def checkEncryptionKeys(result, testTime, roundedTime,
expectedExpressInterestCallCount):
self.assertEqual(expectedExpressInterestCallCount,
expressInterestCallCount[0])
self.assertEqual(True, testDb.hasContentKey(testTime))
contentKey[0] = testDb.getContentKey(testTime)
params = EncryptParams(EncryptAlgorithmType.RsaOaep)
for i in range(len(result)):
key = result[i]
keyName = key.getName()
self.assertEqual(cKeyName, keyName.getSubName(0, 6))
self.assertEqual(keyName.get(6), roundedTime)
self.assertEqual(keyName.get(7), Encryptor.NAME_COMPONENT_FOR)
self.assertEqual(True,
keyName.getSubName(8) in self.decryptionKeys)
decryptionKey = self.decryptionKeys[keyName.getSubName(8)]
self.assertEqual(True, decryptionKey.size() != 0)
encryptedKeyEncoding = key.getContent()
content = EncryptedContent()
content.wireDecode(encryptedKeyEncoding)
encryptedKey = content.getPayload()
retrievedKey = RsaAlgorithm.decrypt(decryptionKey,
encryptedKey, params)
self.assertTrue(contentKey[0].equals(retrievedKey))
self.assertEqual(3, len(result))
def checkEncryptionKeys(
result, testTime, roundedTime, expectedExpressInterestCallCount):
self.assertEqual(expectedExpressInterestCallCount,
expressInterestCallCount[0])
self.assertEqual(True, testDb.hasContentKey(testTime))
contentKey[0] = testDb.getContentKey(testTime)
params = EncryptParams(EncryptAlgorithmType.RsaOaep)
for i in range(len(result)):
key = result[i]
keyName = key.getName()
self.assertEqual(cKeyName, keyName.getSubName(0, 6))
self.assertEqual(keyName.get(6), roundedTime)
self.assertEqual(keyName.get(7), Encryptor.NAME_COMPONENT_FOR)
self.assertEqual(
True, keyName.getSubName(8) in self.decryptionKeys)
decryptionKey = self.decryptionKeys[keyName.getSubName(8)]
self.assertEqual(True, decryptionKey.size() != 0)
encryptedKeyEncoding = key.getContent()
content = EncryptedContent()
content.wireDecode(encryptedKeyEncoding)
encryptedKey = content.getPayload()
retrievedKey = RsaAlgorithm.decrypt(
decryptionKey, encryptedKey, params)
self.assertTrue(contentKey[0].equals(retrievedKey))
self.assertEqual(3, len(result))
def test_content_symmetric_encrypt(self):
for input in encryptorAesTestInputs:
data = Data()
Encryptor.encryptData(
data, input.plainText, input.keyName, input.key, input.encryptParams)
self.assertTrue(data.getName().equals(Name("/FOR").append(input.keyName)),
input.testName)
self.assertTrue(input.encryptedContent.equals(data.getContent()),
input.testName)
content = EncryptedContent()
content.wireDecode(data.getContent())
decryptedOutput = AesAlgorithm.decrypt(
input.key, content.getPayload(), input.encryptParams)
self.assertTrue(input.plainText.equals(decryptedOutput), input.testName)
def test_decrypt_invalid(self):
fixture = DecryptorFixture(Name("/not/authorized"))
encryptedContent = EncryptedContent()
encryptedContent.wireDecodeV2(EncryptStaticData.encryptedBlobs[0])
nSuccesses = [0]
nFailures = [0]
def onSuccess(plainData):
nSuccesses[0] += 1
def onError(errorCode, message):
nFailures[0] += 1
fixture._decryptor.decrypt(encryptedContent, onSuccess, onError)
self.assertEqual(0, nSuccesses[0])
self.assertEqual(1, nFailures[0])
def test_decrypt_invalid(self):
fixture = DecryptorFixture(Name("/not/authorized"))
encryptedContent = EncryptedContent()
encryptedContent.wireDecodeV2(EncryptStaticData.encryptedBlobs[0])
nSuccesses = [0]
nFailures = [0]
def onSuccess(plainData):
nSuccesses[0] += 1
def onError(errorCode, message):
nFailures[0] += 1
fixture._decryptor.decrypt(encryptedContent, onSuccess, onError)
self.assertEqual(0, nSuccesses[0])
self.assertEqual(1, nFailures[0])
def test_decrypt_valid(self):
fixture = DecryptorFixture(Name("/first/user"))
encryptedContent = EncryptedContent()
encryptedContent.wireDecodeV2(EncryptStaticData.encryptedBlobs[0])
nSuccesses = [0]
nFailures = [0]
def onSuccess(plainData):
nSuccesses[0] += 1
self.assertEqual(15, plainData.size())
self.assertTrue(plainData.equals(Blob("Data to encrypt")))
def onError(errorCode, message):
nFailures[0] += 1
fixture._decryptor.decrypt(encryptedContent, onSuccess, onError)
self.assertEqual(1, nSuccesses[0])
self.assertEqual(0, nFailures[0])
def test_decrypt_valid(self):
fixture = DecryptorFixture(Name("/first/user"))
encryptedContent = EncryptedContent()
encryptedContent.wireDecodeV2(EncryptStaticData.encryptedBlobs[0])
nSuccesses = [0]
nFailures = [0]
def onSuccess(plainData):
nSuccesses[0] += 1
self.assertEqual(15, plainData.size())
self.assertTrue(plainData.equals(Blob("Data to encrypt")))
def onError(errorCode, message):
nFailures[0] += 1
fixture._decryptor.decrypt(encryptedContent, onSuccess, onError)
self.assertEqual(1, nSuccesses[0])
self.assertEqual(0, nFailures[0])
def test_content_asymmetric_encrypt_small(self):
for input in encryptorRsaTestInputs:
rawContent = Blob(
bytearray([
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc,
0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x63, 0x6f, 0x6e, 0x74,
0x65, 0x6e, 0x74, 0x73
]), False)
data = Data()
rsaParams = RsaKeyParams(1024)
keyName = Name("test")
decryptKey = RsaAlgorithm.generateKey(rsaParams)
encryptKey = RsaAlgorithm.deriveEncryptKey(decryptKey.getKeyBits())
eKey = encryptKey.getKeyBits()
dKey = decryptKey.getKeyBits()
encryptParams = EncryptParams(input.type)
Encryptor.encryptData(data, rawContent, keyName, eKey,
encryptParams)
self.assertTrue(
data.getName().equals(Name("/FOR").append(keyName)),
input.testName)
extractContent = EncryptedContent()
extractContent.wireDecode(data.getContent())
self.assertTrue(
keyName.equals(extractContent.getKeyLocator().getKeyName()),
input.testName)
self.assertEqual(extractContent.getInitialVector().size(), 0,
input.testName)
self.assertEqual(extractContent.getAlgorithmType(), input.type,
input.testName)
recovered = extractContent.getPayload()
decrypted = RsaAlgorithm.decrypt(dKey, recovered, encryptParams)
self.assertTrue(rawContent.equals(decrypted), input.testName)
def test_content_asymmetric_encrypt_small(self):
for input in encryptorRsaTestInputs:
rawContent = Blob(bytearray([
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73
]), False)
data = Data()
rsaParams = RsaKeyParams(1024)
keyName = Name("test")
decryptKey = RsaAlgorithm.generateKey(rsaParams)
encryptKey = RsaAlgorithm.deriveEncryptKey(decryptKey.getKeyBits())
eKey = encryptKey.getKeyBits()
dKey = decryptKey.getKeyBits()
encryptParams = EncryptParams(input.type)
Encryptor.encryptData(data, rawContent, keyName, eKey, encryptParams)
self.assertTrue(data.getName().equals(Name("/FOR").append(keyName)),
input.testName)
extractContent = EncryptedContent()
extractContent.wireDecode(data.getContent())
self.assertTrue(
keyName.equals(extractContent.getKeyLocator().getKeyName()),
input.testName)
self.assertEqual(
extractContent.getInitialVector().size(), 0, input.testName)
self.assertEqual(
extractContent.getAlgorithmType(), input.type, input.testName)
recovered = extractContent.getPayload()
decrypted = RsaAlgorithm.decrypt(dKey, recovered, encryptParams)
self.assertTrue(rawContent.equals(decrypted), input.testName)
def test_constructor(self):
