def createEncryptedContent(self):
contentData = Data(self.contentName)
encryptParams = EncryptParams(EncryptAlgorithmType.AesCbc)
encryptParams.setInitialVector(Blob(INITIAL_VECTOR, False))
Encryptor.encryptData(
contentData, Blob(DATA_CONTENT, False), self.cKeyName,
self.fixtureCKeyBlob, encryptParams)
self.keyChain.sign(contentData, self.certificateName)
return contentData
def createEncryptedContent(self):
contentData = Data(self.contentName)
encryptParams = EncryptParams(EncryptAlgorithmType.AesCbc)
encryptParams.setInitialVector(Blob(INITIAL_VECTOR, False))
Encryptor.encryptData(
contentData, Blob(DATA_CONTENT, False), self.cKeyName,
self.fixtureCKeyBlob, encryptParams)
self.keyChain.sign(contentData, self.certificateName)
return contentData
def __init__(self, contentPrefix, userKeyName, keyChain, certificateName):
self._enabled = True
self._responseCount = 0
# Imitate test_consumer from the PyNDN integration tests.
contentName0 = Name(contentPrefix).append("Content").appendSegment(0)
contentName1 = Name(contentPrefix).append("Content").appendSegment(1)
cKeyName = Name("/Prefix/SAMPLE/Content/C-KEY/1")
dKeyName = Name("/Prefix/READ/D-KEY/1/2")
# Generate the E-KEY and D-KEY.
params = RsaKeyParams()
fixtureDKeyBlob = RsaAlgorithm.generateKey(params).getKeyBits()
fixtureEKeyBlob = RsaAlgorithm.deriveEncryptKey(
fixtureDKeyBlob).getKeyBits()
# The user key.
fixtureUserEKeyBlob = Blob(FIXTURE_USER_E_KEY)
# Load the C-KEY.
fixtureCKeyBlob = Blob(AES_KEY, False)
# Imitate createEncryptedContent. Make two segments.
encryptParams = EncryptParams(EncryptAlgorithmType.AesCbc)
encryptParams.setInitialVector(Blob(INITIAL_VECTOR, False))
self._contentData0 = Data(contentName0)
Encryptor.encryptData(
self._contentData0, Blob(DATA0_CONTENT, False), cKeyName,
fixtureCKeyBlob, encryptParams)
self._contentData0.getMetaInfo().setFinalBlockId(
Name().appendSegment(1)[0])
keyChain.sign(self._contentData0, certificateName)
self._contentData1 = Data(contentName1)
Encryptor.encryptData(
self._contentData1, Blob(DATA1_CONTENT, False), cKeyName,
fixtureCKeyBlob, encryptParams)
self._contentData1.getMetaInfo().setFinalBlockId(
Name().appendSegment(1)[0])
keyChain.sign(self._contentData1, certificateName)
# Imitate createEncryptedCKey.
self._cKeyData = Data(cKeyName)
encryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
Encryptor.encryptData(
self._cKeyData, fixtureCKeyBlob, dKeyName, fixtureEKeyBlob,
encryptParams)
keyChain.sign(self._cKeyData, certificateName)
# Imitate createEncryptedDKey.
self._dKeyData = Data(dKeyName)
encryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
Encryptor.encryptData(
self._dKeyData, fixtureDKeyBlob, userKeyName, fixtureUserEKeyBlob,
encryptParams)
keyChain.sign(self._dKeyData, certificateName)
class TestDataAesCbc(object):
testName = "TestDataAesCbc"
keyName = Name("/test")
encryptParams = EncryptParams(EncryptAlgorithmType.AesCbc).setInitialVector(
Blob(bytearray([
0x73, 0x6f, 0x6d, 0x65, 0x72, 0x61, 0x6e, 0x64,
0x6f, 0x6d, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72
]), False))
plainText = Blob(bytearray([
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73
]), False)
key = Blob(bytearray([
0xdd, 0x60, 0x77, 0xec, 0xa9, 0x6b, 0x23, 0x1b,
0x40, 0x6b, 0x5a, 0xf8, 0x7d, 0x3d, 0x55, 0x32
]), False)
encryptedContent = Blob(bytearray([
0x82, 0x41, # EncryptedContent
0x1c, 0x08, # KeyLocator /test
0x07, 0x06,
0x08, 0x04, 0x74, 0x65, 0x73, 0x74,
0x83, 0x01, # EncryptedAlgorithm
0x01, # AlgorithmAesCbc
0x85, 0x10,
0x73, 0x6f, 0x6d, 0x65, 0x72, 0x61, 0x6e, 0x64,
0x6f, 0x6d, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72,
0x84, 0x20, # EncryptedPayLoad
0x6a, 0x6b, 0x58, 0x9c, 0x30, 0x3b, 0xd9, 0xa6,
0xed, 0xd2, 0x12, 0xef, 0x29, 0xad, 0xc3, 0x60,
0x1f, 0x1b, 0x6b, 0xc7, 0x03, 0xff, 0x53, 0x52,
0x82, 0x6d, 0x82, 0x73, 0x05, 0xf9, 0x03, 0xdc
]), False)
def checkEncryptionKeys(result, testTime, roundedTime,
expectedExpressInterestCallCount):
self.assertEqual(expectedExpressInterestCallCount,
expressInterestCallCount[0])
self.assertEqual(True, testDb.hasContentKey(testTime))
contentKey[0] = testDb.getContentKey(testTime)
params = EncryptParams(EncryptAlgorithmType.RsaOaep)
for i in range(len(result)):
key = result[i]
keyName = key.getName()
self.assertEqual(cKeyName, keyName.getSubName(0, 6))
self.assertEqual(keyName.get(6), roundedTime)
