def test_calculate_interval(self): # Create the group manager. manager = GroupManager( Name("Alice"), Name("data_type"), Sqlite3GroupManagerDb(self.intervalDatabaseFilePath), 1024, 1, self.keyChain) self.setManager(manager) memberKeys = {} timePoint1 = Schedule.fromIsoString("20150825T093000") result = manager._calculateInterval(timePoint1, memberKeys) self.assertEqual("20150825T090000", Schedule.toIsoString(result.getStartTime())) self.assertEqual("20150825T100000", Schedule.toIsoString(result.getEndTime())) timePoint2 = Schedule.fromIsoString("20150827T073000") result = manager._calculateInterval(timePoint2, memberKeys) self.assertEqual("20150827T070000", Schedule.toIsoString(result.getStartTime())) self.assertEqual("20150827T080000", Schedule.toIsoString(result.getEndTime())) timePoint3 = Schedule.fromIsoString("20150827T043000") result = manager._calculateInterval(timePoint3, memberKeys) self.assertEqual(False, result.isValid()) timePoint4 = Schedule.fromIsoString("20150827T053000") result = manager._calculateInterval(timePoint4, memberKeys) self.assertEqual("20150827T050000", Schedule.toIsoString(result.getStartTime())) self.assertEqual("20150827T060000", Schedule.toIsoString(result.getEndTime()))
def __init__(self, face, groupManagerName, dataType, dKeyDatabaseFilePath): # Set up face self.face = face #self.loop = eventLoop # Set up the keyChain. identityStorage = MemoryIdentityStorage() privateKeyStorage = MemoryPrivateKeyStorage() self.keyChain = KeyChain( IdentityManager(identityStorage, privateKeyStorage), NoVerifyPolicyManager()) self.certificateName = self.keyChain.createIdentityAndCertificate( groupManagerName) self.dKeyDatabaseFilePath = dKeyDatabaseFilePath self.manager = GroupManager( groupManagerName, dataType, Sqlite3GroupManagerDb(self.dKeyDatabaseFilePath), 2048, 1, self.keyChain) self.memoryContentCache = MemoryContentCache(self.face) self.memoryContentCache.registerPrefix(groupManagerName, self.onRegisterFailed, self.onDataNotFound) self.needToPublishGroupKeys = False return
def test_get_group_key_without_regeneration(self): # Create the group manager. manager = GroupManager( Name("Alice"), Name("data_type"), Sqlite3GroupManagerDb(self.groupKeyDatabaseFilePath), 1024, 1, self.keyChain) self.setManager(manager) # Get the data list from the group manager. timePoint1 = Schedule.fromIsoString("20150825T093000") result = manager.getGroupKey(timePoint1) self.assertEqual(4, len(result)) # The first data packet contains the group's encryption key (public key). data1 = result[0] self.assertEqual( "/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000", data1.getName().toUri()) groupEKey1 = EncryptKey(data1.getContent()) # Get the second data packet and decrypt. data = result[1] self.assertEqual( "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123", data.getName().toUri()) # Add new members to the database. dataBlob = self.certificate.wireEncode() memberD = Data() memberD.wireDecode(dataBlob) memberD.setName(Name("/ndn/memberD/KEY/ksk-123/ID-CERT/123")) manager.addMember("schedule1", memberD) result2 = manager.getGroupKey(timePoint1, False) self.assertEqual(5, len(result2)) # Check that the new EKey is the same as the previous one. data2 = result2[0] self.assertEqual( "/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000", data2.getName().toUri()) groupEKey2 = EncryptKey(data2.getContent()) self.assertTrue(groupEKey1.getKeyBits().equals(groupEKey2.getKeyBits())); # Check the second data packet. data2 = result2[1] self.assertEqual( "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123", data2.getName().toUri())
