol import UNPACKED_UPP_FIELD_PREV_SIG, UBIRCH_PROTOCOL_TYPE_REG, UBIRCH_PROTOCOL_TYPE_BIN -from ubirch_keys_and_uuids import UBIRCH_UUIDS, UBIRCH_PUBKEYS_EC, UBIRCH_PUBKEYS_ED +# from ubirch_keys_and_uuids import UBIRCH_UUIDS, UBIRCH_PUBKEYS_EC, UBIRCH_PUBKEYS_ED +# from ubirch.ubirch_backend_keys import * ECDSA_TYPE = "ecdsa" EDDSA_TYPE = "ed25519" @@ -28,11 +29,11 @@ def __init__(self, key_store: ubirch.KeyStore, uuid: UUID, env: str, key_type: s # check if the device already has keys or generate a new pair if not self.__ks.exists_signing_key(uuid): # check the key type before creating new keys - if key_type == "ed25519": + if key_type == EDDSA_TYPE: logger.info("generating new keypair with ed25519 algorithm") self.__ks.create_ed25519_keypair(uuid) - elif key_type == "ecdsa": + elif key_type == ECDSA_TYPE: logger.info("generating new keypair with ecdsa algorithm") self.__ks.create_ecdsa_keypair(uuid) @@ -52,22 +53,22 @@ def __init__(self, key_store: ubirch.KeyStore, uuid: UUID, env: str, key_type: s raise ValueError(f"existing key for {uuid} is not from expected type {key_type}") # check env - if env not in UBIRCH_PUBKEYS_ED.keys(): - raise ValueError("Invalid ubirch env! Must be one of {}".format(list(UBIRCH_PUBKEYS_ED.keys()))) + if env not in ubirch.getBackendEnvironemts(): + raise ValueError("Invalid ubirch env! Must be one of {}".format(list(ubirch.getBackendEnvironemts()))) # check if the keystore has the same key_type for the device UUID and the backend response - if temp_key_type == "ecdsa": - if self.__ks._ks.entries.get(UBIRCH_UUIDS[env].hex, None) != None: + if key_type == ECDSA_TYPE: + if self.__ks._ks.entries.get(ubirch.getBackendUuid(env).hex, None) != None: # suffix-less pubkey found, delete it - self.__ks._ks.entries.pop(UBIRCH_UUIDS[env].hex) + self.__ks._ks.entries.pop(ubirch.getBackendUuid(env).hex) - self.__ks.insert_ecdsa_verifying_key(UBIRCH_UUIDS[env], UBIRCH_PUBKEYS_EC[env]) - elif temp_key_type == "ed25519": - if self.__ks._ks.entries.get(UBIRCH_UUIDS[env].hex + '_ecd', None) != None: + self.__ks.insert_ecdsa_verifying_key(ubirch.getBackendUuid(env), ubirch.getBackendKeys(env,ECDSA_TYPE)) + elif key_type == EDDSA_TYPE: + if self.__ks._ks.entries.get(ubirch.getBackendUuid(env).hex + '_ecd', None) != None: # suffix-less pubkey found, delete it - self.__ks._ks.entries.pop(UBIRCH_UUIDS[env].hex + '_ecd') + self.__ks._ks.entries.pop(ubirch.getBackendUuid(env).hex + '_ecd') - self.__ks.insert_ed25519_verifying_key(UBIRCH_UUIDS[env], UBIRCH_PUBKEYS_ED[env]) + self.__ks.insert_ed25519_verifying_key(ubirch.getBackendUuid(env), ubirch.getBackendKeys(env,EDDSA_TYPE)) # load last signature for device self.load(uuid) @@ -224,7 +225,7 @@ def handleMessageResponse(self, response: Response): def verifyResponseSender(self, response: Response): """! Verify that the response came from the backend """ - if self.protocol.verify_signature(UBIRCH_UUIDS[self.env], response.content) == True: + if self.protocol.verify_signature(ubirch.getBackendUuid(self.env), response.content) == True: logger.info("Backend