# Check default settings.
content = EncryptedContent()
self.assertEqual(content.getAlgorithmType(), None)
self.assertTrue(content.getPayload().isNull())
self.assertTrue(content.getInitialVector().isNull())
self.assertEqual(content.getKeyLocator().getType(), None)
# Check an encrypted content with IV.
keyLocator = KeyLocator()
keyLocator.setType(KeyLocatorType.KEYNAME)
keyLocator.getKeyName().set("/test/key/locator")
rsaOaepContent = EncryptedContent()
rsaOaepContent.setAlgorithmType(EncryptAlgorithmType.RsaOaep).setKeyLocator(
keyLocator).setPayload(Blob(message, False)).setInitialVector(Blob(iv, False))
self.assertEqual(rsaOaepContent.getAlgorithmType(), EncryptAlgorithmType.RsaOaep)
self.assertTrue(rsaOaepContent.getPayload().equals(Blob(message, False)))
self.assertTrue(rsaOaepContent.getInitialVector().equals(Blob(iv, False)))
self.assertTrue(rsaOaepContent.getKeyLocator().getType() != None)
self.assertTrue(rsaOaepContent.getKeyLocator().getKeyName().equals(
Name("/test/key/locator")))
# Encoding.
encryptedBlob = Blob(encrypted, False)
encoded = rsaOaepContent.wireEncode()
self.assertTrue(encryptedBlob.equals(encoded))
# Decoding.
rsaOaepContent2 = EncryptedContent()
rsaOaepContent2.wireDecode(encryptedBlob)
self.assertEqual(rsaOaepContent2.getAlgorithmType(), EncryptAlgorithmType.RsaOaep)
self.assertTrue(rsaOaepContent2.getPayload().equals(Blob(message, False)))
self.assertTrue(rsaOaepContent2.getInitialVector().equals(Blob(iv, False)))
self.assertTrue(rsaOaepContent2.getKeyLocator().getType() != None)
self.assertTrue(rsaOaepContent2.getKeyLocator().getKeyName().equals(
Name("/test/key/locator")))
# Check the no IV case.
rsaOaepContentNoIv = EncryptedContent()
rsaOaepContentNoIv.setAlgorithmType(EncryptAlgorithmType.RsaOaep).setKeyLocator(
keyLocator).setPayload(Blob(message, False))
self.assertEqual(rsaOaepContentNoIv.getAlgorithmType(), EncryptAlgorithmType.RsaOaep)
self.assertTrue(rsaOaepContentNoIv.getPayload().equals(Blob(message, False)))
self.assertTrue(rsaOaepContentNoIv.getInitialVector().isNull())
self.assertTrue(rsaOaepContentNoIv.getKeyLocator().getType() != None)
self.assertTrue(rsaOaepContentNoIv.getKeyLocator().getKeyName().equals(
Name("/test/key/locator")))
# Encoding.
encryptedBlob2 = Blob(encryptedNoIv, False)
encodedNoIv = rsaOaepContentNoIv.wireEncode()
self.assertTrue(encryptedBlob2.equals(encodedNoIv))
# Decoding.
rsaOaepContentNoIv2 = EncryptedContent()
rsaOaepContentNoIv2.wireDecode(encryptedBlob2)
self.assertEqual(rsaOaepContentNoIv2.getAlgorithmType(), EncryptAlgorithmType.RsaOaep)
self.assertTrue(rsaOaepContentNoIv2.getPayload().equals(Blob(message, False)))
self.assertTrue(rsaOaepContentNoIv2.getInitialVector().isNull())
self.assertTrue(rsaOaepContentNoIv2.getKeyLocator().getType() != None)
self.assertTrue(rsaOaepContentNoIv2.getKeyLocator().getKeyName().equals(
Name("/test/key/locator")))
def test_get_group_key(self):
# Create the group manager.
manager = GroupManager(
Name("Alice"), Name("data_type"),
Sqlite3GroupManagerDb(self.groupKeyDatabaseFilePath), 1024, 1,
self.keyChain)
self.setManager(manager)
# Get the data list from the group manager.
timePoint1 = Schedule.fromIsoString("20150825T093000")
result = manager.getGroupKey(timePoint1)
self.assertEqual(4, len(result))
# The first data packet contains the group's encryption key (public key).
data = result[0]
self.assertEqual(
"/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000",
data.getName().toUri())
groupEKey = EncryptKey(data.getContent())
# Get the second data packet and decrypt.
data = result[1]
self.assertEqual(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123",
data.getName().toUri())
####################################################### Start decryption.
dataContent = data.getContent()
# Get the nonce key.
# dataContent is a sequence of the two EncryptedContent.
encryptedNonce = EncryptedContent()
encryptedNonce.wireDecode(dataContent)
self.assertEqual(0, encryptedNonce.getInitialVector().size())
self.assertEqual(EncryptAlgorithmType.RsaOaep,
encryptedNonce.getAlgorithmType())
decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
blobNonce = encryptedNonce.getPayload()
nonce = RsaAlgorithm.decrypt(self.decryptKeyBlob, blobNonce,
decryptParams)
# Get the payload.
# Use the size of encryptedNonce to find the start of encryptedPayload.
payloadContent = dataContent.buf()[encryptedNonce.wireEncode().size():]
encryptedPayload = EncryptedContent()
encryptedPayload.wireDecode(payloadContent)
self.assertEqual(16, encryptedPayload.getInitialVector().size())
self.assertEqual(EncryptAlgorithmType.AesCbc,
encryptedPayload.getAlgorithmType())
decryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
decryptParams.setInitialVector(encryptedPayload.getInitialVector())
blobPayload = encryptedPayload.getPayload()
largePayload = AesAlgorithm.decrypt(nonce, blobPayload, decryptParams)
# Get the group D-KEY.
groupDKey = DecryptKey(largePayload)
####################################################### End decryption.
