Mirroristas/bigchaindb
2
0
Fork 0
mirror of https://github.com/bigchaindb/bigchaindb.git synced 2024-10-13 13:34:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

ILP conditions and fulfillment basis

Browse Source 
ed25519 fulfillment
tests
This commit is contained in:
diminator 2016-03-18 09:58:54 +01:00
parent 8425214c2a
commit 46cd3323e8
9 changed files with 1215 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
bigchaindb/crypto/bitmark_registry.py Normal file
View File

@ -0,0 +1,56 @@
from bigchaindb.crypto.iostream import MAX_SAFE_INTEGER
class BitmaskRegistry:
registered_types = []
@staticmethod
def get_class_from_typebit(bitmask):
"""
Determine fulfillment implementation class from a bitmask.
Returns the class implementing a fulfillment type that matches a certain bitmask.
Args:
bitmask (int): fulfillment bitmask
Return:
Class implementing the given fulfillment type.
"""
# Determine type of condition
if bitmask > MAX_SAFE_INTEGER:
raise ValueError('Bitmask {} is not supported'.format(bitmask))
for registered_type in BitmaskRegistry.registered_types:
if bitmask == registered_type['bitmask']:
return registered_type['class']
raise ValueError('Bitmask {} is not supported'.format(bitmask))
@staticmethod
def register_type(cls):
"""
Add a new fulfillment type.
This can be used to extend this cryptocondition implementation with new
fulfillment types that it does not yet support. But mostly it is used
internally to register the built-in types.
In this method, we expect a regular fulfillment type, for information on
registering meta types please see `registerMetaType`.
Args:
cls: Implementation of a fulfillment type.
"""
# TODO Do some sanity checks on Class
BitmaskRegistry.registered_types.append(
{
'bitmask': cls().bitmask,
'class': cls
})
from bigchaindb.crypto.fulfillments.ed25519_sha256 import Ed25519Sha256Fulfillment
BitmaskRegistry.register_type(Ed25519Sha256Fulfillment)

163
bigchaindb/crypto/condition.py Normal file
View File

@ -0,0 +1,163 @@
import base64
import re
from abc import ABCMeta
from six import string_types
from bigchaindb.crypto.iostream import base64_add_padding, base64_remove_padding
CONDITION_REGEX = r'^cc:1:[1-9a-f][0-9a-f]{0,2}:[a-zA-Z0-9_-]{43}:[1-9][0-9]{0,50}$'
class Condition(metaclass=ABCMeta):
_bitmask = None
_hash = None
_max_fulfillment_length = None
@staticmethod
def from_uri(serialized_condition):
"""
Create a Condition object from a URI.
This method will parse a condition URI and construct a corresponding Condition object.
Args:
serialized_condition (str): URI representing the condition
Returns:
Condition: Resulting object
"""
if not isinstance(serialized_condition, string_types):
raise TypeError('Serialized condition must be a string')
pieces = serialized_condition.split(':')
if not pieces[0] == 'cc':
raise ValueError('Serialized condition must start with "cc:"')
if not pieces[1] == '1':
raise ValueError('Condition must be version 1')
if not re.match(CONDITION_REGEX, serialized_condition):
raise ValueError('Invalid condition format')
condition = Condition()
condition.bitmask = int(pieces[2])
condition.hash = base64.urlsafe_b64decode(base64_add_padding(pieces[3]))
condition.max_fulfillment_length = int(pieces[4])
return condition
@property
def bitmask(self):
"""
Return the bitmask of this condition.
For simple condition types this is simply the bit representing this type.
For meta-conditions, these are the bits representing the types of the subconditions.
Return:
int: Bitmask corresponding to this condition.
"""
return self._bitmask
@bitmask.setter
def bitmask(self, value):
"""
Set the bitmask.
Sets the required bitmask to validate a fulfillment for this condition.
Args:
value (int): representation of bitmask.
"""
self._bitmask = value
@property
def hash(self):
"""
Return the hash of the condition.
A primary component of all conditions is the hash. It encodes the static
properties of the condition. This method enables the conditions to be
constant size, no matter how complex they actually are. The data used to
generate the hash consists of all the static properties of the condition
and is provided later as part of the fulfillment.
Return:
Hash of the condition
"""
if not self._hash:
raise ValueError
return self._hash
@hash.setter
def hash(self, value):
"""
Validate and set the hash of this condition.
Typically conditions are generated from fulfillments and the hash is
calculated automatically. However, sometimes it may be necessary to
construct a condition URI from a known hash. This method enables that case.
Args:
value (Buffer): Hash as binary.
"""
# TODO: value must be Buffer
# if not isinstance(value, Buffer):
# raise ValueError
self._hash = value
@property
def max_fulfillment_length(self):
"""
Return the maximum fulfillment length.
The maximum fulfillment length is the maximum allowed length for any
fulfillment payload to fulfill this condition.
The condition defines a maximum fulfillment length which all
implementations will enforce. This allows implementations to verify that
their local maximum fulfillment size is guaranteed to accomodate any
possible fulfillment for this condition.
Otherwise an attacker could craft a fulfillment which exceeds the maximum
size of one implementation, but meets the maximum size of another, thereby
violating the fundamental property that fulfillments are either valid
everywhere or nowhere.
Return:
(int) Maximum length (in bytes) of any fulfillment payload that fulfills this condition..
"""
if not self._max_fulfillment_length:
raise ValueError
return self._max_fulfillment_length
@max_fulfillment_length.setter
def max_fulfillment_length(self, value):
"""
Set the maximum fulfillment length.
The maximum fulfillment length is normally calculated automatically, when
calling `Fulfillment#getCondition`. However, when
Args:
value (int): Maximum fulfillment payload length in bytes.
"""
self._max_fulfillment_length = value
def serialize_uri(self):
"""
Generate the URI form encoding of this condition.
Turns the condition into a URI containing only URL-safe characters. This
format is convenient for passing around conditions in URLs, JSON and other text-based formats.
Returns:
string: Condition as a URI
"""
return 'cc:1:{}:{}:{}'.format(self.bitmask,
base64_remove_padding(
base64.urlsafe_b64encode(self.hash)
).decode('utf-8'),
self.max_fulfillment_length)

