Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added Verifier and Semver #8

Merged
merged 75 commits into from
Jan 11, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
75 commits
Select commit Hold shift + click to select a range
cd77a29
wip
wasabrot Dec 19, 2023
430e34a
wip
wasabrot Dec 19, 2023
3eac4d8
wipo
wasabrot Dec 19, 2023
49912db
wip
wasabrot Dec 19, 2023
716244b
wip
wasabrot Dec 19, 2023
94f86de
wip
wasabrot Dec 19, 2023
6af0454
wip
wasabrot Dec 19, 2023
9852308
wip
wasabrot Dec 19, 2023
0f12f20
wip
wasabrot Dec 19, 2023
1db59b0
wip
wasabrot Dec 19, 2023
b28e2ce
wip
wasabrot Dec 19, 2023
6cc3cab
wip
wasabrot Dec 19, 2023
90df8ae
wip
wasabrot Dec 19, 2023
619423f
wip
wasabrot Dec 19, 2023
65e38c1
wip
wasabrot Dec 19, 2023
9e823be
Merge branch 'main' into buildfile
wstrametz Jan 3, 2024
c01e206
fix build
wasabrot Jan 4, 2024
f2ff397
added verifier
wasabrot Jan 4, 2024
39747c2
clippy and fmt
wasabrot Jan 4, 2024
f52d2df
Merge branch 'main' into verifier
wasabrot Jan 4, 2024
c4bfd04
test rel-build
wasabrot Jan 5, 2024
cdb6eac
add build-release
wasabrot Jan 5, 2024
ee4c923
build release
wasabrot Jan 5, 2024
c9f6216
release build
wasabrot Jan 5, 2024
039b4ea
build release
wasabrot Jan 5, 2024
7fcacb8
self-host
wasabrot Jan 5, 2024
ddcb05d
build fix
wasabrot Jan 5, 2024
260f77d
build fix
wasabrot Jan 5, 2024
ed6b82a
build fix
wasabrot Jan 5, 2024
cb06700
buildfile
wasabrot Jan 5, 2024
527bbe0
bigfix github
wasabrot Jan 5, 2024
c3f084a
fix build
wasabrot Jan 5, 2024
5910f84
build bugfix
wasabrot Jan 5, 2024
31ee9d5
add versioning
wasabrot Jan 5, 2024
112a2dc
versioning
wasabrot Jan 5, 2024
45874d1
package tests
wasabrot Jan 5, 2024
bc62bcc
semver fix
wasabrot Jan 5, 2024
87654e2
docu and build test
wasabrot Jan 5, 2024
72f0e72
docu and verioning
wasabrot Jan 5, 2024
37266e4
semver
wasabrot Jan 5, 2024
cee98a0
semver
wasabrot Jan 5, 2024
ba30a50
semver
wasabrot Jan 5, 2024
7523cdc
semver
wasabrot Jan 5, 2024
ed066a6
semver
wasabrot Jan 5, 2024
8a1a9da
bugfix; test semver
wasabrot Jan 5, 2024
011a176
bugfix
wasabrot Jan 5, 2024
82a7aa1
buildfile
wasabrot Jan 5, 2024
3987953
Merge branch 'verifier' of github.com:element36-io/hyperfridge-r0 int…
wasabrot Jan 5, 2024
b7de2d3
autorelease build
wasabrot Jan 6, 2024
fb0f065
Merge branch 'verifier' of github.com:element36-io/hyperfridge-r0 int…
wasabrot Jan 6, 2024
84774b5
test build
wasabrot Jan 6, 2024
ac3de60
trigger 0.1.0 version
wasabrot Jan 6, 2024
ffb1eee
fix format; add docu
wasabrot Jan 6, 2024
13c3a23
Update .github/workflows/docker-build.yml
wasabrot Jan 7, 2024
7a5dbb2
Update docs/guest-hyperfridge.md
wasabrot Jan 7, 2024
8e48e63
Update docs/guest-hyperfridge.md
wasabrot Jan 7, 2024
5307aaf
removed method dep from verifier
wasabrot Jan 7, 2024
e25bd9a
Merge branch 'verifier' of github.com:element36-io/hyperfridge-r0 int…
wasabrot Jan 7, 2024
65ba8a5
cli for verifier
wasabrot Jan 8, 2024
7e384a7
added iban and multi-doc support
wasabrot Jan 8, 2024
0798281
added new camt file for testing
wasabrot Jan 8, 2024
21a822f
verifier - add info to receipt and multi-docs
wasabrot Jan 9, 2024
1efaca9
cli support
wasabrot Jan 9, 2024
d61bb0d
testing ci
wasabrot Jan 10, 2024
81c574d
testing ci
wasabrot Jan 10, 2024
f8101e2
test markdown links in gh
wasabrot Jan 11, 2024
7e835b2
adding cli support to host
wasabrot Jan 11, 2024
e37dca9
added cli to host
wasabrot Jan 11, 2024
1f478b3
delete tmp
wasabrot Jan 11, 2024
075dc61
add tmp to .gitignore
wasabrot Jan 11, 2024
c2e7f1f
update .gitignore
wasabrot Jan 11, 2024
05df210
clippy and fmt
wasabrot Jan 11, 2024
ba1273e
fmt
wasabrot Jan 11, 2024
5d299a0
clippy
wasabrot Jan 11, 2024
8a7b605
fmt
wasabrot Jan 11, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 49 additions & 21 deletions .github/workflows/docker-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,49 @@ name: Docker Build

