Beispiel #1
0
def generateAesKeys():
    params = AesKeyParams()
    memberDecryptKey = AesAlgorithm.generateKey(params)
    decryptionKeyBlob = memberDecryptKey.getKeyBits()
    memberEncryptKey = AesAlgorithm.deriveEncryptKey(decryptionKeyBlob)
    encryptionKeyBlob = memberEncryptKey.getKeyBits()

    return (encryptionKeyBlob, decryptionKeyBlob)
Beispiel #2
0
def generateAesKeys():
    params = AesKeyParams()
    memberDecryptKey = AesAlgorithm.generateKey(params)
    decryptionKeyBlob = memberDecryptKey.getKeyBits()
    memberEncryptKey = AesAlgorithm.deriveEncryptKey(decryptionKeyBlob)
    encryptionKeyBlob = memberEncryptKey.getKeyBits()

    return (encryptionKeyBlob, decryptionKeyBlob)
Beispiel #3
0
    def test_database_functions(self):
        # Test construction.
        database = Sqlite3ProducerDb(self.databaseFilePath)

        # Create member.
        params = AesKeyParams(128)
        keyBlob1 = AesAlgorithm.generateKey(params).getKeyBits()
        keyBlob2 = AesAlgorithm.generateKey(params).getKeyBits()

        point1 = Schedule.fromIsoString("20150101T100000")
        point2 = Schedule.fromIsoString("20150102T100000")
        point3 = Schedule.fromIsoString("20150103T100000")
        point4 = Schedule.fromIsoString("20150104T100000")

        # Add keys into the database.
        database.addContentKey(point1, keyBlob1)
        database.addContentKey(point2, keyBlob1)
        database.addContentKey(point3, keyBlob2)

        # Throw an exception when adding a key to an existing time slot.
        with self.assertRaises(ProducerDb.Error):
            database.addContentKey(point1, keyBlob1)

        # Check has functions.
        self.assertEqual(True, database.hasContentKey(point1))
        self.assertEqual(True, database.hasContentKey(point2))
        self.assertEqual(True, database.hasContentKey(point3))
        self.assertEqual(False, database.hasContentKey(point4))

        # Get content keys.
        keyResult = database.getContentKey(point1)
        self.assertTrue(keyResult.equals(keyBlob1))

        keyResult = database.getContentKey(point3)
        self.assertTrue(keyResult.equals(keyBlob2))

        # Throw exception when there is no such time slot in the database.
        with self.assertRaises(ProducerDb.Error):
            database.getContentKey(point4)

        # Delete content keys.
        self.assertEqual(True, database.hasContentKey(point1))
        database.deleteContentKey(point1)
        self.assertEqual(False, database.hasContentKey(point1))

        # Delete at a non-existing time slot.
        try:
            database.deleteContentKey(point4)
        except Exception as ex:
            self.fail(
                "Unexpected error deleting a non-existing content key: " +
                repr(ex))
Beispiel #4
0
    def test_database_functions(self):
        # Test construction.
        database = Sqlite3ProducerDb(self.databaseFilePath)

        # Create member.
        params = AesKeyParams(128)
        keyBlob1 = AesAlgorithm.generateKey(params).getKeyBits()
        keyBlob2 = AesAlgorithm.generateKey(params).getKeyBits()

        point1 = Schedule.fromIsoString("20150101T100000")
        point2 = Schedule.fromIsoString("20150102T100000")
        point3 = Schedule.fromIsoString("20150103T100000")
        point4 = Schedule.fromIsoString("20150104T100000")

        # Add keys into the database.
        database.addContentKey(point1, keyBlob1)
        database.addContentKey(point2, keyBlob1)
        database.addContentKey(point3, keyBlob2)

        # Throw an exception when adding a key to an existing time slot.
        with self.assertRaises(ProducerDb.Error):
            database.addContentKey(point1, keyBlob1)

        # Check has functions.
        self.assertEqual(True, database.hasContentKey(point1))
        self.assertEqual(True, database.hasContentKey(point2))
        self.assertEqual(True, database.hasContentKey(point3))
        self.assertEqual(False, database.hasContentKey(point4))

        # Get content keys.
        keyResult = database.getContentKey(point1)
        self.assertTrue(keyResult.equals(keyBlob1))

        keyResult = database.getContentKey(point3)
        self.assertTrue(keyResult.equals(keyBlob2))

        # Throw exception when there is no such time slot in the database.
        with self.assertRaises(ProducerDb.Error):
            database.getContentKey(point4)

        # Delete content keys.
        self.assertEqual(True, database.hasContentKey(point1))
        database.deleteContentKey(point1)
        self.assertEqual(False, database.hasContentKey(point1))

        # Delete at a non-existing time slot.
        try:
            database.deleteContentKey(point4)
        except Exception as ex:
            self.fail("Unexpected error deleting a non-existing content key: " + repr(ex))
Beispiel #5
0
    def test_key_generation(self):
        keyParams = AesKeyParams(128)
        decryptKey = AesAlgorithm.generateKey(keyParams)
        encryptKey = AesAlgorithm.deriveEncryptKey(decryptKey.getKeyBits())

        plainBlob = Blob(PLAINTEXT, False)

