def test_keyfrag_sqlite(self):
kfrag_component_length = 32
rand_sig = API.secure_random(65)
rand_id = b'\x00' + API.secure_random(kfrag_component_length)
rand_key = b'\x00' + API.secure_random(kfrag_component_length)
rand_hrac = API.secure_random(32)
kfrag = KFrag(rand_id + rand_key)
self.ks.add_kfrag(rand_hrac, kfrag, sig=rand_sig)
# Check that kfrag was added
kfrag_from_datastore, signature = self.ks.get_kfrag(rand_hrac,
get_sig=True)
self.assertEqual(rand_sig, signature)
# De/serialization happens here, by dint of the slicing interface, which casts the kfrag to bytes.
# The +1 is to account for the metabyte.
self.assertEqual(kfrag_from_datastore[:kfrag_component_length + 1],
rand_id)
self.assertEqual(kfrag_from_datastore[kfrag_component_length + 1:],
rand_key)
self.assertEqual(kfrag_from_datastore, kfrag)
# Check that kfrag gets deleted
self.ks.del_kfrag(rand_hrac)
with self.assertRaises(keystore.KeyNotFound):
key = self.ks.get_key(rand_hrac)
def test_split_signature_from_arbitrary_bytes():
how_many_bytes = 10
signature = Signature(secure_random(65))
some_bytes = secure_random(how_many_bytes)
splitter = BytestringSplitter(Signature, (bytes, how_many_bytes))
rebuilt_signature, rebuilt_bytes = splitter(signature + some_bytes)
def test_trying_to_extract_too_many_bytes_raises_typeerror():
how_many_bytes = 10
too_many_bytes = 11
signature = Signature(secure_random(65))
some_bytes = secure_random(how_many_bytes)
splitter = BytestringSplitter(Signature, (bytes, too_many_bytes))
with pytest.raises(ValueError):
rebuilt_signature, rebuilt_bytes = splitter(signature + some_bytes, return_remainder=True)
def test_split_two_signatures():
"""
We make two random Signatures and concat them. Then split them and show that we got the proper result.
"""
sig1, sig2 = Signature(secure_random(65)), Signature(secure_random(65))
sigs_concatted = sig1 + sig2
two_signature_splitter = BytestringSplitter(Signature, Signature)
rebuilt_sig1, rebuilt_sig2 = two_signature_splitter(sigs_concatted)
assert (sig1, sig2) == (rebuilt_sig1, rebuilt_sig2)
def test_secure_random(self):
rand1 = api.secure_random(10)
rand2 = api.secure_random(10)
self.assertNotEqual(rand1, rand2)
self.assertEqual(bytes, type(rand1))
self.assertEqual(bytes, type(rand2))
self.assertEqual(10, len(rand1))
self.assertEqual(10, len(rand2))
def test_split_kfrag_from_arbitrary_bytes():
rand_id = b'\x00' + api.secure_random(32)
rand_key = b'\x00' + api.secure_random(32)
kfrag = KFrag(rand_id + rand_key)
how_many_bytes = 10
some_bytes = secure_random(how_many_bytes)
splitter = BytestringSplitter(KFrag, (bytes, how_many_bytes))
rebuilt_kfrag, rebuilt_bytes = splitter(kfrag + some_bytes)
assert kfrag == rebuilt_kfrag
def test_ecdsa_load_sig(self):
v = 1
r = int.from_bytes(api.secure_random(32), byteorder='big')
s = int.from_bytes(api.secure_random(32), byteorder='big')
sig = api.ecdsa_gen_sig(v, r, s)
self.assertEqual(bytes, type(sig))
self.assertEqual(65, len(sig))
loaded_sig = api.ecdsa_load_sig(sig)
self.assertEqual(tuple, type(loaded_sig))
self.assertEqual(3, len(loaded_sig))
self.assertEqual((v, r, s), loaded_sig)
def test_symm_encrypt(self):
key = api.secure_random(32)
plaintext = b'this is a test'
ciphertext = api.symm_encrypt(key, plaintext)
self.assertEqual(EncryptedMessage, type(ciphertext))
self.assertNotEqual(plaintext, ciphertext)
def test_ecdsa_sign(self):
msghash = api.secure_random(32)
privkey = api.ecdsa_gen_priv()
vrs = api.ecdsa_sign(msghash, privkey)
self.assertEqual(tuple, type(vrs))
self.assertEqual(3, len(vrs))
def rekey(self, priv1, pub2):
priv_to = api.secure_random(self.KEY_SIZE)
rk = super(PRE, self).rekey(convert_priv(priv1),
convert_priv(priv_to),
dtype=bytes)
epriv_to = self.encrypt(pub2, priv_to)
return msgpack.dumps([rk, epriv_to])
def test_symmetric():
Cipher = symmetric_from_algorithm(default_algorithm)
key = api.secure_random(Cipher.KEY_SIZE)
cipher = Cipher(key)
data = b'Hello world' * 10
edata = cipher.encrypt(data)
assert edata != data
assert cipher.decrypt(edata) == data
def attach_server(self, ksize=20, alpha=3, id=None,
storage=None, *args, **kwargs):