self.assertEqual(keyName.get(7), Encryptor.NAME_COMPONENT_FOR)
self.assertEqual(True,
keyName.getSubName(8) in self.decryptionKeys)
decryptionKey = self.decryptionKeys[keyName.getSubName(8)]
self.assertEqual(True, decryptionKey.size() != 0)
encryptedKeyEncoding = key.getContent()
content = EncryptedContent()
content.wireDecode(encryptedKeyEncoding)
encryptedKey = content.getPayload()
retrievedKey = RsaAlgorithm.decrypt(decryptionKey,
encryptedKey, params)
self.assertTrue(contentKey[0].equals(retrievedKey))
self.assertEqual(3, len(result))
class TestDataAesEcb(object):
testName = "TestDataAesEcb"
keyName = Name("/test")
encryptParams = EncryptParams(EncryptAlgorithmType.AesEcb)
plainText = Blob(bytearray([
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73
]), False)
key = Blob(bytearray([
0xdd, 0x60, 0x77, 0xec, 0xa9, 0x6b, 0x23, 0x1b,
0x40, 0x6b, 0x5a, 0xf8, 0x7d, 0x3d, 0x55, 0x32
]), False)
encryptedContent = Blob(bytearray([
0x82, 0x2f,
0x1c, 0x08,
0x07, 0x06,
0x08, 0x04, 0x74, 0x65, 0x73, 0x74,
0x83, 0x01,
0x00,
0x84, 0x20,
0x13, 0x80, 0x1a, 0xc0, 0x4c, 0x75, 0xa7, 0x7f,
0x43, 0x5e, 0xd7, 0xa6, 0x3f, 0xd3, 0x68, 0x94,
0xe2, 0xcf, 0x54, 0xb1, 0xc2, 0xce, 0xad, 0x9b,
0x56, 0x6e, 0x1c, 0xe6, 0x55, 0x1d, 0x79, 0x04
]), False)
def createEncryptedDKey(self):
dKeyData = Data(self.dKeyName)
encryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
Encryptor.encryptData(dKeyData, self.fixtureDKeyBlob, self.uKeyName,
self.fixtureUEKeyBlob, encryptParams)
self.keyChain.sign(dKeyData, self.certificateName)
return dKeyData
def test_create_d_key_data(self):
# Create the group manager.
manager = GroupManager(
Name("Alice"), Name("data_type"),
Sqlite3GroupManagerDb(self.dKeyDatabaseFilePath), 2048, 1,
self.keyChain)
newCertificateBlob = self.certificate.wireEncode()
newCertificate = IdentityCertificate()
newCertificate.wireDecode(newCertificateBlob)
# Encrypt the D-KEY.
data = manager._createDKeyData(
"20150825T000000", "20150827T000000", Name("/ndn/memberA/KEY"),
self.decryptKeyBlob, newCertificate.getPublicKeyInfo().getKeyDer())
# Verify the encrypted D-KEY.
dataContent = data.getContent()
# Get the nonce key.
# dataContent is a sequence of the two EncryptedContent.
encryptedNonce = EncryptedContent()
encryptedNonce.wireDecode(dataContent)
self.assertEqual(0, encryptedNonce.getInitialVector().size())
self.assertEqual(EncryptAlgorithmType.RsaOaep, encryptedNonce.getAlgorithmType())
blobNonce = encryptedNonce.getPayload()
decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
nonce = RsaAlgorithm.decrypt(self.decryptKeyBlob, blobNonce, decryptParams)
# Get the D-KEY.
# Use the size of encryptedNonce to find the start of encryptedPayload.
payloadContent = dataContent.buf()[encryptedNonce.wireEncode().size():]
encryptedPayload = EncryptedContent()
encryptedPayload.wireDecode(payloadContent)
self.assertEqual(16, encryptedPayload.getInitialVector().size())
self.assertEqual(EncryptAlgorithmType.AesCbc, encryptedPayload.getAlgorithmType())
decryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
decryptParams.setInitialVector(encryptedPayload.getInitialVector())
blobPayload = encryptedPayload.getPayload()
largePayload = AesAlgorithm.decrypt(nonce, blobPayload, decryptParams)
self.assertTrue(largePayload.equals(self.decryptKeyBlob))
def test_encryption_decryption(self):
encryptParams = EncryptParams(EncryptAlgorithmType.AesEcb, 16)
key = Blob(KEY, False)
decryptKey = DecryptKey(key)
encryptKey = AesAlgorithm.deriveEncryptKey(decryptKey.getKeyBits())
# Check key loading and key derivation.
self.assertTrue(encryptKey.getKeyBits().equals(key))
self.assertTrue(decryptKey.getKeyBits().equals(key))
plainBlob = Blob(PLAINTEXT, False)
# Encrypt data in AES_ECB.
cipherBlob = AesAlgorithm.encrypt(
encryptKey.getKeyBits(), plainBlob, encryptParams)
self.assertTrue(cipherBlob.equals(Blob(CIPHERTEXT_ECB, False)))
# Decrypt data in AES_ECB.
receivedBlob = AesAlgorithm.decrypt(
decryptKey.getKeyBits(), cipherBlob, encryptParams)
self.assertTrue(receivedBlob.equals(plainBlob))
# Encrypt/decrypt data in AES_CBC with auto-generated IV.
encryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
cipherBlob = AesAlgorithm.encrypt(
encryptKey.getKeyBits(), plainBlob, encryptParams)
receivedBlob = AesAlgorithm.decrypt(
decryptKey.getKeyBits(), cipherBlob, encryptParams)
self.assertTrue(receivedBlob.equals(plainBlob))
