Ursula now signs cfrag and capsule.

2018-10-27 21:37:43 +02:00 · 2018-10-27 21:37:43 +02:00 · 7bf4b0629d
parent ab9beea3d2
commit 7bf4b0629d
3 changed files with 6 additions and 10 deletions
--- a/nucypher/crypto/api.py
+++ b/nucypher/crypto/api.py
@ -1,8 +1,8 @@
-import os
+import datetime
 from ipaddress import IPv4Address
 from random import SystemRandom
+from typing import Tuple

-import datetime
 import sha3
 from constant_sorrow import constants
 from cryptography import x509
@ -12,10 +12,8 @@ from cryptography.hazmat.backends.openssl.ec import _EllipticCurvePrivateKey
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives.asymmetric import ec
 from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurve
-from cryptography.hazmat.primitives.serialization import Encoding
 from cryptography.x509 import Certificate
 from cryptography.x509.oid import NameOID
-from typing import Tuple
 from umbral import pre
 from umbral.keys import UmbralPrivateKey, UmbralPublicKey

@ -120,7 +118,6 @@ def generate_self_signed_certificate(host: str,
                                     private_key: _EllipticCurvePrivateKey = None,
                                     days_valid: int = 365
                                     ) -> Tuple[Certificate, _EllipticCurvePrivateKey]:
-
    if not private_key:
        private_key = ec.generate_private_key(curve, default_backend())

@ -128,8 +125,8 @@ def generate_self_signed_certificate(host: str,

    now = datetime.datetime.utcnow()
    subject = issuer = x509.Name([
-             x509.NameAttribute(NameOID.COMMON_NAME, host),
-        ])
+        x509.NameAttribute(NameOID.COMMON_NAME, host),
+    ])
    cert = x509.CertificateBuilder().subject_name(subject)
    cert = cert.issuer_name(issuer)
    cert = cert.public_key(public_key)
@ -148,7 +145,6 @@ def encrypt_and_sign(recipient_pubkey_enc: UmbralPublicKey,
                     signer: 'SignatureStamp',
                     sign_plaintext: bool = True
                     ) -> Tuple[UmbralMessageKit, 'SignatureStamp']:
-
    if signer is not constants.DO_NOT_SIGN:
        # The caller didn't expressly tell us not to sign; we'll sign.
        if sign_plaintext:
--- a/nucypher/network/middleware.py
+++ b/nucypher/network/middleware.py
@ -99,7 +99,7 @@ class RestMiddleware:
        cfrags_and_signatures = BytestringSplitter((CapsuleFrag, VariableLengthBytestring), Signature).repeat(
            ursula_rest_response.content)
        cfrags = work_order.complete(
-            cfrags_and_signatures)  # TODO: We'll do verification of Ursula's signature here.  #141
+            cfrags_and_signatures)
        return cfrags

    def get_competitive_rate(self):
--- a/nucypher/network/server.py
+++ b/nucypher/network/server.py
@ -250,7 +250,7 @@ class ProxyRESTRoutes:
            capsule.set_correctness_keys(verifying=alices_verifying_key)
            cfrag = pre.reencrypt(kfrag, capsule, metadata=capsule_signed_by_both)
            self.log.info("Re-encrypting for {}, made {}.".format(capsule, cfrag))
-            signature = self._stamp(bytes(cfrag))
+            signature = self._stamp(bytes(cfrag) + bytes(capsule))
            cfrag_byte_stream += VariableLengthBytestring(cfrag) + signature

        # TODO: Put this in Ursula's datastore