def test_create_e_key_data(self): # Create the group manager. manager = GroupManager( Name("Alice"), Name("data_type"), Sqlite3GroupManagerDb(self.eKeyDatabaseFilePath), 1024, 1, self.keyChain) self.setManager(manager) data = manager._createEKeyData( "20150825T090000", "20150825T110000", self.encryptKeyBlob) self.assertEqual("/Alice/READ/data_type/E-KEY/20150825T090000/20150825T110000", data.getName().toUri()) contentBlob = data.getContent() self.assertTrue(self.encryptKeyBlob.equals(contentBlob))
def test_create_d_key_data(self): # Create the group manager. manager = GroupManager( Name("Alice"), Name("data_type"), Sqlite3GroupManagerDb(self.dKeyDatabaseFilePath), 2048, 1, self.keyChain) newCertificateBlob = self.certificate.wireEncode() newCertificate = IdentityCertificate() newCertificate.wireDecode(newCertificateBlob) # Encrypt the D-KEY. data = manager._createDKeyData( "20150825T000000", "20150827T000000", Name("/ndn/memberA/KEY"), self.decryptKeyBlob, newCertificate.getPublicKeyInfo().getKeyDer()) # Verify the encrypted D-KEY. dataContent = data.getContent() # Get the nonce key. # dataContent is a sequence of the two EncryptedContent. encryptedNonce = EncryptedContent() encryptedNonce.wireDecode(dataContent) self.assertEqual(0, encryptedNonce.getInitialVector().size()) self.assertEqual(EncryptAlgorithmType.RsaOaep, encryptedNonce.getAlgorithmType()) blobNonce = encryptedNonce.getPayload() decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep) nonce = RsaAlgorithm.decrypt(self.decryptKeyBlob, blobNonce, decryptParams) # Get the D-KEY. # Use the size of encryptedNonce to find the start of encryptedPayload. payloadContent = dataContent.buf()[encryptedNonce.wireEncode().size():] encryptedPayload = EncryptedContent() encryptedPayload.wireDecode(payloadContent) self.assertEqual(16, encryptedPayload.getInitialVector().size()) self.assertEqual(EncryptAlgorithmType.AesCbc, encryptedPayload.getAlgorithmType()) decryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc) decryptParams.setInitialVector(encryptedPayload.getInitialVector()) blobPayload = encryptedPayload.getPayload() largePayload = AesAlgorithm.decrypt(nonce, blobPayload, decryptParams) self.assertTrue(largePayload.equals(self.decryptKeyBlob))
def __init__(self, face, groupManagerName, dataType, readAccessName, dKeyDatabaseFilePath): # Set up face self.face = face #self.loop = eventLoop # Set up the keyChain. identityStorage = MemoryIdentityStorage() privateKeyStorage = MemoryPrivateKeyStorage() self.keyChain = KeyChain( IdentityManager(identityStorage, privateKeyStorage), NoVerifyPolicyManager()) self.certificateName = self.keyChain.createIdentityAndCertificate( groupManagerName) self.face.setCommandSigningInfo(self.keyChain, self.certificateName) self.dKeyDatabaseFilePath = dKeyDatabaseFilePath try: os.remove(self.dKeyDatabaseFilePath) except OSError: # no such file pass self.manager = GroupManager( groupManagerName, dataType, Sqlite3GroupManagerDb(self.dKeyDatabaseFilePath), 2048, 1, self.keyChain) self.memoryContentCache = MemoryContentCache(self.face) self.memoryContentCache.registerPrefix( Name(groupManagerName).append("READ"), self.onRegisterFailed, self.onDataNotFound) self.face.registerPrefix(readAccessName, self.onAccessInterest, self.onAccessTimeout) self.updateGroupKeys = False return
def test_get_group_key_without_regeneration(self): # Create the group manager. manager = GroupManager( Name("Alice"), Name("data_type"), Sqlite3GroupManagerDb(self.groupKeyDatabaseFilePath), 1024, 1, self.keyChain) self.setManager(manager) # Get the data list from the group manager. timePoint1 = Schedule.fromIsoString("20150825T093000") result = manager.getGroupKey(timePoint1) self.assertEqual(4, len(result)) # The first data packet contains the group's encryption key (public key). data1 = result[0] self.assertEqual( "/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000", data1.getName().toUri()) groupEKey1 = EncryptKey(data1.getContent()) # Get the second data packet and decrypt. data = result[1] self.assertEqual( "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123", data.getName().toUri()) # Add new members to the database. dataBlob = self.certificate.wireEncode() memberD = Data() memberD.wireDecode(dataBlob) memberD.setName(Name("/ndn/memberD/KEY/ksk-123/ID-CERT/123")) manager.addMember("schedule1", memberD) result2 = manager.getGroupKey(timePoint1, False) self.assertEqual(5, len(result2)) # Check that the new EKey is the same as the previous one. data2 = result2[0] self.assertEqual( "/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000", data2.getName().toUri()) groupEKey2 = EncryptKey(data2.getContent()) self.assertTrue(groupEKey1.getKeyBits().equals( groupEKey2.getKeyBits())) # Check the second data packet. data2 = result2[1] self.assertEqual( "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123", data2.getName().toUri())
def test_get_group_key(self): # Create the group manager. manager = GroupManager( Name("Alice"), Name("data_type"), Sqlite3GroupManagerDb(self.groupKeyDatabaseFilePath), 1024, 1, self.keyChain) self.setManager(manager) # Get the data list from the group manager. timePoint1 = Schedule.fromIsoString("20150825T093000") result = manager.getGroupKey(timePoint1) self.assertEqual(4, len(result)) # The first data packet contains the group's encryption key (public key). data = result[0] self.assertEqual( "/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000", data.getName().toUri()) groupEKey = EncryptKey(data.getContent()) # Get the second data packet and decrypt. data = result[1] self.assertEqual( "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123", data.getName().toUri()) ####################################################### Start decryption. dataContent = data.getContent() # Get the nonce key. # dataContent is a sequence of the two EncryptedContent. encryptedNonce = EncryptedContent() encryptedNonce.wireDecode(dataContent) self.assertEqual(0, encryptedNonce.getInitialVector().size()) self.assertEqual(EncryptAlgorithmType.RsaOaep, encryptedNonce.getAlgorithmType()) decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep) blobNonce = encryptedNonce.getPayload() nonce = RsaAlgorithm.decrypt(self.decryptKeyBlob, blobNonce, decryptParams) # Get the payload. # Use the size of encryptedNonce to find the start of encryptedPayload. payloadContent = dataContent.buf()[encryptedNonce.wireEncode().size():] encryptedPayload = EncryptedContent() encryptedPayload.wireDecode(payloadContent) self.assertEqual(16, encryptedPayload.getInitialVector().size()) self.assertEqual(EncryptAlgorithmType.AesCbc, encryptedPayload.getAlgorithmType()) decryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc) decryptParams.setInitialVector(encryptedPayload.getInitialVector()) blobPayload = encryptedPayload.getPayload() largePayload = AesAlgorithm.decrypt(nonce, blobPayload, decryptParams) # Get the group D-KEY. groupDKey = DecryptKey(largePayload) ####################################################### End decryption. # Check the D-KEY. derivedGroupEKey = RsaAlgorithm.deriveEncryptKey( groupDKey.getKeyBits()) self.assertTrue(groupEKey.getKeyBits().equals( derivedGroupEKey.getKeyBits())) # Check the third data packet. data = result[2] self.assertEqual( "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberB/ksk-123", data.getName().toUri()) # Check the fourth data packet. data = result[3] self.assertEqual( "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberC/ksk-123", data.getName().toUri()) # Check invalid time stamps for getting the group key. timePoint2 = Schedule.fromIsoString("20150826T083000") self.assertEqual(0, len(manager.getGroupKey(timePoint2))) timePoint3 = Schedule.fromIsoString("20150827T023000") self.assertEqual(0, len(manager.getGroupKey(timePoint3)))