# Check the D-KEY.
derivedGroupEKey = RsaAlgorithm.deriveEncryptKey(
groupDKey.getKeyBits())
self.assertTrue(groupEKey.getKeyBits().equals(
derivedGroupEKey.getKeyBits()))
# Check the third data packet.
data = result[2]
self.assertEqual(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberB/ksk-123",
data.getName().toUri())
# Check the fourth data packet.
data = result[3]
self.assertEqual(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberC/ksk-123",
data.getName().toUri())
# Check invalid time stamps for getting the group key.
timePoint2 = Schedule.fromIsoString("20150826T083000")
self.assertEqual(0, len(manager.getGroupKey(timePoint2)))
timePoint3 = Schedule.fromIsoString("20150827T023000")
self.assertEqual(0, len(manager.getGroupKey(timePoint3)))
def test_create_d_key_data(self):
# Create the group manager.
manager = GroupManager(
Name("Alice"), Name("data_type"),
Sqlite3GroupManagerDb(self.dKeyDatabaseFilePath), 2048, 1,
self.keyChain)
newCertificateBlob = self.certificate.wireEncode()
newCertificate = IdentityCertificate()
newCertificate.wireDecode(newCertificateBlob)
# Encrypt the D-KEY.
data = manager._createDKeyData(
"20150825T000000", "20150827T000000", Name("/ndn/memberA/KEY"),
self.decryptKeyBlob,
newCertificate.getPublicKeyInfo().getKeyDer())
# Verify the encrypted D-KEY.
dataContent = data.getContent()
# Get the nonce key.
# dataContent is a sequence of the two EncryptedContent.
encryptedNonce = EncryptedContent()
encryptedNonce.wireDecode(dataContent)
self.assertEqual(0, encryptedNonce.getInitialVector().size())
self.assertEqual(EncryptAlgorithmType.RsaOaep,
encryptedNonce.getAlgorithmType())
blobNonce = encryptedNonce.getPayload()
decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
nonce = RsaAlgorithm.decrypt(self.decryptKeyBlob, blobNonce,
decryptParams)
# Get the D-KEY.
# Use the size of encryptedNonce to find the start of encryptedPayload.
payloadContent = dataContent.buf()[encryptedNonce.wireEncode().size():]
encryptedPayload = EncryptedContent()
encryptedPayload.wireDecode(payloadContent)
self.assertEqual(16, encryptedPayload.getInitialVector().size())
self.assertEqual(EncryptAlgorithmType.AesCbc,
encryptedPayload.getAlgorithmType())
decryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
decryptParams.setInitialVector(encryptedPayload.getInitialVector())
blobPayload = encryptedPayload.getPayload()
largePayload = AesAlgorithm.decrypt(nonce, blobPayload, decryptParams)
self.assertTrue(largePayload.equals(self.decryptKeyBlob))
def test_content_key_request(self):
prefix = Name("/prefix")
suffix = Name("/a/b/c")
expectedInterest = Name(prefix)
expectedInterest.append(Encryptor.NAME_COMPONENT_READ)
expectedInterest.append(suffix)
expectedInterest.append(Encryptor.NAME_COMPONENT_E_KEY)
cKeyName = Name(prefix)
cKeyName.append(Encryptor.NAME_COMPONENT_SAMPLE)
cKeyName.append(suffix)
cKeyName.append(Encryptor.NAME_COMPONENT_C_KEY)
timeMarker = Name("20150101T100000/20150101T120000")
testTime1 = Schedule.fromIsoString("20150101T100001")
testTime2 = Schedule.fromIsoString("20150101T110001")
testTimeRounded1 = Name.Component("20150101T100000")
testTimeRounded2 = Name.Component("20150101T110000")
testTimeComponent2 = Name.Component("20150101T110001")
# Create content keys required for this test case:
for i in range(suffix.size()):
self.createEncryptionKey(expectedInterest, timeMarker)
expectedInterest = expectedInterest.getPrefix(-2).append(
Encryptor.NAME_COMPONENT_E_KEY)
expressInterestCallCount = [0]
# Prepare a TestFace to instantly answer calls to expressInterest.
class TestFace(object):
def __init__(self, handleExpressInterest):
self.handleExpressInterest = handleExpressInterest
def expressInterest(self, interest, onData, onTimeout,
onNetworkNack):
return self.handleExpressInterest(interest, onData, onTimeout,
onNetworkNack)
def handleExpressInterest(interest, onData, onTimeout, onNetworkNack):
expressInterestCallCount[0] += 1
interestName = Name(interest.getName())
interestName.append(timeMarker)
self.assertTrue(interestName in self.encryptionKeys)
onData(interest, self.encryptionKeys[interestName])
return 0
face = TestFace(handleExpressInterest)
# Verify that the content key is correctly encrypted for each domain, and
# the produce method encrypts the provided data with the same content key.
testDb = Sqlite3ProducerDb(self.databaseFilePath)
producer = Producer(prefix, suffix, face, self.keyChain, testDb)
contentKey = [None] # Blob
def checkEncryptionKeys(result, testTime, roundedTime,
expectedExpressInterestCallCount):
self.assertEqual(expectedExpressInterestCallCount,
expressInterestCallCount[0])
self.assertEqual(True, testDb.hasContentKey(testTime))
contentKey[0] = testDb.getContentKey(testTime)
params = EncryptParams(EncryptAlgorithmType.RsaOaep)
for i in range(len(result)):
key = result[i]
keyName = key.getName()
self.assertEqual(cKeyName, keyName.getSubName(0, 6))
self.assertEqual(keyName.get(6), roundedTime)
self.assertEqual(keyName.get(7), Encryptor.NAME_COMPONENT_FOR)
self.assertEqual(True,
keyName.getSubName(8) in self.decryptionKeys)
decryptionKey = self.decryptionKeys[keyName.getSubName(8)]
self.assertEqual(True, decryptionKey.size() != 0)
encryptedKeyEncoding = key.getContent()
content = EncryptedContent()
content.wireDecode(encryptedKeyEncoding)
encryptedKey = content.getPayload()
retrievedKey = RsaAlgorithm.decrypt(decryptionKey,
encryptedKey, params)
self.assertTrue(contentKey[0].equals(retrievedKey))
self.assertEqual(3, len(result))