# TODO: Network-wide deterministic ID generation (ie, auction or
# whatever) See #136.
if not id:
id = digest(secure_random(32))
super().attach_server(ksize, alpha, id, storage)
self.attach_rest_server(db_name=self.db_name)
def test_ecdsa_verify(self):
msghash = api.secure_random(32)
privkey = api.ecdsa_gen_priv()
pubkey = api.ecdsa_priv2pub(privkey, to_bytes=False)
vrs = api.ecdsa_sign(msghash, privkey)
self.assertEqual(tuple, type(vrs))
self.assertEqual(3, len(vrs))
is_verified = api.ecdsa_verify(*vrs, msghash, pubkey)
self.assertEqual(bool, type(is_verified))
self.assertTrue(is_verified)
def attach_server(self,
ksize=20,
alpha=3,
id=None,
storage=None,
*args,
**kwargs):
if not id:
id = digest(
secure_random(32)
) # TODO: Network-wide deterministic ID generation (ie, auction or whatever)
super().attach_server(ksize, alpha, id, storage)
def attach_server(self, ksize=20, alpha=3, id=None, storage=None,
*args, **kwargs):
if not id:
id = digest(
secure_random(32)) # TODO: Network-wide deterministic ID generation (ie, auction or whatever) #136.
super().attach_server(ksize, alpha, id, storage)
routes = [
Route('/kFrag/{hrac_as_hex}', 'POST', self.set_policy),
Route('/kFrag/{hrac_as_hex}/reencrypt', 'POST', self.reencrypt_via_rest),
]
self._rest_app = App(routes=routes)
def test_treasure_map_from_alice_to_ursula():
"""
Shows that Alice can share a TreasureMap with Ursula and that Bob can receive and decrypt it.
"""
treasure_map = TreasureMap([api.secure_random(50) for _ in range(50)]) # TODO: This is still random here.
encrypted_treasure_map, signature = ALICE.encrypt_for(BOB, treasure_map.packed_payload())
packed_encrypted_treasure_map = msgpack.dumps(encrypted_treasure_map)
# For example, a hashed path.
resource_id = b"as098duasdlkj213098asf"
policy_group = PolicyGroup(resource_id, BOB)
setter = ALICE.server.set(policy_group.id, packed_encrypted_treasure_map)
set_event = EVENT_LOOP.run_until_complete(setter)
treasure_map_as_set_on_network = URSULAS[0].server.storage[digest(policy_group.id)]
assert treasure_map_as_set_on_network == packed_encrypted_treasure_map # IE, Ursula stores it properly.
return treasure_map, treasure_map_as_set_on_network, signature, policy_group
def __init__(self, alice, kfrag=UNKNOWN_KFRAG, deterministic_id_portion=None, challenge_size=20, set_id=True):
"""
:param kfrag:
The kFrag obviously, but defaults to UNKNOWN_KFRAG in case the user wants to set it later.
:param deterministic_id_portion: Probably the fingerprint of Alice's public key.
Any part that Ursula can use to verify that Alice is the rightful setter of this ID.
If it's not included, the Policy ID will be completely random.
:param challenge_size: The number of challenges to create in the ChallengePack.
"""
self.alice = alice
self.kfrag = kfrag
self.deterministic_id_portion = deterministic_id_portion
self.random_id_portion = api.secure_random(32) # TOOD: Where do we actually want this to live?
self.challenge_size = challenge_size
self.treasure_map = []
if set_id:
self.set_id()
def attach_server(self,
ksize=20,
alpha=3,
id=None,
storage=None,
*args,
**kwargs):
# TODO: Network-wide deterministic ID generation (ie, auction or
# whatever) See #136.
if not id:
id = digest(secure_random(32))
super().attach_server(ksize, alpha, id, storage)
routes = [
Route('/kFrag/{hrac_as_hex}', 'POST', self.set_policy),
Route('/kFrag/{hrac_as_hex}/reencrypt', 'POST',
self.reencrypt_via_rest),
Route('/public_keys', 'GET',
self.get_signing_and_encrypting_public_keys),
Route('/consider_contract', 'POST', self.consider_contract),
]
self._rest_app = App(routes=routes)