        # Encrypt/decrypt data in AES_CBC with auto-generated IV.
        encryptParams = EncryptParams(EncryptAlgorithmType.AesCbc, 16)
        cipherBlob = AesAlgorithm.encrypt(encryptKey.getKeyBits(), plainBlob,
                                          encryptParams)
        receivedBlob = AesAlgorithm.decrypt(decryptKey.getKeyBits(),
                                            cipherBlob, encryptParams)
        self.assertTrue(receivedBlob.equals(plainBlob))
Beispiel #6
0
    def test_key_generation(self):
        keyParams = AesKeyParams(128)
        decryptKey = AesAlgorithm.generateKey(keyParams)
        encryptKey = AesAlgorithm.deriveEncryptKey(decryptKey.getKeyBits())

        plainBlob = Blob(PLAINTEXT, False)

        # Encrypt/decrypt data in AES_CBC with auto-generated IV.
        encryptParams = EncryptParams(EncryptAlgorithmType.AesCbc, 16)
        cipherBlob = AesAlgorithm.encrypt(
          encryptKey.getKeyBits(), plainBlob, encryptParams)
        receivedBlob = AesAlgorithm.decrypt(
          decryptKey.getKeyBits(), cipherBlob, encryptParams)
        self.assertTrue(receivedBlob.equals(plainBlob))
Beispiel #7
0
    def test_create_d_key_data(self):
        # Create the group manager.
        manager = GroupManager(
            Name("Alice"), Name("data_type"),
            Sqlite3GroupManagerDb(self.dKeyDatabaseFilePath), 2048, 1,
            self.keyChain)

        newCertificateBlob = self.certificate.wireEncode()
        newCertificate = IdentityCertificate()
        newCertificate.wireDecode(newCertificateBlob)

        # Encrypt the D-KEY.
        data = manager._createDKeyData(
            "20150825T000000", "20150827T000000", Name("/ndn/memberA/KEY"),
            self.decryptKeyBlob,
            newCertificate.getPublicKeyInfo().getKeyDer())

        # Verify the encrypted D-KEY.
        dataContent = data.getContent()

        # Get the nonce key.
        # dataContent is a sequence of the two EncryptedContent.
        encryptedNonce = EncryptedContent()
        encryptedNonce.wireDecode(dataContent)
        self.assertEqual(0, encryptedNonce.getInitialVector().size())
        self.assertEqual(EncryptAlgorithmType.RsaOaep,
                         encryptedNonce.getAlgorithmType())

        blobNonce = encryptedNonce.getPayload()
        decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
        nonce = RsaAlgorithm.decrypt(self.decryptKeyBlob, blobNonce,
                                     decryptParams)

        # Get the D-KEY.
        # Use the size of encryptedNonce to find the start of encryptedPayload.
        payloadContent = dataContent.buf()[encryptedNonce.wireEncode().size():]
        encryptedPayload = EncryptedContent()
        encryptedPayload.wireDecode(payloadContent)
        self.assertEqual(16, encryptedPayload.getInitialVector().size())
        self.assertEqual(EncryptAlgorithmType.AesCbc,
                         encryptedPayload.getAlgorithmType())

        decryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
        decryptParams.setInitialVector(encryptedPayload.getInitialVector())
        blobPayload = encryptedPayload.getPayload()
        largePayload = AesAlgorithm.decrypt(nonce, blobPayload, decryptParams)

        self.assertTrue(largePayload.equals(self.decryptKeyBlob))
Beispiel #8
0
    def test_content_symmetric_encrypt(self):
        for input in encryptorAesTestInputs:
            data = Data()
            Encryptor.encryptData(
              data, input.plainText, input.keyName, input.key, input.encryptParams)

            self.assertTrue(data.getName().equals(Name("/FOR").append(input.keyName)),
                            input.testName)

            self.assertTrue(input.encryptedContent.equals(data.getContent()),
                            input.testName)

            content = EncryptedContent()
            content.wireDecode(data.getContent())
            decryptedOutput = AesAlgorithm.decrypt(
              input.key, content.getPayload(), input.encryptParams)

            self.assertTrue(input.plainText.equals(decryptedOutput), input.testName)
    def test_create_d_key_data(self):
        # Create the group manager.
        manager = GroupManager(
          Name("Alice"), Name("data_type"),
          Sqlite3GroupManagerDb(self.dKeyDatabaseFilePath), 2048, 1,
          self.keyChain)

        newCertificateBlob = self.certificate.wireEncode()
        newCertificate = IdentityCertificate()
        newCertificate.wireDecode(newCertificateBlob)

        # Encrypt the D-KEY.
        data = manager._createDKeyData(
          "20150825T000000", "20150827T000000", Name("/ndn/memberA/KEY"),
          self.decryptKeyBlob, newCertificate.getPublicKeyInfo().getKeyDer())