6
bigchaindb/crypto/ed25519.py
View File

@ -20,11 +20,13 @@ class ED25519PrivateKey(PrivateKey):
private_base64 = self.decode(key)
self.private_key = self._private_key_from_private_base64(private_base64)
def sign(self, data):
def sign(self, data, encoding="base64"):
"""
Sign data with private key
"""
return self.private_key.sign(data.encode('utf-8'), encoding="base64")
if not isinstance(data, bytes):
data = data.encode('utf-8')
return self.private_key.sign(data, encoding=encoding)
@staticmethod
def encode(private_base64):

161
bigchaindb/crypto/fulfillment.py Normal file
View File

@ -0,0 +1,161 @@
import base64
import re
from abc import ABCMeta, abstractmethod
from six import string_types
from bigchaindb.crypto.condition import Condition
from bigchaindb.crypto.iostream import Writer, base64_remove_padding, Reader, base64_add_padding
FULFILLMENT_REGEX = r'^cf:1:[1-9a-f][0-9a-f]{0,2}:[a-zA-Z0-9_-]+$'
class Fulfillment(metaclass=ABCMeta):
_bitmask = None
@staticmethod
def from_uri(serialized_fulfillment):
"""
Create a Fulfillment object from a URI.
This method will parse a fulfillment URI and construct a corresponding Fulfillment object.
Args:
serialized_fulfillment (str): URI representing the fulfillment
Return:
Fulfillment: Resulting object
"""
if not isinstance(serialized_fulfillment, string_types):
raise TypeError('Serialized fulfillment must be a string')
pieces = serialized_fulfillment.split(':')
if not pieces[0] == 'cf':
raise ValueError('Serialized fulfillment must start with "cf:"')
if not pieces[1] == '1':
raise ValueError('Fulfillment must be version 1')
if not re.match(FULFILLMENT_REGEX, serialized_fulfillment):
raise ValueError('Invalid fulfillment format')
bitmask = int(pieces[2])
from bigchaindb.crypto.bitmark_registry import BitmaskRegistry
cls = BitmaskRegistry.get_class_from_typebit(bitmask)
fulfillment = cls()
payload = Reader.from_source(
base64.urlsafe_b64decode(
base64_add_padding(pieces[3])))
fulfillment.parse_payload(payload)
return fulfillment
@property
def bitmask(self):
"""
Return the bitmask of this fulfillment.
For simple fulfillment types this is simply the bit representing this type.
For meta-fulfillments, these are the bits representing the types of the subconditions.
Returns:
int: Bitmask corresponding to this fulfillment.
"""
return self._bitmask
@property
def condition(self):
"""
Generate condition corresponding to this fulfillment.
An important property of crypto-conditions is that the condition can always
be derived from the fulfillment. This makes it very easy to post
fulfillments to a system without having to specify which condition the
relate to. The system can keep an index of conditions and look up any
matching events related to that condition.
Return:
Condition: Condition corresponding to this fulfillment.
"""
condition = Condition()
condition.bitmask = self.bitmask
condition.hash = self.generate_hash()
condition.max_fulfillment_length = self.calculate_max_fulfillment_length()
return condition
def serialize_uri(self):
"""
Generate the URI form encoding of this fulfillment.
Turns the fulfillment into a URI containing only URL-safe characters. This
format is convenient for passing around fulfillments in URLs, JSON and
other text-based formats.
Return:
string: Fulfillment as a URI
"""
return 'cf:1:{}:{}'.format(self.bitmask,
base64_remove_padding(
base64.urlsafe_b64encode(
b''.join(self.serialize_payload().components)
)
).decode('utf-8'))
def serialize_payload(self):
"""
Return the fulfillment payload as a buffer.
Note that the fulfillment payload is not the standard format for passing
fulfillments in binary protocols. Use `serializeBinary` for that. The
fulfillment payload is purely the type-specific data and does not include the bitmask.
Return:
Buffer: Fulfillment payload
"""
return self.write_payload(Writer())
def calculate_max_fulfillment_length(self):
"""
Calculate the maximum length of the fulfillment payload.
This implementation works by measuring the length of the fulfillment.
Condition types that do not have a constant length will override this
method with one that calculates the maximum possible length.
Return:
{Number} Maximum fulfillment length
"""
# TODO: Predictor
# predictor = Predictor()
predictor = None
self.write_payload(predictor)
return predictor.size
@abstractmethod
def write_payload(self, writer):
raise NotImplementedError
@abstractmethod
def parse_payload(self, reader):
raise NotImplementedError
@abstractmethod
def generate_hash(self):
"""
Generate the hash of the fulfillment.
This method is a stub and will be overridden by subclasses.
"""
raise NotImplementedError
@abstractmethod
def validate(self):
raise NotImplementedError

0
bigchaindb/crypto/fulfillments/__init__.py Normal file
View File

25
bigchaindb/crypto/fulfillments/base_sha256.py Normal file
View File

@ -0,0 +1,25 @@
from abc import abstractmethod
from bigchaindb.crypto.fulfillment import Fulfillment
from bigchaindb.crypto.iostream import Hasher
class BaseSha256Fulfillment(Fulfillment):
def generate_hash(self):
"""
Calculate condition hash.
This method is called internally by `condition`. It calculates the
condition hash by hashing the hash payload.
Return:
Buffer: Result from hashing the hash payload.
"""
hasher = Hasher('sha256')
self.write_hash_payload(hasher)
return hasher.digest() # remove padding
@abstractmethod
def write_hash_payload(self, hasher):
raise NotImplementedError