class AccessManager(object): def __init__(self, face, groupManagerName, dataType, dKeyDatabaseFilePath): # Set up face self.face = face #self.loop = eventLoop # Set up the keyChain. identityStorage = MemoryIdentityStorage() privateKeyStorage = MemoryPrivateKeyStorage() self.keyChain = KeyChain( IdentityManager(identityStorage, privateKeyStorage), NoVerifyPolicyManager()) self.certificateName = self.keyChain.createIdentityAndCertificate( groupManagerName) self.dKeyDatabaseFilePath = dKeyDatabaseFilePath self.manager = GroupManager( groupManagerName, dataType, Sqlite3GroupManagerDb(self.dKeyDatabaseFilePath), 2048, 1, self.keyChain) self.memoryContentCache = MemoryContentCache(self.face) self.memoryContentCache.registerPrefix(groupManagerName, self.onRegisterFailed, self.onDataNotFound) self.needToPublishGroupKeys = False return def onRepoData(self, interest, data): #print "received repo data: " + interest.getName().toUri() return def onRepoTimeout(self, interest): #print "repo command times out: " + interest.getName().getPrefix(-1).toUri() return def addSchedule(self, scheduleName, managerStartDate, managerEndDate, managerStartHour, managerEndHour): schedule = Schedule() interval = RepetitiveInterval(Schedule.fromIsoString(managerStartDate), Schedule.fromIsoString(managerEndDate), managerStartHour, managerEndHour, 1, RepetitiveInterval.RepeatUnit.DAY) schedule.addWhiteInterval(interval) self.manager.addSchedule(scheduleName, schedule) def onMemberCertificateData(self, interest, data, accessInterest): print "Member certificate with name retrieved: " + data.getName( ).toUri() + "; member added to group!" self.manager.addMember("schedule1", data) self.needToPublishGroupKeys = True accessResponse = Data(accessInterest.getName()) accessResponse.setContent("granted") self.face.putData(accessResponse) def onMemberCertificateTimeout(self, interest, accessInterest): print "Member certificate interest times out: " + interest.getName( ).toUri() newInterest = Interest(interest) newInterest.refreshNonce() self.face.expressInterest( newInterest, lambda memberInterest, memberData: self.onMemberCertificateData( memberInterest, memberData, accessInterest), lambda memberInterest: self.onMemberCertificateTimeout( memberInterest, accessInterest)) return def publishGroupKeys(self, timeStr): timePoint = Schedule.fromIsoString(timeStr) print timeStr result = self.manager.getGroupKey(timePoint) # The first is group public key, E-key # The rest are group private keys encrypted with each member's public key, D-key for i in range(0, len(result)): self.memoryContentCache.add(result[i]) self.initiateContentStoreInsertion( "/ndn/edu/ucla/remap/ndnfit/repo", result[i]) print "Publish key name: " + str( i) + " " + result[i].getName().toUri() print "key content: " + str(result[i].getContent().toBytes()) self.needToPublishGroupKeys = False def onDataNotFound(self, prefix, interest, face, interestFilterId, filter): print "Data not found for interest: " + interest.getName().toUri() if interest.getExclude(): print "Interest has exclude: " + interest.getExclude().toUri() return def onRegisterFailed(self, prefix): print "Prefix registration failed" return def initiateContentStoreInsertion(self, repoCommandPrefix, data): fetchName = data.getName() parameter = repo_command_parameter_pb2.RepoCommandParameterMessage() # Add the Name. for i in range(fetchName.size()): parameter.repo_command_parameter.name.component.append( fetchName[i].getValue().toBytes()) # Create the command interest. interest = Interest( Name(repoCommandPrefix).append("insert").append( Name.Component(ProtobufTlv.encode(parameter)))) self.face.makeCommandInterest(interest) self.face.expressInterest(interest, self.onRepoData, self.onRepoTimeout)
