def _check_encrypt_decrypt_mutation(encClass):
'''
Tests the encrypt then decrypt functionality of the various algorithms
on mutations
'''
config = stringio.StringIO(
'[colFamily]\n'+\
'key_id = '+ encClass.name +'\n'+\
'cell_sections = colFamily,colQualifier\n'+\
'encryption = ' + encClass.name)
encryptor_dict = _create_encryptor_dict(config)
mut = Mutation('abcdefghijklmnopqrstuvwxyz')
mut.put(cf='cf1', cq='cq1', cv='a&b', ts='12345', val='val1')
mut.put(cf='cf2', cq='cq2', cv='a&b', ts='12345', val='val2')
enc_muts = EncMutation(mut, encryptor_dict).encrypt()
dec_muts = []
for enc_mut in enc_muts:
dec_muts.append(EncMutation(enc_mut, encryptor_dict).decrypt())
assert_true(
_decrypt_mutations_equal(dec_muts, mut),
"Mutation is not correctly handled during encryption and decryption process"
)
assert_true(not _mutations_equal(enc_mut, mut),
"Encryption algorithm was identity function.")
def test_encrypt_decrypt_mutation(self):
'''
Tests encrypt then decrypt functionality of EncMutation
'''
enc_mut = EncMutation(self.mut, self.encryptor_dict).encrypt()
self.assertTrue(len(enc_mut) == 1)
dec_mut = EncMutation(enc_mut[0], self.encryptor_dict).decrypt()
self.assertTrue(self._mutations_equal([dec_mut], self.mut),
"Mutation is not correctly handled during encryption and decryption process")
def encrypt(self, mutation):
"""
Arugments:
mutation - an plaintext mutation as defined in the
pyaccumulo interface
Returns: A list of new mutations containing the encrypted data
as specified in the configuration file
"""
enc_mut = EncMutation(mutation, self.encrypt_dict)
return enc_mut.encrypt()
def encrypt_mutation(cls, mutation, key_id, cell_sections):
"""
Arguments:
mutation - mutation as defined in encmutation (based on
pyaccumulo interface )
key_id - Keytor object that contains the algorithm name
and a key_object to obtain the keys
cell_sections - the list of part of the cell to be encrypted.
Options are defined in VALID_KEYS in vars.py. Can't be
colVisibility
Effect: The EncMutation is modified and the encrypted data
stored in the cell_location. For example if
cell_sections was [colFamily, colQualifier] and
cell_location is 'colFamily'. Let the first update
be cf = 'cf1', and cq = 'cq1', the resulting update
would become cf = 'cf1|cq1' (encrypted) and cq = ''.
This is done for each update in the list of updates.
"""
ptexts = EncMutation.concatenate_cell_section_values(
mutation, cell_sections)
vis_exprs = mutation.update_dict['colVisibility']
if not all([vis != '' for vis in vis_exprs]):
raise EncryptionException("There are rows without visibility labels, "+\
"cannot encrypt the mutation")
ctexts = [
cls._encrypt_with_shares(ptext, key_id, vis)
for (ptext, vis) in zip(ptexts, vis_exprs)
]
return ctexts
def _check_versioning(encClass):
"""
Test the encryptions classes are properly dealing with versions.
Versions are pulled from the DummyEncryptionPKI in encryption_pki.py
"""
groundtruth = {
"Pycrypto_AES_CFB": '3',
"Pycrypto_AES_CBC": '1',
"Pycrypto_AES_OFB": '3',
"Pycrypto_AES_CTR": '1',
"Pycrypto_AES_GCM": '2',
"Pycrypto_AES_CFB": '3',
"Pycrypto_AES_SIV": '1'
}
config = stringio.StringIO(
'[value]\n'+\
'key_id = '+ encClass.name +'\n'+\
'cell_sections = value\n'+\
'encryption = ' + encClass.name)
encryptor_dict = _create_encryptor_dict(config)
mut = Mutation('abcdefghijklmnopqrstuvwxyz')
mut.put(val='val2')
enc_muts = EncMutation(mut, encryptor_dict).encrypt()
assert_true(len(enc_muts) == 1)
enc_mut = enc_muts[0]
assert_true(
enc_mut.updates[0].value.rsplit('ver',
1)[-1] == groundtruth[encClass.name],
'Not grabbing the most recent version of the key')
def test_get_and_split_values(self):
'''
Tests get_values_by_cell_string and split_values_by_cell_string
'''
mut = EncMutation(self.mut,self.encryptor_dict)
values = EncMutation.concatenate_cell_section_values(mut, ['colFamily','colQualifier'])
self.assertEqual(values, ['cf1+cq1'])
split_values = EncMutation.split_values(values)
self.assertEqual(split_values, [('cf1',),('cq1',)])
cell = Cell('row','cf','cq','cv',1234,'val')
value = EncCell.get_value_by_cell_string(cell._asdict(), ['colFamily', 'colQualifier'])
self.assertEqual(value, 'cf+cq')
split_value = EncCell.split_value_by_cell_string(value)
self.assertEqual(split_value,['cf','cq'])
def test_encrypt_mutation(self):