        # Verify the encrypted D-KEY.
        dataContent = data.getContent()

        # Get the nonce key.
        # dataContent is a sequence of the two EncryptedContent.
        encryptedNonce = EncryptedContent()
        encryptedNonce.wireDecode(dataContent)
        self.assertEqual(0, encryptedNonce.getInitialVector().size())
        self.assertEqual(EncryptAlgorithmType.RsaOaep, encryptedNonce.getAlgorithmType())

        blobNonce = encryptedNonce.getPayload()
        decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
        nonce = RsaAlgorithm.decrypt(self.decryptKeyBlob, blobNonce, decryptParams)

        # Get the D-KEY.
        # Use the size of encryptedNonce to find the start of encryptedPayload.
        payloadContent = dataContent.buf()[encryptedNonce.wireEncode().size():]
        encryptedPayload = EncryptedContent()
        encryptedPayload.wireDecode(payloadContent)
        self.assertEqual(16, encryptedPayload.getInitialVector().size())
        self.assertEqual(EncryptAlgorithmType.AesCbc, encryptedPayload.getAlgorithmType())

        decryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
        decryptParams.setInitialVector(encryptedPayload.getInitialVector())
        blobPayload = encryptedPayload.getPayload()
        largePayload = AesAlgorithm.decrypt(nonce, blobPayload, decryptParams)

        self.assertTrue(largePayload.equals(self.decryptKeyBlob))
Beispiel #10
0
    def test_encryption_decryption(self):
        encryptParams = EncryptParams(EncryptAlgorithmType.AesEcb, 16)

        key = Blob(KEY, False)
        decryptKey = DecryptKey(key)
        encryptKey = AesAlgorithm.deriveEncryptKey(decryptKey.getKeyBits())

        # Check key loading and key derivation.
        self.assertTrue(encryptKey.getKeyBits().equals(key))
        self.assertTrue(decryptKey.getKeyBits().equals(key))

        plainBlob = Blob(PLAINTEXT, False)

        # Encrypt data in AES_ECB.
        cipherBlob = AesAlgorithm.encrypt(encryptKey.getKeyBits(), plainBlob,
                                          encryptParams)
        self.assertTrue(cipherBlob.equals(Blob(CIPHERTEXT_ECB, False)))

        # Decrypt data in AES_ECB.
        receivedBlob = AesAlgorithm.decrypt(decryptKey.getKeyBits(),
                                            cipherBlob, encryptParams)
        self.assertTrue(receivedBlob.equals(plainBlob))

        # Encrypt/decrypt data in AES_CBC with auto-generated IV.
        encryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
        cipherBlob = AesAlgorithm.encrypt(encryptKey.getKeyBits(), plainBlob,
                                          encryptParams)
        receivedBlob = AesAlgorithm.decrypt(decryptKey.getKeyBits(),
                                            cipherBlob, encryptParams)
        self.assertTrue(receivedBlob.equals(plainBlob))

        # Encrypt data in AES_CBC with specified IV.
        initialVector = Blob(INITIAL_VECTOR, False)
        encryptParams.setInitialVector(initialVector)
        cipherBlob = AesAlgorithm.encrypt(encryptKey.getKeyBits(), plainBlob,
                                          encryptParams)
        self.assertTrue(cipherBlob.equals(Blob(CIPHERTEXT_CBC_IV, False)))

        # Decrypt data in AES_CBC with specified IV.
        receivedBlob = AesAlgorithm.decrypt(decryptKey.getKeyBits(),
                                            cipherBlob, encryptParams)
        self.assertTrue(receivedBlob.equals(plainBlob))
Beispiel #11
0
    def test_encryption_decryption(self):
        encryptParams = EncryptParams(EncryptAlgorithmType.AesEcb, 16)

        key = Blob(KEY, False)
        decryptKey = DecryptKey(key)
        encryptKey = AesAlgorithm.deriveEncryptKey(decryptKey.getKeyBits())

        # Check key loading and key derivation.
        self.assertTrue(encryptKey.getKeyBits().equals(key))
        self.assertTrue(decryptKey.getKeyBits().equals(key))

        plainBlob = Blob(PLAINTEXT, False)

        # Encrypt data in AES_ECB.
        cipherBlob = AesAlgorithm.encrypt(
          encryptKey.getKeyBits(), plainBlob, encryptParams)
        self.assertTrue(cipherBlob.equals(Blob(CIPHERTEXT_ECB, False)))

        # Decrypt data in AES_ECB.
        receivedBlob = AesAlgorithm.decrypt(
          decryptKey.getKeyBits(), cipherBlob, encryptParams)
        self.assertTrue(receivedBlob.equals(plainBlob))

        # Encrypt/decrypt data in AES_CBC with auto-generated IV.
        encryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
        cipherBlob = AesAlgorithm.encrypt(
          encryptKey.getKeyBits(), plainBlob, encryptParams)
        receivedBlob = AesAlgorithm.decrypt(
          decryptKey.getKeyBits(), cipherBlob, encryptParams)
        self.assertTrue(receivedBlob.equals(plainBlob))