on:
push:
branches: [ buildfile ]
branches: [ main ]

pull_request:
branches: [ main ]

jobs:
build:
runs-on: ubuntu-latest # , self-hosted
runs-on: ubuntu-latest # , l5, self-hosted
permissions:
contents: write
steps:
- name: Check out code
uses: actions/checkout@v2
uses: actions/checkout@v3

- name: Dry-run of Bump version and push tag, Minor version for each merge
if: github.event_name == 'pull_request'
uses: anothrNick/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
WITH_V: true
DEFAULT_BUMP: patch
DRY_RUN: true
VERBOSE: true
INITIAL_VERSION: 0.1.0

- name: Bump version and push tag, Minor version for each merge
if: github.event_name != 'pull_request'
uses: anothrNick/[email protected]
id: taggerRun
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
WITH_V: true
DEFAULT_BUMP: patch

- name: echo tag
if: github.event_name != 'pull_request'
run: |
echo "The current tag is: ${{ steps.taggerRun.outputs.new_tag }}"
- name: echo part
if: github.event_name != 'pull_request'
run: |
echo "The version increment was: ${{ steps.taggerRun.outputs.part }}"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
Expand All @@ -26,41 +59,36 @@ jobs:
- name: Build Docker image (manual)
run: |
docker build --no-cache -t e36io/hyperfridge-r0:${{ github.run_id }} .
# - name: Build Docker image
# uses: docker/build-push-action@v2
# with:
# no-cache: true
# context: .
# file: ./Dockerfile
# push: false
# load: true
# tags: e36io/hyperfridge-r0:${{ github.run_id }}
- name: Create and Run Temporary Container
run: |
docker create --name temp-container e36io/hyperfridge-r0:${{ github.run_id }}
docker cp temp-container:/host/out/IMAGE_ID.hex ./IMAGE_ID.hex
docker cp temp-container:/app/IMAGE_ID.hex ./IMAGE_ID.hex
docker cp temp-container:/app ./app
docker cp temp-container:/data ./data
docker rm temp-container
- name: Read the Image Tag
id: read_tag
run: echo "IMAGE_TAG=$(cat IMAGE_ID.hex)" >> $GITHUB_ENV

- name: Zip App and Data Directories to create a release
if: github.event_name != 'pull_request'
run: |
zip -r hyperfridge-${{ env.IMAGE_TAG }}-${{ steps.taggerRun.outputs.new_tag }}.zip ./app ./data
- name: Build and Push Docker image with custom tag
if: github.event_name != 'pull_request'
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
push: true
tags: e36io/hyperfridge-r0:${{ env.IMAGE_TAG }}
tags: e36io/hyperfridge-r0:${{ steps.taggerRun.outputs.new_tag }}-${{ env.IMAGE_TAG }}