# An initial test to confirm that keys are created for this time slot.
contentKeyName1 = producer.createContentKey(
testTime1, lambda keys: checkEncryptionKeys(
keys, testTime1, testTimeRounded1, 3))
# Verify that we do not repeat the search for e-keys. The total
# expressInterestCallCount should be the same.
contentKeyName2 = producer.createContentKey(
testTime2, lambda keys: checkEncryptionKeys(
keys, testTime2, testTimeRounded2, 3))
# Confirm content key names are correct
self.assertEqual(cKeyName, contentKeyName1.getPrefix(-1))
self.assertEqual(testTimeRounded1, contentKeyName1.get(6))
self.assertEqual(cKeyName, contentKeyName2.getPrefix(-1))
self.assertEqual(testTimeRounded2, contentKeyName2.get(6))
# Confirm that produce encrypts with the correct key and has the right name.
testData = Data()
producer.produce(testData, testTime2, Blob(DATA_CONTENT, False))
producedName = testData.getName()
self.assertEqual(cKeyName.getPrefix(-1), producedName.getSubName(0, 5))
self.assertEqual(testTimeComponent2, producedName.get(5))
self.assertEqual(Encryptor.NAME_COMPONENT_FOR, producedName.get(6))
self.assertEqual(cKeyName, producedName.getSubName(7, 6))
self.assertEqual(testTimeRounded2, producedName.get(13))
dataBlob = testData.getContent()
dataContent = EncryptedContent()
dataContent.wireDecode(dataBlob)
encryptedData = dataContent.getPayload()
initialVector = dataContent.getInitialVector()
params = EncryptParams(EncryptAlgorithmType.AesCbc, 16)
params.setInitialVector(initialVector)
decryptTest = AesAlgorithm.decrypt(contentKey[0], encryptedData,
params)
self.assertTrue(decryptTest.equals(Blob(DATA_CONTENT, False)))
def test_content_key_request(self):
prefix = Name("/prefix")
suffix = Name("/a/b/c")
expectedInterest = Name(prefix)
expectedInterest.append(Encryptor.NAME_COMPONENT_READ)
expectedInterest.append(suffix)
expectedInterest.append(Encryptor.NAME_COMPONENT_E_KEY)
cKeyName = Name(prefix)
cKeyName.append(Encryptor.NAME_COMPONENT_SAMPLE)
cKeyName.append(suffix)
cKeyName.append(Encryptor.NAME_COMPONENT_C_KEY)
timeMarker = Name("20150101T100000/20150101T120000")
testTime1 = Schedule.fromIsoString("20150101T100001")
testTime2 = Schedule.fromIsoString("20150101T110001")
testTimeRounded1 = Name.Component("20150101T100000")
testTimeRounded2 = Name.Component("20150101T110000")
# Create content keys required for this test case:
for i in range(suffix.size()):
self.createEncryptionKey(expectedInterest, timeMarker)
expectedInterest = expectedInterest.getPrefix(-2).append(
Encryptor.NAME_COMPONENT_E_KEY)
expressInterestCallCount = [0]
# Prepare a TestFace to instantly answer calls to expressInterest.
class TestFace(object):
def __init__(self, handleExpressInterest):
self.handleExpressInterest = handleExpressInterest
def expressInterest(self, interest, onData, onTimeout):
return self.handleExpressInterest(interest, onData, onTimeout)
def handleExpressInterest(interest, onData, onTimeout):
expressInterestCallCount[0] += 1
interestName = Name(interest.getName())
interestName.append(timeMarker)
self.assertTrue(interestName in self.encryptionKeys)
onData(interest, self.encryptionKeys[interestName])
return 0
face = TestFace(handleExpressInterest)
# Verify that the content key is correctly encrypted for each domain, and
# the produce method encrypts the provided data with the same content key.
testDb = Sqlite3ProducerDb(self.databaseFilePath)
producer = Producer(prefix, suffix, face, self.keyChain, testDb)
contentKey = [None] # Blob
def checkEncryptionKeys(
result, testTime, roundedTime, expectedExpressInterestCallCount):
self.assertEqual(expectedExpressInterestCallCount,
expressInterestCallCount[0])
self.assertEqual(True, testDb.hasContentKey(testTime))
contentKey[0] = testDb.getContentKey(testTime)
params = EncryptParams(EncryptAlgorithmType.RsaOaep)
for i in range(len(result)):
key = result[i]
keyName = key.getName()
self.assertEqual(cKeyName, keyName.getSubName(0, 6))
self.assertEqual(keyName.get(6), roundedTime)
self.assertEqual(keyName.get(7), Encryptor.NAME_COMPONENT_FOR)
self.assertEqual(
True, keyName.getSubName(8) in self.decryptionKeys)
decryptionKey = self.decryptionKeys[keyName.getSubName(8)]
self.assertEqual(True, decryptionKey.size() != 0)
encryptedKeyEncoding = key.getContent()
content = EncryptedContent()
content.wireDecode(encryptedKeyEncoding)
encryptedKey = content.getPayload()
retrievedKey = RsaAlgorithm.decrypt(
decryptionKey, encryptedKey, params)
self.assertTrue(contentKey[0].equals(retrievedKey))
self.assertEqual(3, len(result))
# An initial test to confirm that keys are created for this time slot.
contentKeyName1 = producer.createContentKey(
testTime1,
lambda keys: checkEncryptionKeys(keys, testTime1, testTimeRounded1, 3))
# Verify that we do not repeat the search for e-keys. The total
# expressInterestCallCount should be the same.
contentKeyName2 = producer.createContentKey(
testTime2,
lambda keys: checkEncryptionKeys(keys, testTime2, testTimeRounded2, 3))
# Confirm content key names are correct
self.assertEqual(cKeyName, contentKeyName1.getPrefix(-1))
self.assertEqual(testTimeRounded1, contentKeyName1.get(6))
self.assertEqual(cKeyName, contentKeyName2.getPrefix(-1))
self.assertEqual(testTimeRounded2, contentKeyName2.get(6))