        # Encrypt data in AES_CBC with specified IV.
        initialVector = Blob(INITIAL_VECTOR, False)
        encryptParams.setInitialVector(initialVector)
        cipherBlob = AesAlgorithm.encrypt(
          encryptKey.getKeyBits(), plainBlob, encryptParams)
        self.assertTrue(cipherBlob.equals(Blob(CIPHERTEXT_CBC_IV, False)))

        # Decrypt data in AES_CBC with specified IV.
        receivedBlob = AesAlgorithm.decrypt(
          decryptKey.getKeyBits(), cipherBlob, encryptParams)
        self.assertTrue(receivedBlob.equals(plainBlob))
Beispiel #12
0
    def test_content_asymmetric_encrypt_large(self):
        for input in encryptorRsaTestInputs:
            largeContent = Blob(bytearray([
                0x73, 0x5a, 0xbd, 0x47, 0x0c, 0xfe, 0xf8, 0x7d,
                0x2e, 0x17, 0xaa, 0x11, 0x6f, 0x23, 0xc5, 0x10,
                0x23, 0x36, 0x88, 0xc4, 0x2a, 0x0f, 0x9a, 0x72,
                0x54, 0x31, 0xa8, 0xb3, 0x51, 0x18, 0x9f, 0x0e,
                0x1b, 0x93, 0x62, 0xd9, 0xc4, 0xf5, 0xf4, 0x3d,
                0x61, 0x9a, 0xca, 0x05, 0x65, 0x6b, 0xc6, 0x41,
                0xf9, 0xd5, 0x1c, 0x67, 0xc1, 0xd0, 0xd5, 0x6f,
                0x7b, 0x70, 0xb8, 0x8f, 0xdb, 0x19, 0x68, 0x7c,
                0xe0, 0x2d, 0x04, 0x49, 0xa9, 0xa2, 0x77, 0x4e,
                0xfc, 0x60, 0x0d, 0x7c, 0x1b, 0x93, 0x6c, 0xd2,
                0x61, 0xc4, 0x6b, 0x01, 0xe9, 0x12, 0x28, 0x6d,
                0xf5, 0x78, 0xe9, 0x99, 0x0b, 0x9c, 0x4f, 0x90,
                0x34, 0x3e, 0x06, 0x92, 0x57, 0xe3, 0x7a, 0x8f,
                0x13, 0xc7, 0xf3, 0xfe, 0xf0, 0xe2, 0x59, 0x48,
                0x15, 0xb9, 0xdb, 0x77, 0x07, 0x1d, 0x6d, 0xb5,
                0x65, 0x17, 0xdf, 0x76, 0x6f, 0xb5, 0x43, 0xde,
                0x71, 0xac, 0xf1, 0x22, 0xbf, 0xb2, 0xe5, 0xd9,
                0x22, 0xf1, 0x67, 0x76, 0x71, 0x0c, 0xff, 0x99,
                0x7b, 0x94, 0x9b, 0x24, 0x20, 0x80, 0xe3, 0xcc,
                0x06, 0x4a, 0xed, 0xdf, 0xec, 0x50, 0xd5, 0x87,
                0x3d, 0xa0, 0x7d, 0x9c, 0xe5, 0x13, 0x10, 0x98,
                0x14, 0xc3, 0x90, 0x10, 0xd9, 0x25, 0x9a, 0x59,
                0xe9, 0x37, 0x26, 0xfd, 0x87, 0xd7, 0xf4, 0xf9,
                0x11, 0x91, 0xad, 0x5c, 0x00, 0x95, 0xf5, 0x2b,
                0x37, 0xf7, 0x4e, 0xb4, 0x4b, 0x42, 0x7c, 0xb3,
                0xad, 0xd6, 0x33, 0x5f, 0x0b, 0x84, 0x57, 0x7f,
                0xa7, 0x07, 0x73, 0x37, 0x4b, 0xab, 0x2e, 0xfb,
                0xfe, 0x1e, 0xcb, 0xb6, 0x4a, 0xc1, 0x21, 0x5f,
                0xec, 0x92, 0xb7, 0xac, 0x97, 0x75, 0x20, 0xc9,
                0xd8, 0x9e, 0x93, 0xd5, 0x12, 0x7a, 0x64, 0xb9,
                0x4c, 0xed, 0x49, 0x87, 0x44, 0x5b, 0x4f, 0x90,
                0x34, 0x3e, 0x06, 0x92, 0x57, 0xe3, 0x7a, 0x8f,
                0x13, 0xc7, 0xf3, 0xfe, 0xf0, 0xe2, 0x59, 0x48,
                0x15, 0xb9, 0xdb, 0x77, 0x07, 0x1d, 0x6d, 0xb5,
                0x65, 0x17, 0xdf, 0x76, 0x6f, 0xb5, 0x43, 0xde,
                0x71, 0xac, 0xf1, 0x22, 0xbf, 0xb2, 0xe5, 0xd9
              ]), False)

            data = Data()
            rsaParams = RsaKeyParams(1024)

            keyName = Name("test")

            decryptKey = RsaAlgorithm.generateKey(rsaParams)
            encryptKey = RsaAlgorithm.deriveEncryptKey(decryptKey.getKeyBits())

            eKey = encryptKey.getKeyBits()
            dKey = decryptKey.getKeyBits()

            encryptParams = EncryptParams(input.type)
            Encryptor.encryptData(data, largeContent, keyName, eKey, encryptParams)

            self.assertTrue(data.getName().equals(Name("/FOR").append(keyName)),
                            input.testName)

            largeDataContent = data.getContent()