# Encrypt data in AES_CBC with specified IV.
initialVector = Blob(INITIAL_VECTOR, False)
encryptParams.setInitialVector(initialVector)
cipherBlob = AesAlgorithm.encrypt(
encryptKey.getKeyBits(), plainBlob, encryptParams)
self.assertTrue(cipherBlob.equals(Blob(CIPHERTEXT_CBC_IV, False)))
# Decrypt data in AES_CBC with specified IV.
receivedBlob = AesAlgorithm.decrypt(
decryptKey.getKeyBits(), cipherBlob, encryptParams)
self.assertTrue(receivedBlob.equals(plainBlob))
def test_encryption_decryption(self):
encryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep, 0)
privateKeyBlob = Blob(b64decode(PRIVATE_KEY))
publicKeyBlob = Blob(b64decode(PUBLIC_KEY))
decryptKey = DecryptKey(privateKeyBlob)
encryptKey = RsaAlgorithm.deriveEncryptKey(decryptKey.getKeyBits())
encodedPublic = publicKeyBlob
derivedPublicKey = encryptKey.getKeyBits()
self.assertTrue(encodedPublic.equals(derivedPublicKey))
plainBlob = Blob(PLAINTEXT, False)
encryptBlob = RsaAlgorithm.encrypt(encryptKey.getKeyBits(), plainBlob,
encryptParams)
receivedBlob = RsaAlgorithm.decrypt(decryptKey.getKeyBits(),
encryptBlob, encryptParams)
self.assertTrue(plainBlob.equals(receivedBlob))
cipherBlob = Blob(CIPHERTEXT_OAEP, False)
decryptedBlob = RsaAlgorithm.decrypt(decryptKey.getKeyBits(),
cipherBlob, encryptParams)
self.assertTrue(plainBlob.equals(decryptedBlob))
# Now test RsaPkcs.
encryptParams = EncryptParams(EncryptAlgorithmType.RsaPkcs, 0)
encryptBlob = RsaAlgorithm.encrypt(encryptKey.getKeyBits(), plainBlob,
encryptParams)
receivedBlob = RsaAlgorithm.decrypt(decryptKey.getKeyBits(),
encryptBlob, encryptParams)
self.assertTrue(plainBlob.equals(receivedBlob))
cipherBlob = Blob(CIPHERTEXT_PKCS, False)
decryptedBlob = RsaAlgorithm.decrypt(decryptKey.getKeyBits(),
cipherBlob, encryptParams)
self.assertTrue(plainBlob.equals(decryptedBlob))
def __init__(self, contentPrefix, userKeyName, keyChain, certificateName):
self._enabled = True
self._responseCount = 0
# Imitate test_consumer from the PyNDN integration tests.
contentName0 = Name(contentPrefix).append("Content").appendSegment(0)
contentName1 = Name(contentPrefix).append("Content").appendSegment(1)
cKeyName = Name("/Prefix/SAMPLE/Content/C-KEY/1")
dKeyName = Name("/Prefix/READ/D-KEY/1/2")
# Generate the E-KEY and D-KEY.
params = RsaKeyParams()
fixtureDKeyBlob = RsaAlgorithm.generateKey(params).getKeyBits()
fixtureEKeyBlob = RsaAlgorithm.deriveEncryptKey(
fixtureDKeyBlob).getKeyBits()
# The user key.
fixtureUserEKeyBlob = Blob(FIXTURE_USER_E_KEY)
# Load the C-KEY.
fixtureCKeyBlob = Blob(AES_KEY, False)
# Imitate createEncryptedContent. Make two segments.
encryptParams = EncryptParams(EncryptAlgorithmType.AesCbc)
encryptParams.setInitialVector(Blob(INITIAL_VECTOR, False))
self._contentData0 = Data(contentName0)
Encryptor.encryptData(self._contentData0, Blob(DATA0_CONTENT, False),
cKeyName, fixtureCKeyBlob, encryptParams)
self._contentData0.getMetaInfo().setFinalBlockId(
Name().appendSegment(1)[0])
keyChain.sign(self._contentData0, certificateName)
self._contentData1 = Data(contentName1)
Encryptor.encryptData(self._contentData1, Blob(DATA1_CONTENT, False),
cKeyName, fixtureCKeyBlob, encryptParams)
self._contentData1.getMetaInfo().setFinalBlockId(
Name().appendSegment(1)[0])
keyChain.sign(self._contentData1, certificateName)
# Imitate createEncryptedCKey.
self._cKeyData = Data(cKeyName)
encryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
Encryptor.encryptData(self._cKeyData, fixtureCKeyBlob, dKeyName,
fixtureEKeyBlob, encryptParams)
keyChain.sign(self._cKeyData, certificateName)
# Imitate createEncryptedDKey.
self._dKeyData = Data(dKeyName)
encryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
Encryptor.encryptData(self._dKeyData, fixtureDKeyBlob, userKeyName,
fixtureUserEKeyBlob, encryptParams)
keyChain.sign(self._dKeyData, certificateName)
def test_key_generation(self):
keyParams = AesKeyParams(128)
decryptKey = AesAlgorithm.generateKey(keyParams)
encryptKey = AesAlgorithm.deriveEncryptKey(decryptKey.getKeyBits())
plainBlob = Blob(PLAINTEXT, False)