# Confirm that produce encrypts with the correct key and has the right name.
testData = Data()
producer.produce(testData, testTime2, Blob(DATA_CONTENT, False))
producedName = testData.getName()
self.assertEqual(cKeyName.getPrefix(-1), producedName.getSubName(0, 5))
self.assertEqual(testTimeRounded2, producedName.get(5))
self.assertEqual(Encryptor.NAME_COMPONENT_FOR, producedName.get(6))
self.assertEqual(cKeyName, producedName.getSubName(7, 6))
self.assertEqual(testTimeRounded2, producedName.get(13))
dataBlob = testData.getContent()
dataContent = EncryptedContent()
dataContent.wireDecode(dataBlob)
encryptedData = dataContent.getPayload()
initialVector = dataContent.getInitialVector()
params = EncryptParams(EncryptAlgorithmType.AesCbc, 16)
params.setInitialVector(initialVector)
decryptTest = AesAlgorithm.decrypt(contentKey[0], encryptedData, params)
self.assertTrue(decryptTest.equals(Blob(DATA_CONTENT, False)))
def test_setter_getter(self):
content = EncryptedContent()
self.assertEqual(content.getAlgorithmType(), None)
self.assertTrue(content.getPayload().isNull())
self.assertTrue(content.getInitialVector().isNull())
self.assertEqual(content.getKeyLocator().getType(), None)
content.setAlgorithmType(EncryptAlgorithmType.RsaOaep)
self.assertEqual(content.getAlgorithmType(),
EncryptAlgorithmType.RsaOaep)
self.assertTrue(content.getPayload().isNull())
self.assertTrue(content.getInitialVector().isNull())
self.assertEqual(content.getKeyLocator().getType(), None)
keyLocator = KeyLocator()
keyLocator.setType(KeyLocatorType.KEYNAME)
keyLocator.getKeyName().set("/test/key/locator")
content.setKeyLocator(keyLocator)
self.assertTrue(content.getKeyLocator().getType() != None)
self.assertTrue(content.getKeyLocator().getKeyName().equals(
Name("/test/key/locator")))
self.assertTrue(content.getPayload().isNull())
self.assertTrue(content.getInitialVector().isNull())
content.setPayload(Blob(message, False))
self.assertTrue(content.getPayload().equals(Blob(message, False)))
content.setInitialVector(Blob(iv, False))
self.assertTrue(content.getInitialVector().equals(Blob(iv, False)))
encoded = content.wireEncode()
contentBlob = Blob(encrypted, False)
self.assertTrue(contentBlob.equals(encoded))
def test_decoding_error(self):
encryptedContent = EncryptedContent()
errorBlob1 = Blob(
bytearray([
0x1f,
0x30, # Wrong EncryptedContent (0x82, 0x24)
0x1c,
0x16, # KeyLocator
0x07,
0x14, # Name
0x08,
0x04,
0x74,
0x65,
0x73,
0x74,
0x08,
0x03,
0x6b,
0x65,
0x79,
0x08,
0x07,
0x6c,
0x6f,
0x63,
0x61,
0x74,
0x6f,
0x72,
0x83,
0x01, # EncryptedAlgorithm
0x00,
0x85,
0x0a, # InitialVector
0x72,
0x61,
0x6e,
0x64,
0x6f,
0x6d,
0x62,
0x69,
0x74,
0x73,
0x84,
0x07, # EncryptedPayload
0x63,
0x6f,
0x6e,
0x74,
0x65,
0x6e,
0x74
]),
False)
self.assertRaises(ValueError,
lambda: encryptedContent.wireDecode(errorBlob1))
errorBlob2 = Blob(
bytearray([
0x82,
0x30, # EncryptedContent
0x1d,
0x16, # Wrong KeyLocator (0x1c, 0x16)
0x07,
0x14, # Name
0x08,
0x04,
0x74,
0x65,
0x73,
0x74,
0x08,
0x03,
0x6b,
0x65,
0x79,
0x08,
0x07,
0x6c,
0x6f,
0x63,
0x61,
0x74,
0x6f,
0x72,
0x83,
0x01, # EncryptedAlgorithm
0x00,
0x85,
0x0a, # InitialVector
0x72,
0x61,
0x6e,
0x64,
0x6f,
0x6d,
0x62,
0x69,
0x74,
0x73,
0x84,
0x07, # EncryptedPayload
0x63,
0x6f,
0x6e,
0x74,
0x65,
0x6e,
0x74
]),
False)
self.assertRaises(ValueError,
lambda: encryptedContent.wireDecode(errorBlob2))
errorBlob3 = Blob(
bytearray([
0x82,
0x30, # EncryptedContent
0x1c,
0x16, # KeyLocator
0x07,
0x14, # Name
0x08,
0x04,
0x74,
0x65,
0x73,
0x74,
0x08,
0x03,
0x6b,
0x65,
0x79,
0x08,
0x07,
0x6c,
0x6f,
0x63,
0x61,
0x74,
0x6f,
0x72,
0x1d,
0x01, # Wrong EncryptedAlgorithm (0x83, 0x01)
0x00,
0x85,
0x0a, # InitialVector
0x72,
0x61,
0x6e,
0x64,
0x6f,
0x6d,
0x62,
0x69,
0x74,
0x73,
0x84,
0x07, # EncryptedPayload
0x63,
0x6f,
0x6e,
0x74,
0x65,
0x6e,
0x74
]),
False)
self.assertRaises(ValueError,
lambda: encryptedContent.wireDecode(errorBlob3))
errorBlob4 = Blob(
bytearray([
0x82,
0x30, # EncryptedContent
0x1c,
0x16, # KeyLocator
0x07,
0x14, # Name
0x08,
0x04,
0x74,
0x65,
0x73,
0x74, # 'test'
0x08,
0x03,
0x6b,
0x65,
0x79, # 'key'
0x08,
0x07,
0x6c,
0x6f,
0x63,
0x61,
0x74,
0x6f,
0x72, # 'locator'
0x83,
0x01, # EncryptedAlgorithm
0x00,
0x1f,
0x0a, # InitialVector (0x84, 0x0a)
0x72,
0x61,
0x6e,
0x64,
0x6f,
0x6d,
0x62,
0x69,
0x74,
0x73,
0x84,
0x07, # EncryptedPayload
0x63,
0x6f,
0x6e,
0x74,
0x65,
0x6e,
0x74
]),
False)
self.assertRaises(ValueError,
lambda: encryptedContent.wireDecode(errorBlob4))
errorBlob5 = Blob(
bytearray([
0x82,
0x30, # EncryptedContent
0x1c,
0x16, # KeyLocator
0x07,
0x14, # Name
0x08,
0x04,
0x74,
0x65,
0x73,
0x74, # 'test'
0x08,
0x03,
0x6b,
0x65,
0x79, # 'key'
0x08,
0x07,
0x6c,
0x6f,
0x63,
0x61,
0x74,
0x6f,
0x72, # 'locator'
0x83,
0x01, # EncryptedAlgorithm
0x00,
0x85,
0x0a, # InitialVector
0x72,
0x61,
0x6e,
0x64,
0x6f,
0x6d,
0x62,
0x69,
0x74,
0x73,
0x21,
0x07, # EncryptedPayload (0x85, 0x07)
0x63,
0x6f,
0x6e,
0x74,
0x65,
0x6e,
0x74
]),
False)
self.assertRaises(ValueError,
lambda: encryptedContent.wireDecode(errorBlob5))
errorBlob6 = Blob(
bytearray([
0x82,
0x00 # Empty EncryptedContent
]),
False)
self.assertRaises(ValueError,
lambda: encryptedContent.wireDecode(errorBlob6))
def test_create_d_key_data(self):
# Create the group manager.
manager = GroupManager(
Name("Alice"), Name("data_type"),
Sqlite3GroupManagerDb(self.dKeyDatabaseFilePath), 2048, 1,
self.keyChain)
newCertificateBlob = self.certificate.wireEncode()
newCertificate = IdentityCertificate()
newCertificate.wireDecode(newCertificateBlob)
# Encrypt the D-KEY.
data = manager._createDKeyData(
"20150825T000000", "20150827T000000", Name("/ndn/memberA/KEY"),
self.decryptKeyBlob, newCertificate.getPublicKeyInfo().getKeyDer())
# Verify the encrypted D-KEY.
dataContent = data.getContent()