- name: Create GitHub Tag
- name: Create GitHub Release with zipped binaries
if: github.event_name != 'pull_request'
run: |
git config --local user.email "[email protected]"
git config --local user.name "GitHub Action"
git tag ${{ env.IMAGE_TAG }}
git push origin ${{ env.IMAGE_TAG }}
gh release create ${{ steps.taggerRun.outputs.new_tag }}-${{ env.IMAGE_TAG }} hyperfridge-${{ env.IMAGE_TAG }}-${{ steps.taggerRun.outputs.new_tag }}.zip --title "Release Version ${{ steps.taggerRun.outputs.new_tag }} Image ID:${{ env.IMAGE_TAG }}"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
5 changes: 3 additions & 2 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,9 @@ data/*.bin
data/tmp/*
data/hello.txt
data/test.sh
host/out/IMAGE_ID.binary
host/out/IMAGE_ID.hex
data/test2/*


data/test/test.xml-Receipt-*
*.log
data/test/tmp/*
2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[workspace]
resolver = "2"
members = ["host", "methods"]
members = ["host", "methods", "verifier"]

# Always optimize; building and running the guest takes much longer without optimization.
[profile.dev]
Expand Down
28 changes: 21 additions & 7 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -6,19 +6,33 @@ RUN cargo risczero install

COPY data data
COPY host host
COPY verifier verifier
COPY methods methods
COPY Cargo.toml /
COPY rust-toolchain.toml /

# create directory holding generated Id of Computation which will be proved.
WORKDIR /host
RUN mkdir out; touch out/test.touch
RUN RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo test -- --nocapture
RUN mkdir out; touch out/test.touch; rm out/test.touch

WORKDIR /methods/guest
RUN RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo test --features debug_mode -- --nocapture
WORKDIR /
RUN RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo build --release
# creates fake proof for test data, so that calling "verifier" without parameters works
RUN RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo test --release -- --nocapture

RUN ls -la /host
# Final Stage - Alpine Image
FROM debian:bookworm-slim as runtime
#FROM alpine:latest as runteim
# add glibc
# RUN apk --no-cache add ca-certificates libgcc gcompat

#COPY host/out host/out
# Copy the compiled binaries from the build stage
COPY --from=build /target/release/host /app/host
COPY --from=build /target/release/verifier /app/verifier
COPY --from=build /target/riscv-guest/riscv32im-risc0-zkvm-elf/release/hyperfridge /app/hyperfridge
COPY --from=build /host/out/IMAGE_ID.hex /app/IMAGE_ID.hex
COPY --from=build /data /data

CMD ["RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo run -- --nocapture "]
WORKDIR /app

CMD ["./verifier"]
43 changes: 40 additions & 3 deletions README2.md
Original file line number Diff line number Diff line change
@@ -1,15 +1,32 @@
# Todos

- check for libs, eg. serde is double
- use risc0 sha --> check for more
- Paper: plug-in TradFi assets like Fiat accounts, and portfolios. Sepa, Indian, british

# How to run with test data

```bash
cd host
RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo build --
RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo build --release --
RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo test --
RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo test -- --nocapture
RUST_BACKTRACE=1 cargo run -- ../data/test/test.xml ../data/bank_public.pem ../data/client.pem

RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo run -- --verbose proveraw -r "../data/test/test.xml" -b "../data/bank_public.pem" -c "../data/client.pem" -i CH4308307000289537312

RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo run -- --verbose prove-camt -r "./test/test.xml" -b "./bank_public.pem" -c "./client.pem" -i CH4308307000289537312

RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo run -- --verbose prove-camt53 -r "../data/test/test.xml" -b "../data/bank_public.pem" -c "../data/client.pem" -i CH4308307000289537312 --script "../data/checkResponse.sh"

RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo run -- --verbose test

date && RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo run -- ../data/test/test.xml ../data/bank_public.pem ../data/client.pem CH4308307000289537312 > "create-receipt-$(date).log" && date

```

Run tests for verifier - need to enable main function with feature flag:

Run tests for verifier - need to enable main function with feature flag, use RUST_LOG="executor=info" as needed.

```bash
cd methods/guest
Expand All @@ -18,9 +35,15 @@ RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo test --features debug_mode
RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo test --features debug_mode -- --nocapture
```

RUST_LOG="executor=info"
When pushing run clippy and fmt:

```bash
cargo fmt --all
cargo fmt --all -- --check
RISC0_SKIP_BUILD=true cargo clippy

cargo doc --no-deps --open
```

Generate coverage data

Expand All @@ -31,6 +54,20 @@ RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo tarpaulin --features debug_mode
RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo test --features debug_mode -- --nocapture
```

## gernate documentation

```bash

(cd host && \
cargo run -- --markdown-help > ../docs/verifier-cli.md && \
cargo doc --no-deps --document-private-items --open
)

