def test_ecies_combine(self):
eph_priv = self.pre.gen_priv()
eph_pub = self.pre.priv2pub(eph_priv)
plain_key, enc_key = api.ecies_encapsulate(eph_pub)
self.assertNotEqual(plain_key, enc_key)
self.assertEqual(umbral.EncryptedKey, type(enc_key))
self.assertEqual(bytes, type(plain_key))
self.assertEqual(32, len(plain_key))
rk_frags = api.ecies_split_rekey(eph_priv, self.privkey_b, 6, 10)
self.assertEqual(list, type(rk_frags))
self.assertEqual(10, len(rk_frags))
rk_selected = random.sample(rk_frags, 6)
shares = [
api.ecies_reencrypt(rk_frag, enc_key) for rk_frag in rk_selected
]
self.assertEqual(list, type(shares))
self.assertEqual(6, len(shares))
[
self.assertEqual(umbral.EncryptedKey, type(share))
for share in shares
]
e_b = api.ecies_combine(shares)
self.assertEqual(umbral.EncryptedKey, type(e_b))
dec_key = api.ecies_decapsulate(self.privkey_b, e_b)
self.assertEqual(bytes, type(dec_key))
self.assertEqual(32, len(dec_key))
self.assertEqual(plain_key, dec_key)
def test_ecies_gen_ephemeral_key(self):
result_data = _internal._ecies_gen_ephemeral_key(
self.pubkey_a)
self.assertEqual(tuple, type(result_data))
self.assertEqual(2, len(result_data))
eph_privkey, enc_data = result_data
self.assertEqual(bytes, type(eph_privkey))
self.assertEqual(32, len(eph_privkey))
self.assertEqual(tuple, type(enc_data))
self.assertEqual(2, len(enc_data))
enc_symm_key, enc_eph_key = enc_data
self.assertEqual(umbral.EncryptedKey, type(enc_symm_key))
self.assertEqual(EncryptedMessage, type(enc_eph_key))
self.assertNotEqual(eph_privkey, enc_eph_key)
dec_symm_key = api.ecies_decapsulate(self.privkey_a, enc_symm_key)
self.assertEqual(bytes, type(dec_symm_key))
self.assertEqual(32, len(dec_symm_key))
dec_eph_key = api.symm_decrypt(dec_symm_key, enc_eph_key)
self.assertEqual(bytes, type(dec_eph_key))
self.assertEqual(32, len(dec_eph_key))
self.assertEqual(eph_privkey, dec_eph_key)
def test_ecies_decapsulate(self):
# Check from ec.element
key, enc_key = api.ecies_encapsulate(self.pubkey_a)
self.assertNotEqual(key, enc_key)
self.assertEqual(umbral.EncryptedKey, type(enc_key))
self.assertEqual(bytes, type(key))
self.assertEqual(32, len(key))
dec_key = api.ecies_decapsulate(self.privkey_a, enc_key)
self.assertEqual(bytes, type(dec_key))
self.assertEqual(32, len(dec_key))
self.assertEqual(key, dec_key)
# Check from bytes
key, enc_key = api.ecies_encapsulate(self.pubkey_a_bytes)
self.assertNotEqual(key, enc_key)
self.assertEqual(umbral.EncryptedKey, type(enc_key))
self.assertEqual(bytes, type(key))
self.assertEqual(32, len(key))
dec_key = api.ecies_decapsulate(self.privkey_a, enc_key)
self.assertEqual(bytes, type(dec_key))
self.assertEqual(32, len(dec_key))
self.assertEqual(key, dec_key)
def test_ecies_reencrypt(self):
eph_priv = self.pre.gen_priv()
eph_pub = self.pre.priv2pub(eph_priv)
plain_key, enc_key = api.ecies_encapsulate(eph_pub)
self.assertNotEqual(plain_key, enc_key)
self.assertEqual(umbral.EncryptedKey, type(enc_key))
self.assertEqual(bytes, type(plain_key))
self.assertEqual(32, len(plain_key))
rk_eb = api.ecies_rekey(eph_priv, self.privkey_b, to_bytes=False)
self.assertEqual(umbral.RekeyFrag, type(rk_eb))
self.assertEqual(ec.ec_element, type(rk_eb.key))
reenc_key = api.ecies_reencrypt(rk_eb, enc_key)
dec_key = api.ecies_decapsulate(self.privkey_b, reenc_key)
self.assertEqual(plain_key, dec_key)
def _decrypt_key(self,
enc_key: bytes,
enc_symm_key: bytes,
privkey: bytes = None) -> bytes:
"""
Decrypts the encapsulated `enc_key` with the `privkey`, if provided.
If `privkey` is None, then it uses `self.priv_key`.
:param enc_key: ECIES encapsulated key
:param enc_symm_key: Symmetrically encrypted key
:param privkey: Private key to decrypt with (if provided)
:return: Decrypted key
"""
privkey = privkey or self.priv_key
dec_symm_key = API.ecies_decapsulate(privkey)
return API.symm_decrypt(dec_symm_key, enc_symm_key)
def decrypt(self,
enc_data: Tuple[bytes, bytes],
privkey: bytes = None) -> bytes:
"""
Decrypts data using ECIES PKE. If no `privkey` is provided, it uses
`self.priv_key`.
:param enc_data: Tuple: (encrypted data, ECIES encapsulated key)
:param privkey: Private key to decapsulate with
:return: Decrypted data
"""
privkey = privkey or self.priv_key
ciphertext, enc_key = enc_data
enc_key = API.elliptic_curve.deserialize(API.PRE.ecgroup, enc_key)
enc_key = API.umbral.EncryptedKey(ekey=enc_key, re_id=None)
dec_key = API.ecies_decapsulate(privkey, enc_key)
return API.symm_decrypt(dec_key, ciphertext)