# Get the nonce key.
# dataContent is a sequence of the two EncryptedContent.
encryptedNonce = EncryptedContent()
encryptedNonce.wireDecode(dataContent)
self.assertEqual(0, encryptedNonce.getInitialVector().size())
self.assertEqual(EncryptAlgorithmType.RsaOaep, encryptedNonce.getAlgorithmType())
blobNonce = encryptedNonce.getPayload()
decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
nonce = RsaAlgorithm.decrypt(self.decryptKeyBlob, blobNonce, decryptParams)
# Get the D-KEY.
# Use the size of encryptedNonce to find the start of encryptedPayload.
payloadContent = dataContent.buf()[encryptedNonce.wireEncode().size():]
encryptedPayload = EncryptedContent()
encryptedPayload.wireDecode(payloadContent)
self.assertEqual(16, encryptedPayload.getInitialVector().size())
self.assertEqual(EncryptAlgorithmType.AesCbc, encryptedPayload.getAlgorithmType())
decryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
decryptParams.setInitialVector(encryptedPayload.getInitialVector())
blobPayload = encryptedPayload.getPayload()
largePayload = AesAlgorithm.decrypt(nonce, blobPayload, decryptParams)
self.assertTrue(largePayload.equals(self.decryptKeyBlob))
def test_setter_getter(self):
content = EncryptedContent()
self.assertEqual(content.getAlgorithmType(), None)
self.assertTrue(content.getPayload().isNull())
self.assertTrue(content.getInitialVector().isNull())
self.assertEqual(content.getKeyLocator().getType(), None)
content.setAlgorithmType(EncryptAlgorithmType.RsaOaep)
self.assertEqual(content.getAlgorithmType(), EncryptAlgorithmType.RsaOaep)
self.assertTrue(content.getPayload().isNull())
self.assertTrue(content.getInitialVector().isNull())
self.assertEqual(content.getKeyLocator().getType(), None)
keyLocator = KeyLocator()
keyLocator.setType(KeyLocatorType.KEYNAME)
keyLocator.getKeyName().set("/test/key/locator")
content.setKeyLocator(keyLocator)
self.assertTrue(content.getKeyLocator().getType() != None)
self.assertTrue(content.getKeyLocator().getKeyName().equals(
Name("/test/key/locator")))
self.assertTrue(content.getPayload().isNull())
self.assertTrue(content.getInitialVector().isNull())
content.setPayload(Blob(message, False))
self.assertTrue(content.getPayload().equals(Blob(message, False)))
content.setInitialVector(Blob(iv, False))
self.assertTrue(content.getInitialVector().equals(Blob(iv, False)))
encoded = content.wireEncode()
contentBlob = Blob(encrypted, False)
self.assertTrue(contentBlob.equals(encoded))
def test_decoding_error(self):
encryptedContent = EncryptedContent()
errorBlob1 = Blob(bytearray([
0x1f, 0x30, # Wrong EncryptedContent (0x82, 0x24)
0x1c, 0x16, # KeyLocator
0x07, 0x14, # Name
0x08, 0x04,
0x74, 0x65, 0x73, 0x74,
0x08, 0x03,
0x6b, 0x65, 0x79,
0x08, 0x07,
0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72,
0x83, 0x01, # EncryptedAlgorithm
0x00,
0x85, 0x0a, # InitialVector
0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x62, 0x69, 0x74, 0x73,
0x84, 0x07, # EncryptedPayload
0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74
]), False)
self.assertRaises(ValueError,
lambda: encryptedContent.wireDecode(errorBlob1))
errorBlob2 = Blob(bytearray([
0x82, 0x30, # EncryptedContent
0x1d, 0x16, # Wrong KeyLocator (0x1c, 0x16)
0x07, 0x14, # Name
0x08, 0x04,
0x74, 0x65, 0x73, 0x74,
0x08, 0x03,
0x6b, 0x65, 0x79,
0x08, 0x07,
0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72,
0x83, 0x01, # EncryptedAlgorithm
0x00,
0x85, 0x0a, # InitialVector
0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x62, 0x69, 0x74, 0x73,
0x84, 0x07, # EncryptedPayload
0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74
]), False)
self.assertRaises(ValueError,
lambda: encryptedContent.wireDecode(errorBlob2))
errorBlob3 = Blob(bytearray([
0x82, 0x30, # EncryptedContent
0x1c, 0x16, # KeyLocator
0x07, 0x14, # Name
0x08, 0x04,
0x74, 0x65, 0x73, 0x74,
0x08, 0x03,
0x6b, 0x65, 0x79,
0x08, 0x07,
0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72,
0x1d, 0x01, # Wrong EncryptedAlgorithm (0x83, 0x01)
0x00,
0x85, 0x0a, # InitialVector
0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x62, 0x69, 0x74, 0x73,
0x84, 0x07, # EncryptedPayload
0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74
]), False)
self.assertRaises(ValueError,
lambda: encryptedContent.wireDecode(errorBlob3))
errorBlob4 = Blob(bytearray([
0x82, 0x30, # EncryptedContent
0x1c, 0x16, # KeyLocator
0x07, 0x14, # Name
0x08, 0x04,
0x74, 0x65, 0x73, 0x74, # 'test'
0x08, 0x03,
0x6b, 0x65, 0x79, # 'key'
0x08, 0x07,
0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, # 'locator'
0x83, 0x01, # EncryptedAlgorithm
0x00,
0x1f, 0x0a, # InitialVector (0x84, 0x0a)
0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x62, 0x69, 0x74, 0x73,
0x84, 0x07, # EncryptedPayload
0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74
]), False)
self.assertRaises(ValueError,
lambda: encryptedContent.wireDecode(errorBlob4))
errorBlob5 = Blob(bytearray([
0x82, 0x30, # EncryptedContent
0x1c, 0x16, # KeyLocator
0x07, 0x14, # Name
0x08, 0x04,
0x74, 0x65, 0x73, 0x74, # 'test'
0x08, 0x03,
0x6b, 0x65, 0x79, # 'key'
0x08, 0x07,
0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, # 'locator'
0x83, 0x01, # EncryptedAlgorithm
0x00,
0x85, 0x0a, # InitialVector
0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x62, 0x69, 0x74, 0x73,
0x21, 0x07, # EncryptedPayload (0x85, 0x07)
0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74
]), False)
self.assertRaises(ValueError,
lambda: encryptedContent.wireDecode(errorBlob5))
errorBlob6 = Blob(bytearray([
0x82, 0x00 # Empty EncryptedContent
]), False)
self.assertRaises(ValueError,
lambda: encryptedContent.wireDecode(errorBlob6))
def test_get_group_key(self):
