def test_encrypt_decrypt_associated_data():
key = os.urandom(32)
aad = b'secret code 1234'
dem = UmbralDEM(key)
plaintext = b'peace at dawn'
ciphertext0 = dem.encrypt(plaintext, authenticated_data=aad)
ciphertext1 = dem.encrypt(plaintext, authenticated_data=aad)
assert ciphertext0 != plaintext
assert ciphertext1 != plaintext
assert ciphertext0 != ciphertext1
assert ciphertext0[:DEM_NONCE_SIZE] != ciphertext1[:DEM_NONCE_SIZE]
cleartext0 = dem.decrypt(ciphertext0, authenticated_data=aad)
cleartext1 = dem.decrypt(ciphertext1, authenticated_data=aad)
assert cleartext0 == plaintext
assert cleartext1 == plaintext
# Attempt decryption with invalid associated data
with pytest.raises(InvalidTag):
cleartext2 = dem.decrypt(ciphertext0, authenticated_data=b'wrong data')
def decrypt(ciphertext: bytes,
capsule: Capsule,
decrypting_key: UmbralPrivateKey,
check_proof: bool = True) -> bytes:
"""
Opens the capsule and gets what's inside.
We hope that's a symmetric key, which we use to decrypt the ciphertext
and return the resulting cleartext.
"""
if not isinstance(ciphertext, bytes) or len(ciphertext) < DEM_NONCE_SIZE:
raise ValueError(
"Input ciphertext must be a bytes object of length >= {}".format(
DEM_NONCE_SIZE))
if capsule._attached_cfrags:
# Since there are cfrags attached, we assume this is Bob opening the Capsule.
# (i.e., this is a re-encrypted capsule)
encapsulated_key = _open_capsule(capsule,
decrypting_key,
check_proof=check_proof)
capsule_bytes = capsule._original_to_bytes()
else:
# Since there aren't cfrags attached, we assume this is Alice opening the Capsule.
# (i.e., this is an original capsule)
encapsulated_key = _decapsulate_original(decrypting_key, capsule)
capsule_bytes = bytes(capsule)
dem = UmbralDEM(encapsulated_key)
cleartext = dem.decrypt(ciphertext, authenticated_data=capsule_bytes)
return cleartext
def encrypt(alice_pubkey: UmbralPublicKey,
plaintext: bytes) -> Tuple[bytes, Capsule]:
"""
Performs an encryption using the UmbralDEM object and encapsulates a key
for the sender using the public key provided.
Returns the ciphertext and the KEM Capsule.
"""
key, capsule = _encapsulate(alice_pubkey.point_key, SecretBox.KEY_SIZE)
dem = UmbralDEM(key)
ciphertext = dem.encrypt(plaintext)
return ciphertext, capsule
def encrypt(alice_pubkey: UmbralPublicKey,
plaintext: bytes) -> Tuple[bytes, Capsule]:
"""
Performs an encryption using the UmbralDEM object and encapsulates a key
for the sender using the public key provided.
Returns the ciphertext and the KEM Capsule.
"""
key, capsule = _encapsulate(alice_pubkey, DEM_KEYSIZE)
capsule_bytes = bytes(capsule)
dem = UmbralDEM(key)
ciphertext = dem.encrypt(plaintext, authenticated_data=capsule_bytes)
return ciphertext, capsule
def encrypt(alice_pubkey: UmbralPublicKey, plaintext: bytes,
params: UmbralParameters=None) -> Tuple[bytes, Capsule]:
"""
Performs an encryption using the UmbralDEM object and encapsulates a key
for the sender using the public key provided.
Returns the ciphertext and the KEM Capsule.
"""
params = params if params is not None else default_params()
key, capsule = _encapsulate(alice_pubkey.point_key, CHACHA20_KEY_SIZE, params=params)
capsule_bytes = bytes(capsule)
dem = UmbralDEM(key)
ciphertext = dem.encrypt(plaintext, authenticated_data=capsule_bytes)
return ciphertext, capsule
def decrypt(ciphertext: bytes,
capsule: Capsule,
decrypting_key: UmbralPrivateKey,
check_proof: bool = True) -> bytes:
"""
Opens the capsule and gets what's inside.