            # largeDataContent is a sequence of the two EncryptedContent.
            encryptedNonce = EncryptedContent()
            encryptedNonce.wireDecode(largeDataContent)
            self.assertTrue(keyName.equals(encryptedNonce.getKeyLocator().getKeyName()),
                            input.testName)
            self.assertEqual(encryptedNonce.getInitialVector().size(), 0,
                             input.testName)
            self.assertEqual(encryptedNonce.getAlgorithmType(), input.type,
                             input.testName)

            # Use the size of encryptedNonce to find the start of encryptedPayload.
            payloadContent = largeDataContent.buf()[encryptedNonce.wireEncode().size():]
            encryptedPayload = EncryptedContent()
            encryptedPayload.wireDecode(payloadContent)
            nonceKeyName = Name(keyName)
            nonceKeyName.append("nonce")
            self.assertTrue(nonceKeyName.equals(encryptedPayload.getKeyLocator().getKeyName()),
                            input.testName)
            self.assertEqual(encryptedPayload.getInitialVector().size(), 16,
                             input.testName)
            self.assertEqual(encryptedPayload.getAlgorithmType(), EncryptAlgorithmType.AesCbc,
                             input.testName)

            self.assertEqual(
              largeDataContent.size(),
              encryptedNonce.wireEncode().size() + encryptedPayload.wireEncode().size(),
              input.testName)

            blobNonce = encryptedNonce.getPayload()
            nonce = RsaAlgorithm.decrypt(dKey, blobNonce, encryptParams)

            encryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
            encryptParams.setInitialVector(encryptedPayload.getInitialVector())
            bufferPayload = encryptedPayload.getPayload()
            largePayload = AesAlgorithm.decrypt(nonce, bufferPayload, encryptParams)

            self.assertTrue(largeContent.equals(largePayload), input.testName)
Beispiel #13
0
    def test_get_group_key(self):
        # Create the group manager.
        manager = GroupManager(
            Name("Alice"), Name("data_type"),
            Sqlite3GroupManagerDb(self.groupKeyDatabaseFilePath), 1024, 1,
            self.keyChain)
        self.setManager(manager)

        # Get the data list from the group manager.
        timePoint1 = Schedule.fromIsoString("20150825T093000")
        result = manager.getGroupKey(timePoint1)

        self.assertEqual(4, len(result))

        # The first data packet contains the group's encryption key (public key).
        data = result[0]
        self.assertEqual(
            "/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000",
            data.getName().toUri())
        groupEKey = EncryptKey(data.getContent())

        # Get the second data packet and decrypt.
        data = result[1]
        self.assertEqual(
            "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123",
            data.getName().toUri())

        ####################################################### Start decryption.
        dataContent = data.getContent()

        # Get the nonce key.
        # dataContent is a sequence of the two EncryptedContent.
        encryptedNonce = EncryptedContent()
        encryptedNonce.wireDecode(dataContent)
        self.assertEqual(0, encryptedNonce.getInitialVector().size())
        self.assertEqual(EncryptAlgorithmType.RsaOaep,
                         encryptedNonce.getAlgorithmType())

        decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
        blobNonce = encryptedNonce.getPayload()
        nonce = RsaAlgorithm.decrypt(self.decryptKeyBlob, blobNonce,
                                     decryptParams)

        # Get the payload.
        # Use the size of encryptedNonce to find the start of encryptedPayload.
        payloadContent = dataContent.buf()[encryptedNonce.wireEncode().size():]
        encryptedPayload = EncryptedContent()
        encryptedPayload.wireDecode(payloadContent)
        self.assertEqual(16, encryptedPayload.getInitialVector().size())
        self.assertEqual(EncryptAlgorithmType.AesCbc,
                         encryptedPayload.getAlgorithmType())

        decryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
        decryptParams.setInitialVector(encryptedPayload.getInitialVector())
        blobPayload = encryptedPayload.getPayload()
        largePayload = AesAlgorithm.decrypt(nonce, blobPayload, decryptParams)

        # Get the group D-KEY.
        groupDKey = DecryptKey(largePayload)

        ####################################################### End decryption.