# Create the group manager.
manager = GroupManager(
Name("Alice"), Name("data_type"),
Sqlite3GroupManagerDb(self.groupKeyDatabaseFilePath), 1024, 1,
self.keyChain)
self.setManager(manager)
# Get the data list from the group manager.
timePoint1 = Schedule.fromIsoString("20150825T093000")
result = manager.getGroupKey(timePoint1)
self.assertEqual(4, len(result))
# The first data packet contains the group's encryption key (public key).
data = result[0]
self.assertEqual(
"/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000",
data.getName().toUri())
groupEKey = EncryptKey(data.getContent())
# Get the second data packet and decrypt.
data = result[1]
self.assertEqual(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123",
data.getName().toUri())
####################################################### Start decryption.
dataContent = data.getContent()
# Get the nonce key.
# dataContent is a sequence of the two EncryptedContent.
encryptedNonce = EncryptedContent()
encryptedNonce.wireDecode(dataContent)
self.assertEqual(0, encryptedNonce.getInitialVector().size())
self.assertEqual(EncryptAlgorithmType.RsaOaep, encryptedNonce.getAlgorithmType())
decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
blobNonce = encryptedNonce.getPayload()
nonce = RsaAlgorithm.decrypt(self.decryptKeyBlob, blobNonce, decryptParams)
# Get the payload.
# Use the size of encryptedNonce to find the start of encryptedPayload.
payloadContent = dataContent.buf()[encryptedNonce.wireEncode().size():]
encryptedPayload = EncryptedContent()
encryptedPayload.wireDecode(payloadContent)
self.assertEqual(16, encryptedPayload.getInitialVector().size())
self.assertEqual(EncryptAlgorithmType.AesCbc, encryptedPayload.getAlgorithmType())
decryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
decryptParams.setInitialVector(encryptedPayload.getInitialVector())
blobPayload = encryptedPayload.getPayload()
largePayload = AesAlgorithm.decrypt(nonce, blobPayload, decryptParams)
# Get the group D-KEY.
groupDKey = DecryptKey(largePayload)
####################################################### End decryption.
# Check the D-KEY.
derivedGroupEKey = RsaAlgorithm.deriveEncryptKey(groupDKey.getKeyBits())
self.assertTrue(groupEKey.getKeyBits().equals(derivedGroupEKey.getKeyBits()))
# Check the third data packet.
data = result[2]
self.assertEqual(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberB/ksk-123",
data.getName().toUri())
# Check the fourth data packet.
data = result[3]
self.assertEqual(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberC/ksk-123",
data.getName().toUri())
# Check invalid time stamps for getting the group key.
timePoint2 = Schedule.fromIsoString("20150826T083000")
self.assertEqual(0, len(manager.getGroupKey(timePoint2)))
timePoint3 = Schedule.fromIsoString("20150827T023000")
self.assertEqual(0, len(manager.getGroupKey(timePoint3)))
def test_content_asymmetric_encrypt_large(self):
for input in encryptorRsaTestInputs:
largeContent = Blob(bytearray([
0x73, 0x5a, 0xbd, 0x47, 0x0c, 0xfe, 0xf8, 0x7d,
0x2e, 0x17, 0xaa, 0x11, 0x6f, 0x23, 0xc5, 0x10,
0x23, 0x36, 0x88, 0xc4, 0x2a, 0x0f, 0x9a, 0x72,
0x54, 0x31, 0xa8, 0xb3, 0x51, 0x18, 0x9f, 0x0e,
0x1b, 0x93, 0x62, 0xd9, 0xc4, 0xf5, 0xf4, 0x3d,
0x61, 0x9a, 0xca, 0x05, 0x65, 0x6b, 0xc6, 0x41,
0xf9, 0xd5, 0x1c, 0x67, 0xc1, 0xd0, 0xd5, 0x6f,
0x7b, 0x70, 0xb8, 0x8f, 0xdb, 0x19, 0x68, 0x7c,
0xe0, 0x2d, 0x04, 0x49, 0xa9, 0xa2, 0x77, 0x4e,
0xfc, 0x60, 0x0d, 0x7c, 0x1b, 0x93, 0x6c, 0xd2,
0x61, 0xc4, 0x6b, 0x01, 0xe9, 0x12, 0x28, 0x6d,
0xf5, 0x78, 0xe9, 0x99, 0x0b, 0x9c, 0x4f, 0x90,
0x34, 0x3e, 0x06, 0x92, 0x57, 0xe3, 0x7a, 0x8f,
0x13, 0xc7, 0xf3, 0xfe, 0xf0, 0xe2, 0x59, 0x48,
0x15, 0xb9, 0xdb, 0x77, 0x07, 0x1d, 0x6d, 0xb5,
0x65, 0x17, 0xdf, 0x76, 0x6f, 0xb5, 0x43, 0xde,
0x71, 0xac, 0xf1, 0x22, 0xbf, 0xb2, 0xe5, 0xd9,
0x22, 0xf1, 0x67, 0x76, 0x71, 0x0c, 0xff, 0x99,
0x7b, 0x94, 0x9b, 0x24, 0x20, 0x80, 0xe3, 0xcc,
0x06, 0x4a, 0xed, 0xdf, 0xec, 0x50, 0xd5, 0x87,
0x3d, 0xa0, 0x7d, 0x9c, 0xe5, 0x13, 0x10, 0x98,
0x14, 0xc3, 0x90, 0x10, 0xd9, 0x25, 0x9a, 0x59,
0xe9, 0x37, 0x26, 0xfd, 0x87, 0xd7, 0xf4, 0xf9,
0x11, 0x91, 0xad, 0x5c, 0x00, 0x95, 0xf5, 0x2b,
0x37, 0xf7, 0x4e, 0xb4, 0x4b, 0x42, 0x7c, 0xb3,
0xad, 0xd6, 0x33, 0x5f, 0x0b, 0x84, 0x57, 0x7f,
0xa7, 0x07, 0x73, 0x37, 0x4b, 0xab, 0x2e, 0xfb,
0xfe, 0x1e, 0xcb, 0xb6, 0x4a, 0xc1, 0x21, 0x5f,
0xec, 0x92, 0xb7, 0xac, 0x97, 0x75, 0x20, 0xc9,
0xd8, 0x9e, 0x93, 0xd5, 0x12, 0x7a, 0x64, 0xb9,
0x4c, 0xed, 0x49, 0x87, 0x44, 0x5b, 0x4f, 0x90,
0x34, 0x3e, 0x06, 0x92, 0x57, 0xe3, 0x7a, 0x8f,
0x13, 0xc7, 0xf3, 0xfe, 0xf0, 0xe2, 0x59, 0x48,
0x15, 0xb9, 0xdb, 0x77, 0x07, 0x1d, 0x6d, 0xb5,
0x65, 0x17, 0xdf, 0x76, 0x6f, 0xb5, 0x43, 0xde,
0x71, 0xac, 0xf1, 0x22, 0xbf, 0xb2, 0xe5, 0xd9
]), False)
data = Data()
rsaParams = RsaKeyParams(1024)
keyName = Name("test")
decryptKey = RsaAlgorithm.generateKey(rsaParams)
encryptKey = RsaAlgorithm.deriveEncryptKey(decryptKey.getKeyBits())
eKey = encryptKey.getKeyBits()
dKey = decryptKey.getKeyBits()
encryptParams = EncryptParams(input.type)
Encryptor.encryptData(data, largeContent, keyName, eKey, encryptParams)
self.assertTrue(data.getName().equals(Name("/FOR").append(keyName)),
input.testName)
largeDataContent = data.getContent()