254
bigchaindb/crypto/fulfillments/ed25519_sha256.py Normal file
View File

@ -0,0 +1,254 @@
import base58
from bigchaindb.crypto.ed25519 import ED25519PublicKey
from bigchaindb.crypto.fulfillments.base_sha256 import BaseSha256Fulfillment
from bigchaindb.crypto.iostream import Predictor
class Ed25519Sha256Fulfillment(BaseSha256Fulfillment):
_bitmask = 0x08
_message_prefix = None
_max_dynamic_message_length = None
_public_key = None
_message = None
_signature = None
@property
def message_prefix(self):
return self._message_prefix
@message_prefix.setter
def message_prefix(self, value):
"""
Set the fixed message prefix.
The fixed prefix is the portion of the message that is determined when the
condition is first created.
Args:
value (Buffer): Static portion of the message
"""
if not isinstance(value, bytes):
value = value.encode()
self._message_prefix = value
@property
def max_dynamic_message_length(self):
return self._max_dynamic_message_length
@max_dynamic_message_length.setter
def max_dynamic_message_length(self, value):
"""
Set the maximum length of the dynamic message component.
The dynamic message is the part of the signed message that is determined at
fulfillment time. However, when the condition is first created, we need to
know the maximum fulfillment length, which in turn requires us to put a
limit on the length of the dynamic message component.
If this method is not called, the maximum dynamic message length defaults to zero.
Args:
value (int): Maximum length in bytes
"""
self._max_dynamic_message_length = value
@property
def public_key(self):
return self._public_key
@public_key.setter
def public_key(self, value):
"""
Set the public publicKey.
This is the Ed25519 public key. It has to be provided as a buffer.
Args:
value (Buffer): publicKey Public Ed25519 publicKey
"""
# TODO: Buffer
# if not isinstance(value, Buffer):
# raise ValueError("public key must be a Buffer")
if not isinstance(value, ED25519PublicKey):
raise TypeError
self._public_key = value
@property
def message(self):
return self._message
@message.setter
def message(self, value):
"""
Set the dynamic message portion.
Part of the signed message (the suffix) can be determined when the condition is being fulfilled.
Length may not exceed the maximum dynamic message length.
Args:
value (Buffer): Binary form of dynamic message.
"""
# TODO: Buffer
# if not isinstance(value, Buffer):
# raise ValueError("message must be a Buffer")
if not isinstance(value, bytes):
value = value.encode()
self._message = value
@property
def signature(self):
return self._signature
@signature.setter
def signature(self, value):
"""
Set the signature.
Instead of using the private key to sign using the sign() method, we can also generate the signature elsewhere
and pass it in.
Args:
value (Buffer): 64-byte signature.
"""
# TODO: Buffer
# if not isinstance(value, Buffer):
# raise ValueError("signature must be a Buffer")
self._signature = value
def write_common_header(self, writer):
"""
Write static header fields.
Some fields are common between the hash and the fulfillment payload. This
method writes those field to anything implementing the Writer interface.
It is used internally when generating the hash of the condition, when
generating the fulfillment payload and when calculating the maximum fulfillment size.