# Encrypt/decrypt data in AES_CBC with auto-generated IV.
encryptParams = EncryptParams(EncryptAlgorithmType.AesCbc, 16)
cipherBlob = AesAlgorithm.encrypt(encryptKey.getKeyBits(), plainBlob,
encryptParams)
receivedBlob = AesAlgorithm.decrypt(decryptKey.getKeyBits(),
cipherBlob, encryptParams)
self.assertTrue(receivedBlob.equals(plainBlob))
def test_content_asymmetric_encrypt_small(self):
for input in encryptorRsaTestInputs:
rawContent = Blob(
bytearray([
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc,
0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x63, 0x6f, 0x6e, 0x74,
0x65, 0x6e, 0x74, 0x73
]), False)
data = Data()
rsaParams = RsaKeyParams(1024)
keyName = Name("test")
decryptKey = RsaAlgorithm.generateKey(rsaParams)
encryptKey = RsaAlgorithm.deriveEncryptKey(decryptKey.getKeyBits())
eKey = encryptKey.getKeyBits()
dKey = decryptKey.getKeyBits()
encryptParams = EncryptParams(input.type)
Encryptor.encryptData(data, rawContent, keyName, eKey,
encryptParams)
self.assertTrue(
data.getName().equals(Name("/FOR").append(keyName)),
input.testName)
extractContent = EncryptedContent()
extractContent.wireDecode(data.getContent())
self.assertTrue(
keyName.equals(extractContent.getKeyLocator().getKeyName()),
input.testName)
self.assertEqual(extractContent.getInitialVector().size(), 0,
input.testName)
self.assertEqual(extractContent.getAlgorithmType(), input.type,
input.testName)
recovered = extractContent.getPayload()
decrypted = RsaAlgorithm.decrypt(dKey, recovered, encryptParams)
self.assertTrue(rawContent.equals(decrypted), input.testName)
def test_create_d_key_data(self):
# Create the group manager.
manager = GroupManager(
Name("Alice"), Name("data_type"),
Sqlite3GroupManagerDb(self.dKeyDatabaseFilePath), 2048, 1,
self.keyChain)
newCertificateBlob = self.certificate.wireEncode()
newCertificate = IdentityCertificate()
newCertificate.wireDecode(newCertificateBlob)
# Encrypt the D-KEY.
data = manager._createDKeyData(
"20150825T000000", "20150827T000000", Name("/ndn/memberA/KEY"),
self.decryptKeyBlob,
newCertificate.getPublicKeyInfo().getKeyDer())
# Verify the encrypted D-KEY.
dataContent = data.getContent()
# Get the nonce key.
# dataContent is a sequence of the two EncryptedContent.
encryptedNonce = EncryptedContent()
encryptedNonce.wireDecode(dataContent)
self.assertEqual(0, encryptedNonce.getInitialVector().size())
self.assertEqual(EncryptAlgorithmType.RsaOaep,
encryptedNonce.getAlgorithmType())
blobNonce = encryptedNonce.getPayload()
decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
nonce = RsaAlgorithm.decrypt(self.decryptKeyBlob, blobNonce,
decryptParams)
# Get the D-KEY.
# Use the size of encryptedNonce to find the start of encryptedPayload.
payloadContent = dataContent.buf()[encryptedNonce.wireEncode().size():]
encryptedPayload = EncryptedContent()
encryptedPayload.wireDecode(payloadContent)
self.assertEqual(16, encryptedPayload.getInitialVector().size())
self.assertEqual(EncryptAlgorithmType.AesCbc,
encryptedPayload.getAlgorithmType())
decryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
decryptParams.setInitialVector(encryptedPayload.getInitialVector())
blobPayload = encryptedPayload.getPayload()
largePayload = AesAlgorithm.decrypt(nonce, blobPayload, decryptParams)
self.assertTrue(largePayload.equals(self.decryptKeyBlob))
def test_encryption_decryption(self):
encryptParams = EncryptParams(EncryptAlgorithmType.AesEcb, 16)
key = Blob(KEY, False)
decryptKey = DecryptKey(key)
encryptKey = AesAlgorithm.deriveEncryptKey(decryptKey.getKeyBits())
# Check key loading and key derivation.
self.assertTrue(encryptKey.getKeyBits().equals(key))
self.assertTrue(decryptKey.getKeyBits().equals(key))
plainBlob = Blob(PLAINTEXT, False)
# Encrypt data in AES_ECB.
cipherBlob = AesAlgorithm.encrypt(encryptKey.getKeyBits(), plainBlob,
encryptParams)
self.assertTrue(cipherBlob.equals(Blob(CIPHERTEXT_ECB, False)))
# Decrypt data in AES_ECB.
receivedBlob = AesAlgorithm.decrypt(decryptKey.getKeyBits(),
cipherBlob, encryptParams)
self.assertTrue(receivedBlob.equals(plainBlob))
# Encrypt/decrypt data in AES_CBC with auto-generated IV.
encryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
cipherBlob = AesAlgorithm.encrypt(encryptKey.getKeyBits(), plainBlob,
encryptParams)
receivedBlob = AesAlgorithm.decrypt(decryptKey.getKeyBits(),
cipherBlob, encryptParams)
self.assertTrue(receivedBlob.equals(plainBlob))
# Encrypt data in AES_CBC with specified IV.
initialVector = Blob(INITIAL_VECTOR, False)
encryptParams.setInitialVector(initialVector)
cipherBlob = AesAlgorithm.encrypt(encryptKey.getKeyBits(), plainBlob,
encryptParams)
self.assertTrue(cipherBlob.equals(Blob(CIPHERTEXT_CBC_IV, False)))
