def test_key_encoder_decoder(random_ec_curvebn1):
priv_key = random_ec_curvebn1
umbral_key = UmbralPrivateKey(priv_key, default_params())
encoded_key = umbral_key.to_bytes(encoder=base64.urlsafe_b64encode)
decoded_key = UmbralPrivateKey.from_bytes(encoded_key,
decoder=base64.urlsafe_b64decode)
assert decoded_key.to_bytes() == umbral_key.to_bytes()
def _encrypt_credential_and_voter_short_private_key(
self, credential: Tuple[UmbralPublicKey, Signer],
private_key: UmbralPrivateKey) -> Dict[str, Tuple[bytes, Capsule]]:
"""encrypt credential and voter short private key
Arguments:
credential {Tuple[UmbralPublicKey, Signer]}
private_key {UmbralPrivateKey}
Returns:
Dict[str, Tuple[bytes, Capsule]] -- need to save Capsule
"""
credential_bytes = credential[0].to_bytes() + bytes(credential[1])
private_key_bytes = private_key.to_bytes()
(enc_credential, c_capsule) = encrypt(self.public_key,
credential_bytes)
(enc_private_key, p_capsule) = encrypt(self.public_key,
private_key_bytes)
voter_public_key = credential[0]
for capsule in (c_capsule, p_capsule):
capsule.set_correctness_keys(delegating=self.public_key,
receiving=voter_public_key,
verifying=self.verifying_key)
return {
"credential": (enc_credential, c_capsule),
"private_key": (enc_private_key, p_capsule)
}
def _encrypt_umbral_key(wrapping_key: bytes,
umbral_key: UmbralPrivateKey) -> bytes:
"""
Encrypts a key with nacl's XSalsa20-Poly1305 algorithm (SecretBox).
Returns an encrypted key as bytes with the nonce appended.
"""
# TODO: Deprecate this method once key wrapping is refined in pyumbral
return bytes(SecretBox(wrapping_key).encrypt(umbral_key.to_bytes()))
def test_public_key_serialization(random_ec_curvebn1):
umbral_key = UmbralPrivateKey(random_ec_curvebn1, default_params()).get_pubkey()
pub_point = umbral_key.point_key
encoded_key = umbral_key.to_bytes()
decoded_key = UmbralPublicKey.from_bytes(encoded_key)
assert pub_point == decoded_key.point_key
def test_private_key_serialization(random_ec_curvebn1):
priv_key = random_ec_curvebn1
umbral_key = UmbralPrivateKey(priv_key, default_params())
encoded_key = umbral_key.to_bytes()
decoded_key = UmbralPrivateKey.from_bytes(encoded_key)
assert priv_key == decoded_key.bn_key
def _encrypt_umbral_key(wrapping_key: bytes,
umbral_key: UmbralPrivateKey) -> Dict[str, bytes]:
"""
Encrypts a key with nacl's XSalsa20-Poly1305 algorithm (SecretBox).
Returns an encrypted key as bytes with the nonce appended.
"""
nonce = os.urandom(__NONCE_LENGTH)
ciphertext = SecretBox(wrapping_key).encrypt(umbral_key.to_bytes(),
nonce).ciphertext
return {'nonce': nonce, 'key': ciphertext}
def create_policy(self, label: bytes, alice_privkey: UmbralPrivateKey,
bob_pubkey: UmbralPublicKey, policy_expiration, m: int,
n: int):
"""
Create a Policy with Alice granting Bob access to `label` DataSource
:param label: A label to represent the policies data
:param alice_privkey: Alice's private key
:param bob_pubkey: Bob's public key
:param policy_expiration: Datetime of policy expiration duration
:param m: Minimum number of KFrags needed to rebuild ciphertext
:param n: Total number of rekey shares to generate
:return: The policy granted to Bob
"""
# This is not how this should be implemented, but I am still figuring out
# the keying material and why it is randomly generated when a character is
# initialized, instead of being derived from the keys like the other powers
# or explained how it should be stored.
d = DelegatingPower()
d.umbral_keying_material = UmbralKeyingMaterial.from_bytes(
alice_privkey.to_bytes() + alice_privkey.get_pubkey().to_bytes())
# Initialize Alice
ALICE = Alice(
crypto_power_ups=[
SigningPower(keypair=SigningKeypair(alice_privkey)),
EncryptingPower(keypair=EncryptingKeypair(alice_privkey)),
# DelegatingPower
d
],
network_middleware=RestMiddleware(),
known_nodes=(self.ursula, ),
federated_only=True,
always_be_learning=True)
# Initialize Bob
BOB = Bob(crypto_power_ups=[
SigningPower(pubkey=bob_pubkey),
EncryptingPower(pubkey=bob_pubkey)
],
known_nodes=(self.ursula, ),
federated_only=True,
always_be_learning=True)
# Alice grants a policy for Bob
policy = ALICE.grant(BOB,
label,
m=m,
n=n,
expiration=policy_expiration)
return policy
def test_private_key_serialization_with_encryption(random_ec_curvebn1):
priv_key = random_ec_curvebn1
umbral_key = UmbralPrivateKey(priv_key, default_params())
insecure_cost = 15 # This is deliberately insecure, just to make the tests faster
encoded_key = umbral_key.to_bytes(password=b'test',
_scrypt_cost=insecure_cost)
decoded_key = UmbralPrivateKey.from_bytes(encoded_key,
password=b'test',
_scrypt_cost=insecure_cost)
assert priv_key == decoded_key.bn_key
def _encrypt_umbral_key(wrapping_key: bytes, umbral_key: UmbralPrivateKey) -> dict:
"""
Encrypts a key with nacl's XSalsa20-Poly1305 algorithm (SecretBox).
Returns an encrypted key as bytes with the nonce appended.
"""
nonce = os.urandom(24)
enc_key = SecretBox(wrapping_key).encrypt(umbral_key.to_bytes(), nonce)
crypto_data = {
'nonce': urlsafe_b64encode(nonce).decode(),
'enc_key': urlsafe_b64encode(enc_key).decode()
}
return crypto_data
def test_public_key_to_uncompressed_bytes(random_ec_curvebn1):
umbral_key = UmbralPrivateKey(random_ec_curvebn1, default_params()).get_pubkey()
key_bytes = umbral_key.to_bytes(is_compressed=False)
assert len(key_bytes) == Point.expected_bytes_length(is_compressed=False)