        # Check the D-KEY.
        derivedGroupEKey = RsaAlgorithm.deriveEncryptKey(
            groupDKey.getKeyBits())
        self.assertTrue(groupEKey.getKeyBits().equals(
            derivedGroupEKey.getKeyBits()))

        # Check the third data packet.
        data = result[2]
        self.assertEqual(
            "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberB/ksk-123",
            data.getName().toUri())

        # Check the fourth data packet.
        data = result[3]
        self.assertEqual(
            "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberC/ksk-123",
            data.getName().toUri())

        # Check invalid time stamps for getting the group key.
        timePoint2 = Schedule.fromIsoString("20150826T083000")
        self.assertEqual(0, len(manager.getGroupKey(timePoint2)))

        timePoint3 = Schedule.fromIsoString("20150827T023000")
        self.assertEqual(0, len(manager.getGroupKey(timePoint3)))
Beispiel #14
0
    def test_content_key_request(self):
        prefix = Name("/prefix")
        suffix = Name("/a/b/c")
        expectedInterest = Name(prefix)
        expectedInterest.append(Encryptor.NAME_COMPONENT_READ)
        expectedInterest.append(suffix)
        expectedInterest.append(Encryptor.NAME_COMPONENT_E_KEY)

        cKeyName = Name(prefix)
        cKeyName.append(Encryptor.NAME_COMPONENT_SAMPLE)
        cKeyName.append(suffix)
        cKeyName.append(Encryptor.NAME_COMPONENT_C_KEY)

        timeMarker = Name("20150101T100000/20150101T120000")
        testTime1 = Schedule.fromIsoString("20150101T100001")
        testTime2 = Schedule.fromIsoString("20150101T110001")
        testTimeRounded1 = Name.Component("20150101T100000")
        testTimeRounded2 = Name.Component("20150101T110000")
        testTimeComponent2 = Name.Component("20150101T110001")

        # Create content keys required for this test case:
        for i in range(suffix.size()):
            self.createEncryptionKey(expectedInterest, timeMarker)
            expectedInterest = expectedInterest.getPrefix(-2).append(
                Encryptor.NAME_COMPONENT_E_KEY)

        expressInterestCallCount = [0]

        # Prepare a TestFace to instantly answer calls to expressInterest.
        class TestFace(object):
            def __init__(self, handleExpressInterest):
                self.handleExpressInterest = handleExpressInterest

            def expressInterest(self, interest, onData, onTimeout,
                                onNetworkNack):
                return self.handleExpressInterest(interest, onData, onTimeout,
                                                  onNetworkNack)

        def handleExpressInterest(interest, onData, onTimeout, onNetworkNack):
            expressInterestCallCount[0] += 1

            interestName = Name(interest.getName())
            interestName.append(timeMarker)
            self.assertTrue(interestName in self.encryptionKeys)
            onData(interest, self.encryptionKeys[interestName])

            return 0

        face = TestFace(handleExpressInterest)

        # Verify that the content key is correctly encrypted for each domain, and
        # the produce method encrypts the provided data with the same content key.
        testDb = Sqlite3ProducerDb(self.databaseFilePath)
        producer = Producer(prefix, suffix, face, self.keyChain, testDb)
        contentKey = [None]  # Blob

        def checkEncryptionKeys(result, testTime, roundedTime,
                                expectedExpressInterestCallCount):
            self.assertEqual(expectedExpressInterestCallCount,
                             expressInterestCallCount[0])

            self.assertEqual(True, testDb.hasContentKey(testTime))
            contentKey[0] = testDb.getContentKey(testTime)

            params = EncryptParams(EncryptAlgorithmType.RsaOaep)
            for i in range(len(result)):
                key = result[i]
                keyName = key.getName()
                self.assertEqual(cKeyName, keyName.getSubName(0, 6))
                self.assertEqual(keyName.get(6), roundedTime)
                self.assertEqual(keyName.get(7), Encryptor.NAME_COMPONENT_FOR)
                self.assertEqual(True,
                                 keyName.getSubName(8) in self.decryptionKeys)

                decryptionKey = self.decryptionKeys[keyName.getSubName(8)]
                self.assertEqual(True, decryptionKey.size() != 0)
                encryptedKeyEncoding = key.getContent()

                content = EncryptedContent()
                content.wireDecode(encryptedKeyEncoding)
                encryptedKey = content.getPayload()
                retrievedKey = RsaAlgorithm.decrypt(decryptionKey,
                                                    encryptedKey, params)

                self.assertTrue(contentKey[0].equals(retrievedKey))

            self.assertEqual(3, len(result))

        # An initial test to confirm that keys are created for this time slot.
        contentKeyName1 = producer.createContentKey(
            testTime1, lambda keys: checkEncryptionKeys(
                keys, testTime1, testTimeRounded1, 3))

        # Verify that we do not repeat the search for e-keys. The total
        #   expressInterestCallCount should be the same.
        contentKeyName2 = producer.createContentKey(
            testTime2, lambda keys: checkEncryptionKeys(
                keys, testTime2, testTimeRounded2, 3))