'''
Tests encryption functionality of EncMutation
when encryption is identity function
'''
enc_mut = EncMutation(self.mut,self.encryptor_dict_identity).encrypt()
self.assertTrue(self._mutations_equal(enc_mut, self.mut),
"Mutation is not correctly handled during encryption process")
def encrypt_mutation(cls, mutation, key_container, cell_sections):
(key, version) = cls._get_encryption_key(key_container)
ptexts = EncMutation.concatenate_cell_section_values(
mutation, cell_sections)
#add version number delineated by 'ver' - version is int so this is fine
ctexts = [
cls._encrypt(ptext, key) + 'ver' + str(version) for ptext in ptexts
]
return ctexts
def test_encrypt_overwrite(self):
"""
Tests the fact information is overwritten if encrypted and not
a target location
"""
enc_mut = EncMutation(self.mut, self.encryptor_dict).encrypt()
self.assertTrue(len(enc_mut) == 1)
for u in enc_mut[0].updates:
self.assertEqual(u.colQualifier, '', "colQualifier was not overwritten correctly")
def test_row_same(self):
"""
Tests that the row value produced is same if deterministic encryption is
used
"""
enc_muts = EncMutation(self.c_mut, self.encryptor_dict_det).encrypt()
self.assertTrue(len(enc_muts) == 4)
row_ids = set()
for mut in enc_muts:
row_ids.add(mut.row)
self.assertTrue(len(row_ids) == 1)
def decrypt_mutation(cls, mutation, dec_mutation, key_container,
cell_location, cell_sections):
ptexts = []
ctexts = mutation[cell_location]
for ctext in ctexts:
#grab the version, delineated by last instance of 'ver'
try:
(ctext, version) = ctext.rsplit('ver', 1)
except ValueError:
raise DecryptionException('Ciphertext is not properly formatted: it '+\
'does not contain version information')
key = cls._get_decryption_key(key_container, version)
ptexts.append(cls._decrypt(ctext, key))
split_values = EncMutation.split_values(ptexts)
for sec, values in zip(cell_sections, split_values):
dec_mutation[sec] = list(values)
def _check_malformed_ciphertext_version(encClass):
"""
Tests error handling in the case where the ciphertext does
not contain 'ver'
"""
config = stringio.StringIO(
'[colFamily]\n'+\
'key_id = '+ encClass.name +'\n'+\
'cell_sections = colFamily,colQualifier\n'+\
'encryption = ' + encClass.name)
encryptor_dict = _create_encryptor_dict(config)
mut = Mutation('abcdefghijklmnopqrstuvwxyz')
mut.put(cf='cf1', cq='cq1', cv='a&b', ts='12345', val='val1')
mut.put(cv='c|d', cf='cf2', val='val2')
enc_mut = EncMutation(mut, encryptor_dict)
assert_raises(DecryptionException, enc_mut.decrypt)
def decrypt_mutation(cls, mutation, dec_mutation, key_id, cell_location,
cell_sections):
'''
Arguments:
mutation - mutation as defined in encmutation (based on
pyaccumulo interface )
key_id - Keytor object that contains the algorithm name
and a key_object to obtain the keys
cell_location - the part of the cell where encrypted data is
to be stored
cell_sections - the target locations for decrypted data that
contained at the cell_location.
Effect: The EncMutation is modified. The encrypted data
cell_location is decrypted and seperated into
the values associated with each of the cell_sections.
These values are then placed in the cell as
specified by cell_sections.
For example, cell_location = 'cq' and cell_sections =
[colFamily, colQualifier, value] and the cq for
the first update is 'cf1|cq1|val1' the three
values are separated out and the update becomes
cf = 'cf1', cq = 'cq1', and val = 'val1'.
'''
ctexts = mutation[cell_location]
vis_exprs = mutation.update_dict['colVisibility']
if not all([vis != None for vis in vis_exprs]):
raise DecryptionException("There are rows without visibility labels, "+\
"cannot decrypt the mutation")
ptexts = [
cls._decrypt_with_shares(ctext, key_id, vis)
for (ctext, vis) in zip(ctexts, vis_exprs)
]
split_values = EncMutation.split_values(ptexts)
for sec, values in zip(cell_sections, split_values):
dec_mutation[sec] = list(values)
def decrypt_mutation(mutation, dec_mutation, key, cell_location,
cell_sections):
ptexts = mutation[cell_location]
split_values = EncMutation.split_values(ptexts)
for sec, values in zip(cell_sections, split_values):
dec_mutation[sec] = list(values)
def encrypt_mutation(mutation, key, cell_sections):
ctexts = EncMutation.concatenate_cell_section_values(
mutation, cell_sections)
return ctexts