def test_get_group_key(self): # Create the group manager. manager = GroupManager( Name("Alice"), Name("data_type"), Sqlite3GroupManagerDb(self.groupKeyDatabaseFilePath), 1024, 1, self.keyChain) self.setManager(manager) # Get the data list from the group manager. timePoint1 = Schedule.fromIsoString("20150825T093000") result = manager.getGroupKey(timePoint1) self.assertEqual(4, len(result)) # The first data packet contains the group's encryption key (public key). data = result[0] self.assertEqual( "/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000", data.getName().toUri()) groupEKey = EncryptKey(data.getContent()) # Get the second data packet and decrypt. data = result[1] self.assertEqual( "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123", data.getName().toUri()) ####################################################### Start decryption. dataContent = data.getContent() # Get the nonce key. # dataContent is a sequence of the two EncryptedContent. encryptedNonce = EncryptedContent() encryptedNonce.wireDecode(dataContent) self.assertEqual(0, encryptedNonce.getInitialVector().size()) self.assertEqual(EncryptAlgorithmType.RsaOaep, encryptedNonce.getAlgorithmType()) decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep) blobNonce = encryptedNonce.getPayload() nonce = RsaAlgorithm.decrypt(self.decryptKeyBlob, blobNonce, decryptParams) # Get the payload. # Use the size of encryptedNonce to find the start of encryptedPayload. payloadContent = dataContent.buf()[encryptedNonce.wireEncode().size():] encryptedPayload = EncryptedContent() encryptedPayload.wireDecode(payloadContent) self.assertEqual(16, encryptedPayload.getInitialVector().size()) self.assertEqual(EncryptAlgorithmType.AesCbc, encryptedPayload.getAlgorithmType()) decryptParams.setAlgorithmType(EncryptAlgorithmType.AesCbc) decryptParams.setInitialVector(encryptedPayload.getInitialVector()) blobPayload = encryptedPayload.getPayload() largePayload = AesAlgorithm.decrypt(nonce, blobPayload, decryptParams) # Get the group D-KEY. groupDKey = DecryptKey(largePayload) ####################################################### End decryption. # Check the D-KEY. derivedGroupEKey = RsaAlgorithm.deriveEncryptKey(groupDKey.getKeyBits()) self.assertTrue(groupEKey.getKeyBits().equals(derivedGroupEKey.getKeyBits())) # Check the third data packet. data = result[2] self.assertEqual( "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberB/ksk-123", data.getName().toUri()) # Check the fourth data packet. data = result[3] self.assertEqual( "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberC/ksk-123", data.getName().toUri()) # Check invalid time stamps for getting the group key. timePoint2 = Schedule.fromIsoString("20150826T083000") self.assertEqual(0, len(manager.getGroupKey(timePoint2))) timePoint3 = Schedule.fromIsoString("20150827T023000") self.assertEqual(0, len(manager.getGroupKey(timePoint3)))
class TestGroupManager(object): def __init__(self, face, groupManagerName, dataType, readAccessName, dKeyDatabaseFilePath): # Set up face self.face = face #self.loop = eventLoop # Set up the keyChain. identityStorage = MemoryIdentityStorage() privateKeyStorage = MemoryPrivateKeyStorage() self.keyChain = KeyChain( IdentityManager(identityStorage, privateKeyStorage), NoVerifyPolicyManager()) self.certificateName = self.keyChain.createIdentityAndCertificate( groupManagerName) self.face.setCommandSigningInfo(self.keyChain, self.certificateName) self.dKeyDatabaseFilePath = dKeyDatabaseFilePath try: os.remove(self.dKeyDatabaseFilePath) except OSError: # no such file pass self.manager = GroupManager( groupManagerName, dataType, Sqlite3GroupManagerDb(self.dKeyDatabaseFilePath), 