Args:
writer (Writer|Hasher|Predictor): Target for outputting the header.
"""
if not self.public_key:
raise ValueError
writer.write_var_bytes(bytearray(self.public_key.public_key.to_bytes()))
writer.write_var_bytes(self.message_prefix)
writer.write_var_uint(self.max_dynamic_message_length)
return writer
def parse_payload(self, reader):
"""
Parse the payload of an Ed25519 fulfillment.
Read a fulfillment payload from a Reader and populate this object with that fulfillment.
Args:
reader (Reader): Source to read the fulfillment payload from.
"""
self.public_key = \
ED25519PublicKey(
base58.b58encode(
reader.read_var_bytes()))
self.message_prefix = reader.read_var_bytes()
self.max_dynamic_message_length = reader.read_var_uint()
self.message = reader.read_var_bytes()
self.signature = reader.read_var_bytes()
print(self.signature)
def write_payload(self, writer):
"""
Generate the fulfillment payload.
This writes the fulfillment payload to a Writer.
Args:
writer (Writer): Subject for writing the fulfillment payload.
"""
self.write_common_header(writer)
writer.write_var_bytes(self.message)
writer.write_var_bytes(self.signature)
return writer
def write_hash_payload(self, hasher):
"""
Generate the contents of the condition hash.
Writes the contents of the condition hash to a Hasher. Used internally by `condition`.
Args:
hasher (Hasher): Destination where the hash payload will be written.
"""
hasher.write_var_uint(self.bitmask)
return self.write_common_header(hasher)
def calculate_max_fulfillment_length(self):
"""
Calculates the longest possible fulfillment length.
The longest fulfillment for an Ed25519 condition is the length of a
fulfillment where the dynamic message length equals its maximum length.
Return:
Maximum length of the fulfillment payload
"""
predictor = Predictor()
if not self.public_key:
raise ValueError('Requires a public key')
# Calculate the length that the common header would have
self.write_common_header(predictor)
# Message suffix
predictor.write_var_uint(self.max_dynamic_message_length)
predictor.skip(self.max_dynamic_message_length)
# Signature
predictor.write_var_bytes(self.public_key.public_key.to_bytes())
return predictor.size
def sign(self, private_key):
"""
Sign the message.
This method will take the currently configured values for the message
prefix and suffix and create a signature using the provided Ed25519 private key.
Args:
private_key (string) Ed25519 private key
"""
# TODO: Buffer
sk = private_key
vk = ED25519PublicKey(
base58.b58encode(
sk.private_key.get_verifying_key().to_bytes()))
self.public_key = vk
message = self.message_prefix + self.message
# This would be the Ed25519ph version (JavaScript ES7):
# const message = crypto.createHash('sha512')
# .update(Buffer.concat([this.messagePrefix, this.message]))
# .digest()
self.signature = sk.sign(message, encoding=None)
def validate(self):
"""
Verify the signature of this Ed25519 fulfillment.
The signature of this Ed25519 fulfillment is verified against the provided message and public key.
Return:
boolean: Whether this fulfillment is valid.
"""
if not (self.message and self.signature):
return False
message = self.message_prefix + self.message
return self.public_key.verify(message, self.signature, encoding=None)