# Decrypt data in AES_CBC with specified IV.
receivedBlob = AesAlgorithm.decrypt(decryptKey.getKeyBits(),
cipherBlob, encryptParams)
self.assertTrue(receivedBlob.equals(plainBlob))
def test_content_asymmetric_encrypt_large(self):
for input in encryptorRsaTestInputs:
largeContent = Blob(bytearray([
0x73, 0x5a, 0xbd, 0x47, 0x0c, 0xfe, 0xf8, 0x7d,
0x2e, 0x17, 0xaa, 0x11, 0x6f, 0x23, 0xc5, 0x10,
0x23, 0x36, 0x88, 0xc4, 0x2a, 0x0f, 0x9a, 0x72,
0x54, 0x31, 0xa8, 0xb3, 0x51, 0x18, 0x9f, 0x0e,
0x1b, 0x93, 0x62, 0xd9, 0xc4, 0xf5, 0xf4, 0x3d,
0x61, 0x9a, 0xca, 0x05, 0x65, 0x6b, 0xc6, 0x41,
0xf9, 0xd5, 0x1c, 0x67, 0xc1, 0xd0, 0xd5, 0x6f,
0x7b, 0x70, 0xb8, 0x8f, 0xdb, 0x19, 0x68, 0x7c,
0xe0, 0x2d, 0x04, 0x49, 0xa9, 0xa2, 0x77, 0x4e,
0xfc, 0x60, 0x0d, 0x7c, 0x1b, 0x93, 0x6c, 0xd2,
0x61, 0xc4, 0x6b, 0x01, 0xe9, 0x12, 0x28, 0x6d,
0xf5, 0x78, 0xe9, 0x99, 0x0b, 0x9c, 0x4f, 0x90,
0x34, 0x3e, 0x06, 0x92, 0x57, 0xe3, 0x7a, 0x8f,
0x13, 0xc7, 0xf3, 0xfe, 0xf0, 0xe2, 0x59, 0x48,
0x15, 0xb9, 0xdb, 0x77, 0x07, 0x1d, 0x6d, 0xb5,
0x65, 0x17, 0xdf, 0x76, 0x6f, 0xb5, 0x43, 0xde,
0x71, 0xac, 0xf1, 0x22, 0xbf, 0xb2, 0xe5, 0xd9,
0x22, 0xf1, 0x67, 0x76, 0x71, 0x0c, 0xff, 0x99,
0x7b, 0x94, 0x9b, 0x24, 0x20, 0x80, 0xe3, 0xcc,
0x06, 0x4a, 0xed, 0xdf, 0xec, 0x50, 0xd5, 0x87,
0x3d, 0xa0, 0x7d, 0x9c, 0xe5, 0x13, 0x10, 0x98,
0x14, 0xc3, 0x90, 0x10, 0xd9, 0x25, 0x9a, 0x59,
0xe9, 0x37, 0x26, 0xfd, 0x87, 0xd7, 0xf4, 0xf9,
0x11, 0x91, 0xad, 0x5c, 0x00, 0x95, 0xf5, 0x2b,
0x37, 0xf7, 0x4e, 0xb4, 0x4b, 0x42, 0x7c, 0xb3,
0xad, 0xd6, 0x33, 0x5f, 0x0b, 0x84, 0x57, 0x7f,
0xa7, 0x07, 0x73, 0x37, 0x4b, 0xab, 0x2e, 0xfb,
0xfe, 0x1e, 0xcb, 0xb6, 0x4a, 0xc1, 0x21, 0x5f,
0xec, 0x92, 0xb7, 0xac, 0x97, 0x75, 0x20, 0xc9,
0xd8, 0x9e, 0x93, 0xd5, 0x12, 0x7a, 0x64, 0xb9,
0x4c, 0xed, 0x49, 0x87, 0x44, 0x5b, 0x4f, 0x90,
0x34, 0x3e, 0x06, 0x92, 0x57, 0xe3, 0x7a, 0x8f,
0x13, 0xc7, 0xf3, 0xfe, 0xf0, 0xe2, 0x59, 0x48,
0x15, 0xb9, 0xdb, 0x77, 0x07, 0x1d, 0x6d, 0xb5,
0x65, 0x17, 0xdf, 0x76, 0x6f, 0xb5, 0x43, 0xde,
0x71, 0xac, 0xf1, 0x22, 0xbf, 0xb2, 0xe5, 0xd9
]), False)
data = Data()
rsaParams = RsaKeyParams(1024)
keyName = Name("test")
decryptKey = RsaAlgorithm.generateKey(rsaParams)
encryptKey = RsaAlgorithm.deriveEncryptKey(decryptKey.getKeyBits())
eKey = encryptKey.getKeyBits()
dKey = decryptKey.getKeyBits()
encryptParams = EncryptParams(input.type)
Encryptor.encryptData(data, largeContent, keyName, eKey, encryptParams)
self.assertTrue(data.getName().equals(Name("/FOR").append(keyName)),
input.testName)
largeDataContent = data.getContent()
# largeDataContent is a sequence of the two EncryptedContent.
encryptedNonce = EncryptedContent()
encryptedNonce.wireDecode(largeDataContent)
self.assertTrue(keyName.equals(encryptedNonce.getKeyLocator().getKeyName()),
input.testName)
self.assertEqual(encryptedNonce.getInitialVector().size(), 0,
input.testName)
self.assertEqual(encryptedNonce.getAlgorithmType(), input.type,
input.testName)