# with output
RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo test --features debug_mode -- --nocapture
```


# Unstructured notes

cd /host
Expand Down
71 changes: 40 additions & 31 deletions data/checkResponse.sh
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,20 @@ if [ -z "${xml_file}" ]; then
echo "xml_file variable is not set. Set to default."
xml_file="response_template.xml"
fi
dir_name="${xml_file%.xml}"
xml_file_stem=$(basename "$xml_file")

if [ ! -d "$dir_name" ]; then
mkdir "$dir_name"
if [ -z "${dir_name}" ]; then
echo "xml_dir variable is not set. Set to default."
dir_name="${xml_file%.xml}"
fi

echo "....xxxxxx$dir_name"

mkdir -p "$dir_name"
mkdir -p "${dir_name}/tmp"

ls -la "${dir_name}/tmp"

if [ -z "${pem_file}" ]; then
echo "pem_file variable for bank public key X002 is not set. Set to default."
pem_file="productive_bank_x002.pem"
Expand All @@ -36,17 +44,17 @@ if [ -z "${private_pem_file}" ]; then
private_pem_file="../secrets/e002_private_key.pem"
fi

decrypted_file="$dir_name/orderdata_decrypted.zip"
decrypted_file="$dir_name/tmp/${xml_file_stem}_payload_camt53_decrypted.zip"

openssl rsa -in $private_pem_file -check -noout
openssl rsa -pubin -in $pem_file -text -noout > ./tmp/${pem_file}.txt
#openssl rsa -pubin -in $pem_file -text -noout > ${dir_name}/tmp/${pem_file}.txt

# Generate timestamp
timestamp=$(date +%Y%m%d%H%M%S)

# Assign parameters to variables
header_file=$dir_name/$xml_file-authenticated
signedinfo_file=$dir_name/$xml_file-c14n-signedinfo
header_file=$dir_name/${xml_file_stem}-authenticated
signedinfo_file=$dir_name/${xml_file_stem}-c14n-signedinfo

echo xml_file: $xml_file public key bank: $pem_file private key client: $private_pem_file

Expand All @@ -55,7 +63,7 @@ echo xml_file: $xml_file public key bank: $pem_file private key client: $privat
# which is in the case of ebics <header authenticate="true">
# digest is base64 string in DigestValue.
expected_digest=$(awk '/<ds:DigestValue>/,/<\/ds:DigestValue>/' "$xml_file" | sed 's/.*<ds:DigestValue>//' | sed 's/<\/ds:DigestValue>.*$//' | tr -d '\n')
echo "$expected_digest" > $dir_name/$xml_file-DigestInfo-value
echo "$expected_digest" > $dir_name/tmp/$xml_file_stem-DigestInfo-value
# Base64 --> binary --> hex
expected_digest_hex=$(echo $expected_digest | openssl enc -d -a -A | xxd -p -c256)

Expand Down Expand Up @@ -99,17 +107,17 @@ fi
export add_namespaces=" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\""
# need to be 2 steps, because xmllint would remove this unneeded one but the standard sais all top-level need to be included
export add_namespaces2=" xmlns=\"http://www.ebics.org/H003\""
perl -ne 'print $1 if /(<ds:SignedInfo.*<\/ds:SignedInfo>)/' "$xml_file" | sed "s+<ds:SignedInfo+<ds:SignedInfo${add_namespaces}+" | xmllint -exc-c14n - | sed "s+<ds:SignedInfo+<ds:SignedInfo${add_namespaces2}+" > "$dir_name/${xml_file}-SignedInfo"
signedinfo_digest_file="./tmp/signedinfo_digest_$timestamp.bin"
openssl dgst -sha256 -binary "$dir_name/${xml_file}-SignedInfo" > "$signedinfo_digest_file"
perl -ne 'print $1 if /(<ds:SignedInfo.*<\/ds:SignedInfo>)/' "$xml_file" | sed "s+<ds:SignedInfo+<ds:SignedInfo${add_namespaces}+" | xmllint -exc-c14n - | sed "s+<ds:SignedInfo+<ds:SignedInfo${add_namespaces2}+" > "$dir_name/${xml_file_stem}-SignedInfo"
signedinfo_digest_file="${dir_name}/tmp/signedinfo_digest_$timestamp.bin"