437
bigchaindb/crypto/iostream.py Normal file
View File

@ -0,0 +1,437 @@
import base64
import hashlib
from math import ceil
import binascii
from six import string_types
MSB = 0x80
REST = 0x7F
MSBALL = ~REST
INT = 2**31
# https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/MAX_SAFE_INTEGER
MAX_SAFE_INTEGER = 2**53-1
class UnsignedLEB128:
"""
Adapter for DWARF unsigned LEB128.
A VARUINT is a variable length integer encoded as base128 where the highest
bit indicates that another byte is following. The first byte contains the
seven least significant bits of the number represented.
see: https://en.wikipedia.org/wiki/LEB128 (ULEB128)
see http://grokbase.com/t/python/python-list/112e5jpc16/encoding
"""
@staticmethod
def encode(obj):
out = []
value = int(obj)
while value > INT:
out.append((value & REST) | MSB)
value /= 7
while value & MSBALL:
out.append((value & REST) | MSB)
value >>= 7
out.append(value | 0)
return out
@staticmethod
def decode(obj):
value = 0
for b in reversed(obj):
value = value * 128 + (ord(b) & 0x7F)
return value
class Writer:
def __init__(self):
self.components = []
def write_var_uint(self, value):
"""
Write a VARUINT to the stream.
Args:
value (int): Integer to represent.
"""
out = UnsignedLEB128.encode(value)
self.write(out)
def write_var_bytes(self, buffer):
"""
Write a VARBYTES.
A VARBYTES field consists of a VARUINT followed by that many bytes.
Args:
buffer (Buffer): Contents of the VARBYTES.
"""
self.write_var_uint(len(buffer))
self.write(buffer)
def write(self, in_bytes):
"""
Write a series of raw bytes.
Adds the given bytes to the output buffer.
Args:
in_bytes (Buffer): Bytes to write.
"""
out = in_bytes
if isinstance(out, (list, bytearray)):
out = binascii.unhexlify(''.join('{:02x}'.format(x) for x in out))
if not isinstance(out, bytes):
out = out.encode('utf-8')
self.components.append(out)
class Hasher(Writer):
hash = None
def __init__(self, algorithm):
if algorithm == 'sha256':
self.hash = hashlib.sha256()
else:
raise NotImplementedError
super(Writer, self).__init__()
def write(self, in_bytes):
"""
Adds bytes to the hash input.
The hasher will pass these bytes into the hashing function. By overriding
the Writer class and implementing this method, the Hasher supports any of
the datatypes that a Writer can write.
Args:
in_bytes (Buffer): Bytes to add to the hash.
"""
out = in_bytes
if isinstance(out, (list, bytearray)):
out = binascii.unhexlify(''.join('{:02x}'.format(x) for x in out))
if not isinstance(out, bytes):
out = out.encode('utf-8')
self.hash.update(out)
def digest(self):
"""
Return the hash.
Returns the finished hash based on what has been written to the Hasher so far.
Return:
Buffer: Resulting hash.
"""
return self.hash.digest()
@staticmethod
def length(algorithm):
"""
Get digest length for hashing algorithm.
Args:
algorithm (string): Hashing algorithm identifier.
Return:
int: Digest length in bytes.
"""
return len(Hasher(algorithm).digest())
class Predictor:
size = 0
def write_var_uint(self, val):
"""
Calculate the size of a VARUINT.
A VARUINT is a variable length integer encoded as base128 where the highest
bit indicates that another byte is following. The first byte contains the
seven least significant bits of the number represented.
Args:
val (int): Integer to be encoded
"""
if val == 0:
self.size += 1
elif val < 0:
raise ValueError('Variable length integer cannot be negative')
elif val > MAX_SAFE_INTEGER:
raise ValueError('Variable length integer too large')
else:
# Calculate number of bits divided by seven
self.size += ceil(len('{:02b}'.format(val)) / 7)
def write_var_bytes(self, val):
"""
Calculate the size of a VARBYTES.
A VARBYTES field consists of a VARUINT followed by that many bytes.
Args:
val (varbytes): Contents for VARBYTES
"""
self.write_var_uint(len(val))
self.size += len(val)
def skip(self, in_bytes):
"""
Add this many bytes to the predicted size.
Args:
in_bytes (int): Number of bytes to pretend to write.
"""
self.size += in_bytes
class Reader:
def __init__(self, buffer):
self.buffer = buffer
self.cursor = 0
self.bookmarks = []
@staticmethod
def from_source(source):
"""
Create a Reader from a source of bytes.
Currently, this method only allows the creation of a Reader from a Buffer.
If the object provided is already a Reader, that reader is returned as is.
Args:
source (Reader|Buffer): Source of binary data.
Return:
Reader: Instance of Reader
"""
# if (Buffer.isBuffer(source)) {
# return new Reader(source)
# } else {
# throw new Error('Reader must be given a Buffer')
if isinstance(source, Reader):
return source
return Reader(source)
def bookmark(self):
"""
Store the current cursor position on a stack.
"""
self.bookmarks.append(self.cursor)
def restore(self):
"""
Pop the most recently bookmarked cursor position off the stack.
"""
self.cursor = self.bookmarks.pop()
def ensure_available(self, num_bytes):
"""
Ensure this number of bytes is buffered.
This method checks that the given number of bytes is buffered and available
for reading. If insufficient bytes are available, the method throws an `OverflowError`.
Args:
num_bytes (int): Number of bytes that should be available.
"""
if len(self.buffer) < self.cursor + num_bytes:
raise OverflowError('Tried to read {} bytes, but only {} bytes available'
.format(num_bytes, len(self.buffer.length) - self.cursor))
def read_uint8(self):
"""
Read a single unsigned 8 byte integer.
Return: {Number} Contents of next byte.
"""
self.ensure_available(1)
value = self.buffer[self.cursor]
self.cursor += 1
return value
def peek_uint8(self):
"""
Look at the next byte, but don't advance the cursor.
Return: {Number} Contents of the next byte.
"""
self.ensure_available(1)
return self.buffer.read_uint8(self.cursor)
def skip_uint8(self):
"""
Advance cursor by one byte.
"""
self.cursor += 1
def read_var_uint(self):
"""
Read a VARUINT at the cursor position.
A VARUINT is a variable length integer encoded as base128 where the highest
bit indicates that another byte is following. The first byte contains the
seven least significant bits of the number represented.
Return the VARUINT and advances the cursor accordingly.
Return: {Number} Value of the VARUINT.
"""
shift = 0
result = 0
while True:
in_byte = self.read_uint8()
result += (in_byte & REST) << shift if shift < 28 else (in_byte & REST) * (2 ** shift)
shift += 7
# Don't allow numbers greater than Number.MAX_SAFE_INTEGER
if shift > 45:
raise ValueError('Too large variable integer')
if not (in_byte & MSB):
break
return result
def peek_var_uint(self):
"""
Read the next VARUINT, but don't advance the cursor.
Return: {Number} VARUINT at the cursor position.
"""
self.bookmark()
value = self.read_var_uint()
self.restore()
return value
def skip_var_uint(self):
"""
Skip past the VARUINT at the cursor position.
"""
# Read variable integer and ignore output
self.read_var_uint()
def read_var_bytes(self):
"""
Read a VARBYTES.
A VARBYTES field consists of a VARUINT followed by that many bytes.
Return: {Buffer} Contents of the VARBYTES.
"""
return self.read(self.read_var_uint())
def peek_var_bytes(self):
"""
Read a VARBYTES, but do not advance cursor position.
Return: {Buffer} Contents of the VARBYTES.
"""
self.bookmark()
value = self.read_var_bytes()
self.restore()
return value
def skip_var_bytes(self):
"""
Skip a VARBYTES.
"""
self.skip(len(self.read_var_bytes()))
def read(self, num_bytes):
"""
Read a given number of bytes.
Returns this many bytes starting at the cursor position and advances the
cursor.
Args:
num_bytes (int): Number of bytes to read.
Return:
Contents of bytes read.
"""
self.ensure_available(num_bytes)
value = self.buffer[self.cursor:self.cursor + num_bytes]
self.cursor += num_bytes
return value
def peek(self, num_bytes):
"""
Read bytes, but do not advance cursor.
Args:
num_bytes (int): Number of bytes to read.
Return:
Contents of bytes read.
"""
self.ensure_available(num_bytes)
return self.buffer.slice(self.cursor, self.cursor + num_bytes)
def skip(self, num_bytes):
"""
Skip a number of bytes.
Advances the cursor by this many bytes.
Args:
num_bytes (int): Number of bytes to advance the cursor by.
"""
self.ensure_available(num_bytes)
self.cursor += num_bytes
def base64_add_padding(data):
"""
Add enough padding for base64 encoding such that length is a multiple of 4
Args:
data: unpadded string or bytes
Return:
bytes: The padded bytes
"""
if isinstance(data, string_types):
data = data.encode('utf-8')
missing_padding = 4 - len(data) % 4
if missing_padding:
data += b'=' * missing_padding
return data
def base64_remove_padding(data):
"""
Remove padding from base64 encoding
Args:
data: fully padded base64 data
Return:
base64: Unpadded base64 bytes
"""
if isinstance(data, string_types):
data = data.encode('utf-8')
return data.replace(b'=', b'')