# Use the size of encryptedNonce to find the start of encryptedPayload.
payloadContent = largeDataContent.buf()[encryptedNonce.wireEncode().size():]
encryptedPayload = EncryptedContent()
encryptedPayload.wireDecode(payloadContent)
nonceKeyName = Name(keyName)
nonceKeyName.append("nonce")
self.assertTrue(nonceKeyName.equals(encryptedPayload.getKeyLocator().getKeyName()),
input.testName)
self.assertEqual(encryptedPayload.getInitialVector().size(), 16,
input.testName)
self.assertEqual(encryptedPayload.getAlgorithmType(), EncryptAlgorithmType.AesCbc,
input.testName)
self.assertEqual(
largeDataContent.size(),
encryptedNonce.wireEncode().size() + encryptedPayload.wireEncode().size(),
input.testName)
blobNonce = encryptedNonce.getPayload()
nonce = RsaAlgorithm.decrypt(dKey, blobNonce, encryptParams)
encryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
encryptParams.setInitialVector(encryptedPayload.getInitialVector())
bufferPayload = encryptedPayload.getPayload()
largePayload = AesAlgorithm.decrypt(nonce, bufferPayload, encryptParams)
self.assertTrue(largeContent.equals(largePayload), input.testName)
def test_get_group_key(self):
# Create the group manager.
manager = GroupManager(
Name("Alice"), Name("data_type"),
Sqlite3GroupManagerDb(self.groupKeyDatabaseFilePath), 1024, 1,
self.keyChain)
self.setManager(manager)
# Get the data list from the group manager.
timePoint1 = Schedule.fromIsoString("20150825T093000")
result = manager.getGroupKey(timePoint1)
self.assertEqual(4, len(result))
# The first data packet contains the group's encryption key (public key).
data = result[0]
self.assertEqual(
"/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000",
data.getName().toUri())
groupEKey = EncryptKey(data.getContent())
# Get the second data packet and decrypt.
data = result[1]
self.assertEqual(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123",
data.getName().toUri())
####################################################### Start decryption.
dataContent = data.getContent()
# Get the nonce key.
# dataContent is a sequence of the two EncryptedContent.
encryptedNonce = EncryptedContent()
encryptedNonce.wireDecode(dataContent)
self.assertEqual(0, encryptedNonce.getInitialVector().size())
self.assertEqual(EncryptAlgorithmType.RsaOaep,
encryptedNonce.getAlgorithmType())
decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
blobNonce = encryptedNonce.getPayload()
nonce = RsaAlgorithm.decrypt(self.decryptKeyBlob, blobNonce,
decryptParams)
# Get the payload.
# Use the size of encryptedNonce to find the start of encryptedPayload.
payloadContent = dataContent.buf()[encryptedNonce.wireEncode().size():]
encryptedPayload = EncryptedContent()
encryptedPayload.wireDecode(payloadContent)
self.assertEqual(16, encryptedPayload.getInitialVector().size())
self.assertEqual(EncryptAlgorithmType.AesCbc,
encryptedPayload.getAlgorithmType())
decryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
decryptParams.setInitialVector(encryptedPayload.getInitialVector())
blobPayload = encryptedPayload.getPayload()
largePayload = AesAlgorithm.decrypt(nonce, blobPayload, decryptParams)
# Get the group D-KEY.
groupDKey = DecryptKey(largePayload)
####################################################### End decryption.
# Check the D-KEY.
derivedGroupEKey = RsaAlgorithm.deriveEncryptKey(
groupDKey.getKeyBits())
self.assertTrue(groupEKey.getKeyBits().equals(
derivedGroupEKey.getKeyBits()))
# Check the third data packet.
data = result[2]
self.assertEqual(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberB/ksk-123",
data.getName().toUri())
# Check the fourth data packet.
data = result[3]
self.assertEqual(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberC/ksk-123",
data.getName().toUri())
# Check invalid time stamps for getting the group key.
timePoint2 = Schedule.fromIsoString("20150826T083000")
self.assertEqual(0, len(manager.getGroupKey(timePoint2)))
timePoint3 = Schedule.fromIsoString("20150827T023000")
self.assertEqual(0, len(manager.getGroupKey(timePoint3)))
def test_content_key_request(self):
prefix = Name("/prefix")
suffix = Name("/a/b/c")
expectedInterest = Name(prefix)
expectedInterest.append(Encryptor.NAME_COMPONENT_READ)
expectedInterest.append(suffix)
expectedInterest.append(Encryptor.NAME_COMPONENT_E_KEY)
cKeyName = Name(prefix)
cKeyName.append(Encryptor.NAME_COMPONENT_SAMPLE)
cKeyName.append(suffix)
cKeyName.append(Encryptor.NAME_COMPONENT_C_KEY)
timeMarker = Name("20150101T100000/20150101T120000")
testTime1 = Schedule.fromIsoString("20150101T100001")
testTime2 = Schedule.fromIsoString("20150101T110001")
testTimeRounded1 = Name.Component("20150101T100000")
testTimeRounded2 = Name.Component("20150101T110000")
testTimeComponent2 = Name.Component("20150101T110001")
# Create content keys required for this test case:
for i in range(suffix.size()):
self.createEncryptionKey(expectedInterest, timeMarker)
expectedInterest = expectedInterest.getPrefix(-2).append(
Encryptor.NAME_COMPONENT_E_KEY)
expressInterestCallCount = [0]
# Prepare a TestFace to instantly answer calls to expressInterest.
class TestFace(object):
def __init__(self, handleExpressInterest):
self.handleExpressInterest = handleExpressInterest
def expressInterest(self, interest, onData, onTimeout,
onNetworkNack):
return self.handleExpressInterest(interest, onData, onTimeout,
onNetworkNack)
def handleExpressInterest(interest, onData, onTimeout, onNetworkNack):
expressInterestCallCount[0] += 1
interestName = Name(interest.getName())
interestName.append(timeMarker)
self.assertTrue(interestName in self.encryptionKeys)
onData(interest, self.encryptionKeys[interestName])
return 0
face = TestFace(handleExpressInterest)