# largeDataContent is a sequence of the two EncryptedContent.
encryptedNonce = EncryptedContent()
encryptedNonce.wireDecode(largeDataContent)
self.assertTrue(keyName.equals(encryptedNonce.getKeyLocator().getKeyName()),
input.testName)
self.assertEqual(encryptedNonce.getInitialVector().size(), 0,
input.testName)
self.assertEqual(encryptedNonce.getAlgorithmType(), input.type,
input.testName)
# Use the size of encryptedNonce to find the start of encryptedPayload.
payloadContent = largeDataContent.buf()[encryptedNonce.wireEncode().size():]
encryptedPayload = EncryptedContent()
encryptedPayload.wireDecode(payloadContent)
nonceKeyName = Name(keyName)
nonceKeyName.append("nonce")
self.assertTrue(nonceKeyName.equals(encryptedPayload.getKeyLocator().getKeyName()),
input.testName)
self.assertEqual(encryptedPayload.getInitialVector().size(), 16,
input.testName)
self.assertEqual(encryptedPayload.getAlgorithmType(), EncryptAlgorithmType.AesCbc,
input.testName)
self.assertEqual(
largeDataContent.size(),
encryptedNonce.wireEncode().size() + encryptedPayload.wireEncode().size(),
input.testName)
blobNonce = encryptedNonce.getPayload()
nonce = RsaAlgorithm.decrypt(dKey, blobNonce, encryptParams)
encryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc)
encryptParams.setInitialVector(encryptedPayload.getInitialVector())
bufferPayload = encryptedPayload.getPayload()
largePayload = AesAlgorithm.decrypt(nonce, bufferPayload, encryptParams)
self.assertTrue(largeContent.equals(largePayload), input.testName)
def test_constructor(self):
# Check default settings.
content = EncryptedContent()
self.assertEqual(content.getAlgorithmType(), None)
self.assertTrue(content.getPayload().isNull())
self.assertTrue(content.getInitialVector().isNull())
self.assertEqual(content.getKeyLocator().getType(), None)
# Check an encrypted content with IV.
keyLocator = KeyLocator()
keyLocator.setType(KeyLocatorType.KEYNAME)
keyLocator.getKeyName().set("/test/key/locator")
rsaOaepContent = EncryptedContent()
rsaOaepContent.setAlgorithmType(
EncryptAlgorithmType.RsaOaep).setKeyLocator(keyLocator).setPayload(
Blob(message, False)).setInitialVector(Blob(iv, False))
self.assertEqual(rsaOaepContent.getAlgorithmType(),
EncryptAlgorithmType.RsaOaep)
self.assertTrue(rsaOaepContent.getPayload().equals(Blob(
message, False)))
self.assertTrue(rsaOaepContent.getInitialVector().equals(
Blob(iv, False)))
self.assertTrue(rsaOaepContent.getKeyLocator().getType() != None)
self.assertTrue(rsaOaepContent.getKeyLocator().getKeyName().equals(
Name("/test/key/locator")))
# Encoding.
encryptedBlob = Blob(encrypted, False)
encoded = rsaOaepContent.wireEncode()
self.assertTrue(encryptedBlob.equals(encoded))
# Decoding.
rsaOaepContent2 = EncryptedContent()
rsaOaepContent2.wireDecode(encryptedBlob)
self.assertEqual(rsaOaepContent2.getAlgorithmType(),
EncryptAlgorithmType.RsaOaep)
self.assertTrue(rsaOaepContent2.getPayload().equals(
Blob(message, False)))
self.assertTrue(rsaOaepContent2.getInitialVector().equals(
Blob(iv, False)))
self.assertTrue(rsaOaepContent2.getKeyLocator().getType() != None)
self.assertTrue(rsaOaepContent2.getKeyLocator().getKeyName().equals(
Name("/test/key/locator")))
# Check the no IV case.
rsaOaepContentNoIv = EncryptedContent()
rsaOaepContentNoIv.setAlgorithmType(
EncryptAlgorithmType.RsaOaep).setKeyLocator(keyLocator).setPayload(
Blob(message, False))
self.assertEqual(rsaOaepContentNoIv.getAlgorithmType(),
EncryptAlgorithmType.RsaOaep)
self.assertTrue(rsaOaepContentNoIv.getPayload().equals(
Blob(message, False)))
self.assertTrue(rsaOaepContentNoIv.getInitialVector().isNull())
self.assertTrue(rsaOaepContentNoIv.getKeyLocator().getType() != None)
self.assertTrue(rsaOaepContentNoIv.getKeyLocator().getKeyName().equals(
Name("/test/key/locator")))
# Encoding.
encryptedBlob2 = Blob(encryptedNoIv, False)
encodedNoIv = rsaOaepContentNoIv.wireEncode()
self.assertTrue(encryptedBlob2.equals(encodedNoIv))
# Decoding.
rsaOaepContentNoIv2 = EncryptedContent()
rsaOaepContentNoIv2.wireDecode(encryptedBlob2)
self.assertEqual(rsaOaepContentNoIv2.getAlgorithmType(),
EncryptAlgorithmType.RsaOaep)
self.assertTrue(rsaOaepContentNoIv2.getPayload().equals(
Blob(message, False)))
self.assertTrue(rsaOaepContentNoIv2.getInitialVector().isNull())
self.assertTrue(rsaOaepContentNoIv2.getKeyLocator().getType() != None)
self.assertTrue(
rsaOaepContentNoIv2.getKeyLocator().getKeyName().equals(
Name("/test/key/locator")))