2048, 1, self.keyChain) self.memoryContentCache = MemoryContentCache(self.face) self.memoryContentCache.registerPrefix( Name(groupManagerName).append("READ"), self.onRegisterFailed, self.onDataNotFound) self.face.registerPrefix(readAccessName, self.onAccessInterest, self.onAccessTimeout) self.updateGroupKeys = False return def onAccessInterest(self, prefix, interest, face, interestFilterId, filter): print "On Access request interest: " + interest.getName().toUri() certInterest = Interest(interest.getName().getSubName(4)) certInterest.setName(certInterest.getName().getPrefix(-1)) certInterest.setInterestLifetimeMilliseconds(2000) self.face.expressInterest( certInterest, lambda memberInterest, memberData: self.onMemberCertificateData( memberInterest, memberData, interest), lambda memberInterest: self.onMemberCertificateTimeout( memberInterest, interest)) print "Retrieving member certificate: " + certInterest.getName().toUri( ) return def onAccessTimeout(self, prefix): print "Prefix registration failed: " + prefix.toUri() return def onRepoData(self, interest, data): #print "received repo data: " + interest.getName().toUri() return def onRepoTimeout(self, interest): #print "repo command times out: " + interest.getName().getPrefix(-1).toUri() return def setManager(self): schedule1 = Schedule() interval11 = RepetitiveInterval( Schedule.fromIsoString("20161001T000000"), Schedule.fromIsoString("20161031T000000"), 0, 24, 1, RepetitiveInterval.RepeatUnit.DAY) schedule1.addWhiteInterval(interval11) self.manager.addSchedule("schedule1", schedule1) def onMemberCertificateData(self, interest, data, accessInterest): print "Member certificate with name retrieved: " + data.getName( ).toUri() + "; member added to group!" self.manager.addMember("schedule1", data) self.updateGroupKeys = True accessResponse = Data(accessInterest.getName()) accessResponse.setContent("granted") self.face.putData(accessResponse) def onMemberCertificateTimeout(self, interest, accessInterest): print "Member certificate interest times out: " + interest.getName( ).toUri() newInterest = Interest(interest) newInterest.refreshNonce() self.face.expressInterest( newInterest, lambda memberInterest, memberData: self.onMemberCertificateData( memberInterest, memberData, accessInterest), lambda memberInterest: self.onMemberCertificateTimeout( memberInterest, accessInterest)) return def publishGroupKeys(self): timePoint1 = Schedule.fromIsoString("20161024T083000") result = self.manager.getGroupKey(timePoint1) # The first is group public key, E-key # The rest are group private keys encrypted with each member's public key, D-key for i in range(0, len(result)): self.memoryContentCache.add(result[i]) self.initiateContentStoreInsertion( "/ndn/edu/ucla/remap/ndnfit/repo", result[i]) print "Publish key name: " + str( i) + " " + result[i].getName().toUri() self.updateGroupKeys = False def onDataNotFound(self, prefix, interest, face, interestFilterId, filter): print "Data not found for interest: " + interest.getName().toUri() if interest.getExclude(): print "Interest has exclude: " + interest.getExclude().toUri() return def onRegisterFailed(self, prefix): print "Prefix registration failed" return def initiateContentStoreInsertion(self, repoCommandPrefix, data): fetchName = data.getName() parameter = repo_command_parameter_pb2.RepoCommandParameterMessage() # Add the Name. for i in range(fetchName.size()): parameter.repo_command_parameter.name.component.append( fetchName[i].getValue().toBytes()) # Create the command interest. interest = Interest( Name(repoCommandPrefix).append("insert").append( Name.Component(ProtobufTlv.encode(parameter)))) self.face.makeCommandInterest(interest) self.face.expressInterest(interest, self.onRepoData, self.onRepoTimeout)