# Verify that the content key is correctly encrypted for each domain, and
# the produce method encrypts the provided data with the same content key.
testDb = Sqlite3ProducerDb(self.databaseFilePath)
producer = Producer(prefix, suffix, face, self.keyChain, testDb)
contentKey = [None] # Blob
def checkEncryptionKeys(result, testTime, roundedTime,
expectedExpressInterestCallCount):
self.assertEqual(expectedExpressInterestCallCount,
expressInterestCallCount[0])
self.assertEqual(True, testDb.hasContentKey(testTime))
contentKey[0] = testDb.getContentKey(testTime)
params = EncryptParams(EncryptAlgorithmType.RsaOaep)
for i in range(len(result)):
key = result[i]
keyName = key.getName()
self.assertEqual(cKeyName, keyName.getSubName(0, 6))
self.assertEqual(keyName.get(6), roundedTime)
self.assertEqual(keyName.get(7), Encryptor.NAME_COMPONENT_FOR)
self.assertEqual(True,
keyName.getSubName(8) in self.decryptionKeys)
decryptionKey = self.decryptionKeys[keyName.getSubName(8)]
self.assertEqual(True, decryptionKey.size() != 0)
encryptedKeyEncoding = key.getContent()
content = EncryptedContent()
content.wireDecode(encryptedKeyEncoding)
encryptedKey = content.getPayload()
retrievedKey = RsaAlgorithm.decrypt(decryptionKey,
encryptedKey, params)
self.assertTrue(contentKey[0].equals(retrievedKey))
self.assertEqual(3, len(result))
# An initial test to confirm that keys are created for this time slot.
contentKeyName1 = producer.createContentKey(
testTime1, lambda keys: checkEncryptionKeys(
keys, testTime1, testTimeRounded1, 3))
# Verify that we do not repeat the search for e-keys. The total
# expressInterestCallCount should be the same.
contentKeyName2 = producer.createContentKey(
testTime2, lambda keys: checkEncryptionKeys(
keys, testTime2, testTimeRounded2, 3))
# Confirm content key names are correct
self.assertEqual(cKeyName, contentKeyName1.getPrefix(-1))
self.assertEqual(testTimeRounded1, contentKeyName1.get(6))
self.assertEqual(cKeyName, contentKeyName2.getPrefix(-1))
self.assertEqual(testTimeRounded2, contentKeyName2.get(6))
# Confirm that produce encrypts with the correct key and has the right name.
testData = Data()
producer.produce(testData, testTime2, Blob(DATA_CONTENT, False))
producedName = testData.getName()
self.assertEqual(cKeyName.getPrefix(-1), producedName.getSubName(0, 5))
self.assertEqual(testTimeComponent2, producedName.get(5))
self.assertEqual(Encryptor.NAME_COMPONENT_FOR, producedName.get(6))
self.assertEqual(cKeyName, producedName.getSubName(7, 6))
self.assertEqual(testTimeRounded2, producedName.get(13))
dataBlob = testData.getContent()
dataContent = EncryptedContent()
dataContent.wireDecode(dataBlob)
encryptedData = dataContent.getPayload()
initialVector = dataContent.getInitialVector()
params = EncryptParams(EncryptAlgorithmType.AesCbc, 16)
params.setInitialVector(initialVector)
decryptTest = AesAlgorithm.decrypt(contentKey[0], encryptedData,
params)
self.assertTrue(decryptTest.equals(Blob(DATA_CONTENT, False)))
def test_content_key_request(self):
prefix = Name("/prefix")
suffix = Name("/a/b/c")
expectedInterest = Name(prefix)
expectedInterest.append(Encryptor.NAME_COMPONENT_READ)
expectedInterest.append(suffix)
expectedInterest.append(Encryptor.NAME_COMPONENT_E_KEY)
cKeyName = Name(prefix)
cKeyName.append(Encryptor.NAME_COMPONENT_SAMPLE)
cKeyName.append(suffix)
cKeyName.append(Encryptor.NAME_COMPONENT_C_KEY)
timeMarker = Name("20150101T100000/20150101T120000")
testTime1 = Schedule.fromIsoString("20150101T100001")
testTime2 = Schedule.fromIsoString("20150101T110001")
testTimeRounded1 = Name.Component("20150101T100000")
testTimeRounded2 = Name.Component("20150101T110000")
# Create content keys required for this test case:
for i in range(suffix.size()):
self.createEncryptionKey(expectedInterest, timeMarker)
expectedInterest = expectedInterest.getPrefix(-2).append(
Encryptor.NAME_COMPONENT_E_KEY)
expressInterestCallCount = [0]
# Prepare a TestFace to instantly answer calls to expressInterest.
class TestFace(object):
def __init__(self, handleExpressInterest):
self.handleExpressInterest = handleExpressInterest
def expressInterest(self, interest, onData, onTimeout):
return self.handleExpressInterest(interest, onData, onTimeout)
def handleExpressInterest(interest, onData, onTimeout):
expressInterestCallCount[0] += 1
interestName = Name(interest.getName())
interestName.append(timeMarker)
self.assertTrue(interestName in self.encryptionKeys)
onData(interest, self.encryptionKeys[interestName])
return 0
face = TestFace(handleExpressInterest)