openssl dgst -sha256 -binary "$dir_name/${xml_file_stem}-SignedInfo" > "$signedinfo_digest_file"
echo "created digest for SignedInfo from XML, now checking Signature"

perl -ne 'print $1 if /(<ds:SignatureValue.*<\/ds:SignatureValue>)/' "$xml_file" > $dir_name/$xml_file-SignatureValue
perl -ne 'print $1 if /(<ds:SignatureValue.*<\/ds:SignatureValue>)/' "$xml_file" > $dir_name/$xml_file_stem-SignatureValue
# Create file names with timestamp
awk '/<ds:SignatureValue>/,/<\/ds:SignatureValue>/' $xml_file | sed 's/.*<ds:SignatureValue>//' | sed 's/<\/ds:SignatureValue>.*$//' | tr -d '\n' > "$dir_name/${xml_file}-SignatureValue-value"
awk '/<ds:SignatureValue>/,/<\/ds:SignatureValue>/' $xml_file | sed 's/.*<ds:SignatureValue>//' | sed 's/<\/ds:SignatureValue>.*$//' | tr -d '\n' > "$dir_name/tmp/${xml_file_stem}-SignatureValue-value"
#echo signature value from xml as base64: $signature_base64
signature_file="./tmp/signature_$timestamp.bin"
cat $dir_name/${xml_file}-SignatureValue-value | openssl enc -d -a -A -out $signature_file
signature_file="${dir_name}/tmp/signature_$timestamp.bin"
cat $dir_name/tmp/${xml_file_stem}-SignatureValue-value | openssl enc -d -a -A -out $signature_file

echo "check signature with public key from bank $pem_file"
# needs X002 from bank
Expand All @@ -124,16 +132,16 @@ echo "hash of signature bin file:" $(openssl dgst -r -sha256 "$signature_file")

# decript and unzip base64 data
# Base64 decoding, Decrypting, Decompressing, Verifying the signature
awk '/<TransactionKey>/,/<\/TransactionKey>/' $xml_file | sed 's/.*<TransactionKey>//' | sed 's/<\/TransactionKey>.*$//' | tr -d '\n' > "$dir_name/${xml_file}-TransactionKey"
awk '/<OrderData>/,/<\/OrderData>/' $xml_file | sed 's/.*<OrderData>//' | sed 's/<\/OrderData>.*$//' | tr -d '\n' > "$dir_name/${xml_file}-OrderData-value"
perl -ne 'print $1 if /(<OrderData.*<\/OrderData>)/' $xml_file > "$dir_name/${xml_file}-OrderData"
awk '/<TransactionKey>/,/<\/TransactionKey>/' $xml_file | sed 's/.*<TransactionKey>//' | sed 's/<\/TransactionKey>.*$//' | tr -d '\n' > "$dir_name/${xml_file_stem}-TransactionKey"
awk '/<OrderData>/,/<\/OrderData>/' $xml_file | sed 's/.*<OrderData>//' | sed 's/<\/OrderData>.*$//' | tr -d '\n' > "$dir_name/tmp/${xml_file_stem}-OrderData-value"
perl -ne 'print $1 if /(<OrderData.*<\/OrderData>)/' $xml_file > "$dir_name/${xml_file_stem}-OrderData"

# the transaction key is ecrypted with the clients public key - so first we have to decrypt the
# tx key before we can use it for decrypting the payload.
encrypted_txkey_file_bin="./tmp/${timestamp}_encrypted_transaction_key.bin"
cat "$dir_name/${xml_file}-TransactionKey" | base64 --decode > ${encrypted_txkey_file_bin}
encrypted_txkey_file_bin="${dir_name}/tmp/${timestamp}_encrypted_transaction_key.bin"
cat "$dir_name/${xml_file_stem}-TransactionKey" | base64 --decode > ${encrypted_txkey_file_bin}

decrypted_txkey_file_bin="./tmp/${timestamp}_transaction_key.bin"
decrypted_txkey_file_bin="${dir_name}/tmp/${timestamp}_transaction_key.bin"
# PKCS#1 page 265, process for asymmetrical encryption of the transaction key
[ $(stat --format=%s "$encrypted_txkey_file_bin") -eq 256 ] || { echo "Wrong filesize of encrypted tx key"; exit 1; }
openssl pkeyutl -decrypt -in "${encrypted_txkey_file_bin}" -out "${decrypted_txkey_file_bin}" -inkey $private_pem_file -pkeyopt rsa_padding_mode:pkcs1
Expand Down Expand Up @@ -162,8 +170,8 @@ fi