        # Confirm content key names are correct
        self.assertEqual(cKeyName, contentKeyName1.getPrefix(-1))
        self.assertEqual(testTimeRounded1, contentKeyName1.get(6))
        self.assertEqual(cKeyName, contentKeyName2.getPrefix(-1))
        self.assertEqual(testTimeRounded2, contentKeyName2.get(6))

        # Confirm that produce encrypts with the correct key and has the right name.
        testData = Data()
        producer.produce(testData, testTime2, Blob(DATA_CONTENT, False))

        producedName = testData.getName()
        self.assertEqual(cKeyName.getPrefix(-1), producedName.getSubName(0, 5))
        self.assertEqual(testTimeComponent2, producedName.get(5))
        self.assertEqual(Encryptor.NAME_COMPONENT_FOR, producedName.get(6))
        self.assertEqual(cKeyName, producedName.getSubName(7, 6))
        self.assertEqual(testTimeRounded2, producedName.get(13))

        dataBlob = testData.getContent()

        dataContent = EncryptedContent()
        dataContent.wireDecode(dataBlob)
        encryptedData = dataContent.getPayload()
        initialVector = dataContent.getInitialVector()

        params = EncryptParams(EncryptAlgorithmType.AesCbc, 16)
        params.setInitialVector(initialVector)
        decryptTest = AesAlgorithm.decrypt(contentKey[0], encryptedData,
                                           params)
        self.assertTrue(decryptTest.equals(Blob(DATA_CONTENT, False)))
Beispiel #15
0
    def test_get_group_key(self):
        # Create the group manager.
        manager = GroupManager(
          Name("Alice"), Name("data_type"),
          Sqlite3GroupManagerDb(self.groupKeyDatabaseFilePath), 1024, 1,
          self.keyChain)
        self.setManager(manager)

        # Get the data list from the group manager.
        timePoint1 = Schedule.fromIsoString("20150825T093000")
        result = manager.getGroupKey(timePoint1)

        self.assertEqual(4, len(result))

        # The first data packet contains the group's encryption key (public key).
        data = result[0]
        self.assertEqual(
          "/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000",
          data.getName().toUri())
        groupEKey = EncryptKey(data.getContent())

        # Get the second data packet and decrypt.
        data = result[1]
        self.assertEqual(
          "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123",
          data.getName().toUri())

        ####################################################### Start decryption.
        dataContent = data.getContent()

        # Get the nonce key.
        # dataContent is a sequence of the two EncryptedContent.
        encryptedNonce = EncryptedContent()
        encryptedNonce.wireDecode(dataContent)
        self.assertEqual(0, encryptedNonce.getInitialVector().size())
        self.assertEqual(EncryptAlgorithmType.RsaOaep, encryptedNonce.getAlgorithmType())

        decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
        blobNonce = encryptedNonce.getPayload()
        nonce = RsaAlgorithm.decrypt(self.decryptKeyBlob, blobNonce, decryptParams)

        # Get the payload.
        # Use the size of encryptedNonce to find the start of encryptedPayload.
        payloadContent = dataContent.buf()[encryptedNonce.wireEncode().size():]
        encryptedPayload = EncryptedContent()
        encryptedPayload.wireDecode(payloadContent)
        self.assertEqual(16, encryptedPayload.getInitialVector().size())
        self.assertEqual(EncryptAlgorithmType.AesCbc, encryptedPayload.getAlgorithmType())

        decryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
        decryptParams.setInitialVector(encryptedPayload.getInitialVector())
        blobPayload = encryptedPayload.getPayload()
        largePayload = AesAlgorithm.decrypt(nonce, blobPayload, decryptParams)

        # Get the group D-KEY.
        groupDKey = DecryptKey(largePayload)

        ####################################################### End decryption.

        # Check the D-KEY.
        derivedGroupEKey = RsaAlgorithm.deriveEncryptKey(groupDKey.getKeyBits())
        self.assertTrue(groupEKey.getKeyBits().equals(derivedGroupEKey.getKeyBits()))

        # Check the third data packet.
        data = result[2]
        self.assertEqual(
          "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberB/ksk-123",
          data.getName().toUri())

        # Check the fourth data packet.
        data = result[3]
        self.assertEqual(
          "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberC/ksk-123",
          data.getName().toUri())

        # Check invalid time stamps for getting the group key.
        timePoint2 = Schedule.fromIsoString("20150826T083000")
        self.assertEqual(0, len(manager.getGroupKey(timePoint2)))

        timePoint3 = Schedule.fromIsoString("20150827T023000")
        self.assertEqual(0, len(manager.getGroupKey(timePoint3)))
Beispiel #16
0
    def test_content_key_request(self):
        prefix = Name("/prefix")
        suffix = Name("/a/b/c")
        expectedInterest = Name(prefix)
        expectedInterest.append(Encryptor.NAME_COMPONENT_READ)
        expectedInterest.append(suffix)
        expectedInterest.append(Encryptor.NAME_COMPONENT_E_KEY)

        cKeyName = Name(prefix)
        cKeyName.append(Encryptor.NAME_COMPONENT_SAMPLE)
        cKeyName.append(suffix)
        cKeyName.append(Encryptor.NAME_COMPONENT_C_KEY)

        timeMarker = Name("20150101T100000/20150101T120000")
        testTime1 = Schedule.fromIsoString("20150101T100001")
        testTime2 = Schedule.fromIsoString("20150101T110001")
        testTimeRounded1 = Name.Component("20150101T100000")
        testTimeRounded2 = Name.Component("20150101T110000")