115
tests/crypto/test_fulfillment.py Normal file
View File

@ -0,0 +1,115 @@
import binascii
from bigchaindb.crypto.condition import Condition
from bigchaindb.crypto.ed25519 import ED25519PrivateKey, ED25519PublicKey
from bigchaindb.crypto.fulfillment import Fulfillment
from bigchaindb.crypto.fulfillments.ed25519_sha256 import Ed25519Sha256Fulfillment
class TestBigchainILPFulfillmentEd25519Sha256:
PUBLIC_HEX_ILP = b'ec172b93ad5e563bf4932c70e1245034c35467ef2efd4d64ebf819683467e2bf'
PUBLIC_B64_ILP = b'7Bcrk61eVjv0kyxw4SRQNMNUZ+8u/U1k6/gZaDRn4r8'
PUBLIC_B58_ILP = 'Gtbi6WQDB6wUePiZm8aYs5XZ5pUqx9jMMLvRVHPESTjU'
PRIVATE_HEX_ILP = b'833fe62409237b9d62ec77587520911e9a759cec1d19755b7da901b96dca3d42'
PRIVATE_B64_ILP = b'gz/mJAkje51i7HdYdSCRHpp1nOwdGXVbfakBuW3KPUI'
PRIVATE_B58_ILP = '9qLvREC54mhKYivr88VpckyVWdAFmifJpGjbvV5AiTRs'
CONDITION_ED25519_ILP = 'cc:1:8:qQINW2um59C4DB9JSVXH1igqAmaYGGqryllHUgCpfPU:113'
FULFILLMENT_ED25519_ILP = \
'cf:1:8:IOwXK5OtXlY79JMscOEkUDTDVGfvLv1NZOv4GWg0Z-K_DEhlbGxvIHdvcmxkISAVIENvbmRpdGlvbnMgYXJlIGhlcmUhQENbql531' \
'PbCJlRUvKjP56k0XKJMOrIGo2F66ueuTtRnYrJB2t2ZttdfXM4gzD_87eH1nZTpu4rTkAx81hSdpwI'
HASH_ED25519_HEX_ILP = b'a9020d5b6ba6e7d0b80c1f494955c7d6282a026698186aabca59475200a97cf5'
def test_ilp_keys(self):
sk = ED25519PrivateKey(self.PRIVATE_B58_ILP)
assert sk.private_key.to_ascii(encoding='base64') == self.PRIVATE_B64_ILP
assert binascii.hexlify(sk.private_key.to_bytes()[:32]) == self.PRIVATE_HEX_ILP
vk = ED25519PublicKey(self.PUBLIC_B58_ILP)
assert vk.public_key.to_ascii(encoding='base64') == self.PUBLIC_B64_ILP
assert binascii.hexlify(vk.public_key.to_bytes()) == self.PUBLIC_HEX_ILP
def test_serialize_condition_and_validate_fulfillment(self):
sk = ED25519PrivateKey(self.PRIVATE_B58_ILP)
vk = ED25519PublicKey(self.PUBLIC_B58_ILP)
fulfillment = Ed25519Sha256Fulfillment()
fulfillment.public_key = vk
fulfillment.message_prefix = 'Hello world!'
fulfillment.max_dynamic_message_length = 32 # defaults to 0
assert fulfillment.condition.serialize_uri() == self.CONDITION_ED25519_ILP
assert binascii.hexlify(fulfillment.condition.hash) == self.HASH_ED25519_HEX_ILP
fulfillment.message = ' Conditions are here!'
# ED25519-SHA256 condition not fulfilled
assert fulfillment.validate() == False
# Fulfill an ED25519-SHA256 condition
fulfillment.sign(sk)
assert fulfillment.serialize_uri() == self.FULFILLMENT_ED25519_ILP
assert fulfillment.validate()
def test_deserialize_condition(self):