response signature successfully verified!") else: logger.error("Backend response signature verification FAILED!") diff --git a/ubirch/__init__.py b/ubirch/__init__.py index 56aca79..f9ecabe 100644 --- a/ubirch/__init__.py +++ b/ubirch/__init__.py @@ -17,3 +17,4 @@ from .ubirch_ks import KeyStore from .ubirch_protocol import Protocol from .ubirch_api import API +from .ubirch_backend_keys import getBackendKeys, getBackendUuid, getBackendEnvironemts diff --git a/ubirch/ubirch_backend_keys.py b/ubirch/ubirch_backend_keys.py new file mode 100644 index 0000000..ccf0c8c --- /dev/null +++ b/ubirch/ubirch_backend_keys.py @@ -0,0 +1,77 @@ + +## +# @file ubirch_backen_keys.py +# ubirch backend keys getter functions +# +# @author Waldemar Gruenwald +# +# @copyright Copyright (c) 2023 ubirch GmbH. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import hashlib, binascii, ecdsa, ed25519 +from uuid import UUID + +ECDSA_TYPE = "ecdsa" +EDDSA_TYPE = "ed25519" + +KEYS = { + "dev":{ + "uuid":"9d3c78ff-22f3-4441-a5d1-85c636d486ff", + "vk":{ + "ed25519":"39ff77632b034d0eba6d219c2ff192e9f24916c9a02672acb49fd05118aad251", + "ecdsa":"2e753c064bc671940fcb98165542fe3c70340cff5d53ad47f0304ef2166f4f223b9572251b5fe8aee54c4fb812da79590caf501beba0911b7fcd3add2eb0180c" + } + }, + "demo":{ + "uuid":"07104235-1892-4020-9042-00003c94b60b", + "vk":{ + "ed25519":"a2403b92bc9add365b3cd12ff120d020647f84ea6983f98bc4c87e0f4be8cd66", + "ecdsa":"c66fa222898146347741dbcb26b184d4e06cddb01ff04238f457e006b891937ea7e115185fed2c9ab60af2d66497a2e1aedf65ce38941ab5c68a3468544f948c" + } + }, + "prod":{ + "uuid":"10b2e1a4-56b3-4fff-9ada-cc8c20f93016", + "vk":{ + "ed25519":"ef8048ad06c0285af0177009381830c46cec025d01d86085e75a4f0041c2e690", + "ecdsa":"a49758a0937437741314c0558d955089ed61860ba64154f2da45fd23b9178d2ca8225e3410e6bd317db848100004157bc55d88162d4a58c9c2d5a2ce22f3908d" + } + } +} + +def getBackendEnvironemts() -> list: + """! + Getter to list the available backend environments. + @return available Environments + """ + return KEYS.keys() + +def getBackendUuid(env: str = "demo") -> UUID: + """! + Getter function for environment (`env`) specific backend UUID + @param env Environment of the backend, can be `"dev"`, `"demo"`, or `"prod"`. Default is `"demo"` + @return the UUID of the backend + """ + return UUID(hex=KEYS[env]["uuid"]) + +def getBackendKeys(env: str = "demo", key_type: str = EDDSA_TYPE) -> ed25519.VerifyingKey or ecdsa.VerifyingKey: + """! + Getter function for environment (`env`) specific backend verification key + @param env Environment of the backend, can be `"dev"`, `"demo"`, or `"prod"`. Default is `"demo"` + @param key_type is the cryptographic algorithm for the requested key, can be `"ed25519"` of `"ecdsa"` + @return the key_type/algorithm specific public key + """ + if key_type == EDDSA_TYPE: + return ed25519.VerifyingKey(KEYS[env]["vk"][EDDSA_TYPE], encoding="hex") + elif key_type == ECDSA_TYPE: + return ecdsa.VerifyingKey.from_string(binascii.unhexlify(KEYS[env]["vk"][ECDSA_TYPE]), curve=ecdsa.NIST256p, hashfunc=hashlib.sha256)