# Verify that the content key is correctly encrypted for each domain, and
# the produce method encrypts the provided data with the same content key.
testDb = Sqlite3ProducerDb(self.databaseFilePath)
producer = Producer(prefix, suffix, face, self.keyChain, testDb)
contentKey = [None] # Blob
def checkEncryptionKeys(
result, testTime, roundedTime, expectedExpressInterestCallCount):
self.assertEqual(expectedExpressInterestCallCount,
expressInterestCallCount[0])
self.assertEqual(True, testDb.hasContentKey(testTime))
contentKey[0] = testDb.getContentKey(testTime)
params = EncryptParams(EncryptAlgorithmType.RsaOaep)
for i in range(len(result)):
key = result[i]
keyName = key.getName()
self.assertEqual(cKeyName, keyName.getSubName(0, 6))
self.assertEqual(keyName.get(6), roundedTime)
self.assertEqual(keyName.get(7), Encryptor.NAME_COMPONENT_FOR)
self.assertEqual(
True, keyName.getSubName(8) in self.decryptionKeys)
decryptionKey = self.decryptionKeys[keyName.getSubName(8)]
self.assertEqual(True, decryptionKey.size() != 0)
encryptedKeyEncoding = key.getContent()
content = EncryptedContent()
content.wireDecode(encryptedKeyEncoding)
encryptedKey = content.getPayload()
retrievedKey = RsaAlgorithm.decrypt(
decryptionKey, encryptedKey, params)
self.assertTrue(contentKey[0].equals(retrievedKey))
self.assertEqual(3, len(result))
# An initial test to confirm that keys are created for this time slot.
contentKeyName1 = producer.createContentKey(
testTime1,
lambda keys: checkEncryptionKeys(keys, testTime1, testTimeRounded1, 3))
# Verify that we do not repeat the search for e-keys. The total
# expressInterestCallCount should be the same.
contentKeyName2 = producer.createContentKey(
testTime2,
lambda keys: checkEncryptionKeys(keys, testTime2, testTimeRounded2, 3))
# Confirm content key names are correct
self.assertEqual(cKeyName, contentKeyName1.getPrefix(-1))
self.assertEqual(testTimeRounded1, contentKeyName1.get(6))
self.assertEqual(cKeyName, contentKeyName2.getPrefix(-1))
self.assertEqual(testTimeRounded2, contentKeyName2.get(6))
# Confirm that produce encrypts with the correct key and has the right name.
testData = Data()
producer.produce(testData, testTime2, Blob(DATA_CONTENT, False))
producedName = testData.getName()
self.assertEqual(cKeyName.getPrefix(-1), producedName.getSubName(0, 5))
self.assertEqual(testTimeRounded2, producedName.get(5))
self.assertEqual(Encryptor.NAME_COMPONENT_FOR, producedName.get(6))
self.assertEqual(cKeyName, producedName.getSubName(7, 6))
self.assertEqual(testTimeRounded2, producedName.get(13))
dataBlob = testData.getContent()
dataContent = EncryptedContent()
dataContent.wireDecode(dataBlob)
encryptedData = dataContent.getPayload()
initialVector = dataContent.getInitialVector()
params = EncryptParams(EncryptAlgorithmType.AesCbc, 16)
params.setInitialVector(initialVector)
decryptTest = AesAlgorithm.decrypt(contentKey[0], encryptedData, params)
self.assertTrue(decryptTest.equals(Blob(DATA_CONTENT, False)))
def test_get_group_key(self):
# Create the group manager.
manager = GroupManager(
Name("Alice"), Name("data_type"),
Sqlite3GroupManagerDb(self.groupKeyDatabaseFilePath), 1024, 1,
self.keyChain)
self.setManager(manager)
# Get the data list from the group manager.
timePoint1 = Schedule.fromIsoString("20150825T093000")
result = manager.getGroupKey(timePoint1)
self.assertEqual(4, len(result))
# The first data packet contains the group's encryption key (public key).
data = result[0]
self.assertEqual(
"/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000",
data.getName().toUri())
groupEKey = EncryptKey(data.getContent())
# Get the second data packet and decrypt.
data = result[1]
self.assertEqual(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123",
data.getName().toUri())
####################################################### Start decryption.
dataContent = data.getContent()
# Get the nonce key.
# dataContent is a sequence of the two EncryptedContent.
encryptedNonce = EncryptedContent()
encryptedNonce.wireDecode(dataContent)
self.assertEqual(0, encryptedNonce.getInitialVector().size())
self.assertEqual(EncryptAlgorithmType.RsaOaep, encryptedNonce.getAlgorithmType())
decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
blobNonce = encryptedNonce.getPayload()
nonce = RsaAlgorithm.decrypt(self.decryptKeyBlob, blobNonce, decryptParams)
# Get the payload.
# Use the size of encryptedNonce to find the start of encryptedPayload.
payloadContent = dataContent.buf()[encryptedNonce.wireEncode().size():]
encryptedPayload = EncryptedContent()
encryptedPayload.wireDecode(payloadContent)
self.assertEqual(16, encryptedPayload.getInitialVector().size())
self.assertEqual(EncryptAlgorithmType.AesCbc, encryptedPayload.getAlgorithmType())
decryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
decryptParams.setInitialVector(encryptedPayload.getInitialVector())
blobPayload = encryptedPayload.getPayload()
largePayload = AesAlgorithm.decrypt(nonce, blobPayload, decryptParams)
# Get the group D-KEY.
groupDKey = DecryptKey(largePayload)
####################################################### End decryption.
# Check the D-KEY.
derivedGroupEKey = RsaAlgorithm.deriveEncryptKey(groupDKey.getKeyBits())
self.assertTrue(groupEKey.getKeyBits().equals(derivedGroupEKey.getKeyBits()))
# Check the third data packet.
data = result[2]
self.assertEqual(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberB/ksk-123",
data.getName().toUri())
# Check the fourth data packet.
data = result[3]
self.assertEqual(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberC/ksk-123",
data.getName().toUri())
# Check invalid time stamps for getting the group key.
timePoint2 = Schedule.fromIsoString("20150826T083000")
self.assertEqual(0, len(manager.getGroupKey(timePoint2)))
timePoint3 = Schedule.fromIsoString("20150827T023000")
self.assertEqual(0, len(manager.getGroupKey(timePoint3)))