deserialized_condition = Condition.from_uri(self.CONDITION_ED25519_ILP)
assert deserialized_condition.serialize_uri() == self.CONDITION_ED25519_ILP
assert binascii.hexlify(deserialized_condition.hash) == self.HASH_ED25519_HEX_ILP
def test_serialize_deserialize_condition(self):
vk = ED25519PublicKey(self.PUBLIC_B58_ILP)
fulfillment = Ed25519Sha256Fulfillment()
fulfillment.public_key = vk
fulfillment.message_prefix = 'Hello world!'
fulfillment.max_dynamic_message_length = 32
condition = fulfillment.condition
deserialized_condition = Condition.from_uri(condition.serialize_uri())
assert deserialized_condition.bitmask == condition.bitmask
assert deserialized_condition.hash == condition.hash
assert deserialized_condition.max_fulfillment_length == condition.max_fulfillment_length
assert deserialized_condition.serialize_uri() == condition.serialize_uri()
def test_deserialize_fulfillment(self):
fulfillment = Fulfillment.from_uri(self.FULFILLMENT_ED25519_ILP)
assert fulfillment.serialize_uri() == self.FULFILLMENT_ED25519_ILP
assert fulfillment.condition.serialize_uri() == self.CONDITION_ED25519_ILP
assert binascii.hexlify(fulfillment.condition.hash) == self.HASH_ED25519_HEX_ILP
assert fulfillment.public_key.public_key.to_ascii(encoding='hex') == self.PUBLIC_HEX_ILP
assert fulfillment.validate()
def test_serializer_deserialize_fulfillment(self):
sk = ED25519PrivateKey(self.PRIVATE_B58_ILP)
vk = ED25519PublicKey(self.PUBLIC_B58_ILP)
fulfillment = Ed25519Sha256Fulfillment()
fulfillment.public_key = vk
fulfillment.message_prefix = 'Hello world!'
fulfillment.max_dynamic_message_length = 32 # defaults to 0
fulfillment.message = ' Conditions are here!'
fulfillment.sign(sk)
assert fulfillment.validate()
deserialized_fulfillment = Fulfillment.from_uri(fulfillment.serialize_uri())
assert deserialized_fulfillment.serialize_uri() == fulfillment.serialize_uri()
assert deserialized_fulfillment.condition.serialize_uri() == fulfillment.condition.serialize_uri()
assert deserialized_fulfillment.public_key.public_key.to_bytes() == fulfillment.public_key.public_key.to_bytes()
assert deserialized_fulfillment.validate()
class TestBigchainILPConditionSha256:
CONDITION_SHA256_ILP = 'cc:1:1:47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU:1'
def test_deserialize_condition(self):
example_condition = self.CONDITION_SHA256_ILP
condition = Condition.from_uri(example_condition)
assert condition.serialize_uri() == self.CONDITION_SHA256_ILP