# openssl enc -d -aes-128-cbc -nopad -in orderdata_decoded.bin -out $decrypted_file -K ${transaction_key_hex} -iv 00000000000000000000000000000000
# but openssl does not handle ISO10126Padding, so use -nopad and do the padding manually

orderdata_bin_file="./tmp/${timestamp}_orderdata_decoded.bin"
cat "$dir_name/${xml_file}-OrderData-value" | tr -d '\n' | base64 --decode > $orderdata_bin_file
orderdata_bin_file="${dir_name}/tmp/${timestamp}_orderdata_decoded.bin"
cat "$dir_name/tmp/${xml_file_stem}-OrderData-value" | tr -d '\n' | base64 --decode > $orderdata_bin_file

openssl enc -d -aes-128-cbc -nopad -in $orderdata_bin_file -out $decrypted_file -K ${transaction_key_hex} -iv 00000000000000000000000000000000
# openssl enc -d -aes-128-cbc -nopad -in orderdata_decoded.bin -out $decrypted_file -pass file:transaction_key.bin -iv 00000000000000000000000000000000
Expand Down Expand Up @@ -195,25 +203,26 @@ else
fi
# check Signature
# First we need need order data digest in binary format
orderdata_signature_output_file="./tmp/orderdata_signaturecheck_$timestamp.bin"
orderdata_digest_file="./tmp/orderdata_digescheck_$timestamp.bin"
orderdata_signature_output_file="${dir_name}/tmp/orderdata_signaturecheck_$timestamp.bin"
orderdata_digest_file="${dir_name}/tmp/orderdata_digescheck_$timestamp.bin"
# we need the digest as a digest file; digest again with -binary
openssl dgst -sha256 -binary -r $orderdata_bin_file > "$orderdata_digest_file"
orderdata_signature_file="./tmp/orderdata_signature_$timestamp.bin"
orderdata_signature_file="${dir_name}/tmp/orderdata_signature_$timestamp.bin"
# signature value from xml
orderdata_signature_value=$(awk '/<SignatureData authenticate="true">/,/<\/SignatureData>/' "$xml_file" | sed 's/.*<SignatureData authenticate="true">//' | sed 's/<\/SignatureData>.*$//' | tr -d '\n')
# convert from base64 to binary openssl format
echo "$orderdata_signature_value" | openssl enc -d -a -A -out $orderdata_signature_file
echo "Verify Signature of OrderData (Payload):"
openssl pkeyutl -verify -in "$orderdata_digest_file" -sigfile "$orderdata_signature_file" -pkeyopt rsa_padding_mode:pk1 -pkeyopt digest:sha256 -pubin -keyform PEM -inkey "$pem_file"
# extract DataDigest
perl -ne 'print $1 if /(<DataDigest.*<\/DataDigest>)/' $xml_file > "$dir_name/${xml_file}-DataDigest"
perl -ne 'print $1 if /(<DataDigest.*<\/DataDigest>)/' $xml_file > "$dir_name/${xml_file_stem}-DataDigest"

# the result is a compressed binary using standard RFC 1951 which is just (de)compressing a stream
zlib-flate -uncompress < $decrypted_file > $dir_name/$xml_file.zip
echo "size $(stat -c %s "$dir_name/$xml_file.zip") hash of zip file:" $(openssl dgst -sha256 -r "$dir_name/$xml_file.zip")
payload_file="${dir_name}/tmp/${xml_file_stem}_payload_camt53.zip"
zlib-flate -uncompress < $decrypted_file > $payload_file
echo "size $(stat -c %s "$dir_name/$xml_file_stem.zip") hash of zip file:" $(openssl dgst -sha256 -r "$payload_file")
# The uncompressed stream is then a zip file which holds the filenames.. so its actually compressed twice.
unzip -o $dir_name/$xml_file.zip -d ./$dir_name/camt53/
unzip -o $payload_file -d ./$dir_name/camt53/

# For speeding up development - copy decrypted transation key
cp -v ${decrypted_txkey_file_bin}-raw ./$dir_name/$xml_file-decrypted_tx_key.binary
cp -v ${decrypted_txkey_file_bin}-raw ./$dir_name/$xml_file_stem-decrypted_tx_key.binary
Loading