        # Create content keys required for this test case:
        for i in range(suffix.size()):
          self.createEncryptionKey(expectedInterest, timeMarker)
          expectedInterest = expectedInterest.getPrefix(-2).append(
            Encryptor.NAME_COMPONENT_E_KEY)

        expressInterestCallCount = [0]

        # Prepare a TestFace to instantly answer calls to expressInterest.
        class TestFace(object):
            def __init__(self, handleExpressInterest):
                self.handleExpressInterest = handleExpressInterest
            def expressInterest(self, interest, onData, onTimeout):
                return self.handleExpressInterest(interest, onData, onTimeout)

        def handleExpressInterest(interest, onData, onTimeout):
            expressInterestCallCount[0] += 1

            interestName = Name(interest.getName())
            interestName.append(timeMarker)
            self.assertTrue(interestName in self.encryptionKeys)
            onData(interest, self.encryptionKeys[interestName])

            return 0
        face = TestFace(handleExpressInterest)

        # Verify that the content key is correctly encrypted for each domain, and
        # the produce method encrypts the provided data with the same content key.
        testDb = Sqlite3ProducerDb(self.databaseFilePath)
        producer = Producer(prefix, suffix, face, self.keyChain, testDb)
        contentKey = [None] # Blob

        def checkEncryptionKeys(
          result, testTime, roundedTime, expectedExpressInterestCallCount):
            self.assertEqual(expectedExpressInterestCallCount,
                             expressInterestCallCount[0])

            self.assertEqual(True, testDb.hasContentKey(testTime))
            contentKey[0] = testDb.getContentKey(testTime)

            params = EncryptParams(EncryptAlgorithmType.RsaOaep)
            for i in range(len(result)):
                key = result[i]
                keyName = key.getName()
                self.assertEqual(cKeyName, keyName.getSubName(0, 6))
                self.assertEqual(keyName.get(6), roundedTime)
                self.assertEqual(keyName.get(7), Encryptor.NAME_COMPONENT_FOR)
                self.assertEqual(
                  True, keyName.getSubName(8) in self.decryptionKeys)

                decryptionKey = self.decryptionKeys[keyName.getSubName(8)]
                self.assertEqual(True, decryptionKey.size() != 0)
                encryptedKeyEncoding = key.getContent()

                content = EncryptedContent()
                content.wireDecode(encryptedKeyEncoding)
                encryptedKey = content.getPayload()
                retrievedKey = RsaAlgorithm.decrypt(
                  decryptionKey, encryptedKey, params)

                self.assertTrue(contentKey[0].equals(retrievedKey))

            self.assertEqual(3, len(result))

        # An initial test to confirm that keys are created for this time slot.
        contentKeyName1 = producer.createContentKey(
          testTime1,
          lambda keys: checkEncryptionKeys(keys, testTime1, testTimeRounded1, 3))

        # Verify that we do not repeat the search for e-keys. The total
        #   expressInterestCallCount should be the same.
        contentKeyName2 = producer.createContentKey(
          testTime2,
          lambda keys: checkEncryptionKeys(keys, testTime2, testTimeRounded2, 3))

        # Confirm content key names are correct
        self.assertEqual(cKeyName, contentKeyName1.getPrefix(-1))
        self.assertEqual(testTimeRounded1, contentKeyName1.get(6))
        self.assertEqual(cKeyName, contentKeyName2.getPrefix(-1))
        self.assertEqual(testTimeRounded2, contentKeyName2.get(6))

        # Confirm that produce encrypts with the correct key and has the right name.
        testData = Data()
        producer.produce(testData, testTime2, Blob(DATA_CONTENT, False))

        producedName = testData.getName()
        self.assertEqual(cKeyName.getPrefix(-1), producedName.getSubName(0, 5))
        self.assertEqual(testTimeRounded2, producedName.get(5))
        self.assertEqual(Encryptor.NAME_COMPONENT_FOR, producedName.get(6))
        self.assertEqual(cKeyName, producedName.getSubName(7, 6))
        self.assertEqual(testTimeRounded2, producedName.get(13))

        dataBlob = testData.getContent()

        dataContent = EncryptedContent()
        dataContent.wireDecode(dataBlob)
        encryptedData = dataContent.getPayload()
        initialVector = dataContent.getInitialVector()

        params = EncryptParams(EncryptAlgorithmType.AesCbc, 16)
        params.setInitialVector(initialVector)
        decryptTest = AesAlgorithm.decrypt(contentKey[0], encryptedData, params)
        self.assertTrue(decryptTest.equals(Blob(DATA_CONTENT, False)))