We hope that's a symmetric key, which we use to decrypt the ciphertext
and return the resulting cleartext.
"""
if capsule._attached_cfrags:
# Since there are cfrags attached, we assume this is Bob opening the Capsule.
# (i.e., this is a re-encrypted capsule)
encapsulated_key = _open_capsule(capsule,
decrypting_key,
check_proof=check_proof)
dem = UmbralDEM(encapsulated_key)
original_capsule_bytes = capsule._original_to_bytes()
cleartext = dem.decrypt(ciphertext,
authenticated_data=original_capsule_bytes)
else:
# Since there aren't cfrags attached, we assume this is Alice opening the Capsule.
# (i.e., this is an original capsule)
decapsulated_key = _decapsulate_original(decrypting_key, capsule)
dem = UmbralDEM(decapsulated_key)
capsule_bytes = bytes(capsule)
cleartext = dem.decrypt(ciphertext, authenticated_data=capsule_bytes)
return cleartext
def decrypt(ciphertext: bytes, capsule: Capsule,
priv_key: UmbralPrivateKey, alice_pub_key: UmbralPublicKey=None,
params: UmbralParameters=None, check_proof=True) -> bytes:
"""
Opens the capsule and gets what's inside.
We hope that's a symmetric key, which we use to decrypt the ciphertext
and return the resulting cleartext.
"""
params = params if params is not None else default_params()
if capsule._attached_cfrags:
# Since there are cfrags attached, we assume this is Bob opening the Capsule.
# (i.e., this is a re-encrypted capsule)
bob_priv_key = priv_key
encapsulated_key = _open_capsule(capsule, bob_priv_key, alice_pub_key,
params=params, check_proof=check_proof)
dem = UmbralDEM(encapsulated_key)
original_capsule_bytes = capsule._original_to_bytes()
cleartext = dem.decrypt(ciphertext, authenticated_data=original_capsule_bytes)
else:
# Since there aren't cfrags attached, we assume this is Alice opening the Capsule.
# (i.e., this is an original capsule)
encapsulated_key = _decapsulate_original(priv_key.bn_key, capsule, params=params)
dem = UmbralDEM(encapsulated_key)
capsule_bytes = bytes(capsule)
cleartext = dem.decrypt(ciphertext, authenticated_data=capsule_bytes)
return cleartext
def decrypt(ciphertext: bytes,
capsule: Capsule,
priv_key: UmbralPrivateKey,
alice_pub_key: UmbralPublicKey = None) -> bytes:
"""
Opens the capsule and gets what's inside.
We hope that's a symmetric key, which we use to decrypt the ciphertext
and return the resulting cleartext.
"""
if capsule._attached_cfrags:
# Since there are cfrags attached, we assume this is Bob opening the Capsule.
bob_priv_key = priv_key
key = _open_capsule(capsule, bob_priv_key, alice_pub_key)
dem = UmbralDEM(key)
original_capsule_bytes = capsule._original_to_bytes()
cleartext = dem.decrypt(ciphertext,
authenticated_data=original_capsule_bytes)
else:
# Since there aren't cfrags attached, we assume this is Alice opening the Capsule.
key = _decapsulate_original(priv_key.bn_key, capsule)
dem = UmbralDEM(key)
capsule_bytes = bytes(capsule)
cleartext = dem.decrypt(ciphertext, authenticated_data=capsule_bytes)
return cleartext
def decrypt(ciphertext: bytes,
capsule: Capsule,
decrypting_key: UmbralPrivateKey,
check_proof: bool = True) -> bytes:
"""
Opens the capsule and gets what's inside.
We hope that's a symmetric key, which we use to decrypt the ciphertext
and return the resulting cleartext.
"""
if not isinstance(ciphertext, bytes) or len(ciphertext) < DEM_NONCE_SIZE:
raise ValueError(
"Input ciphertext must be a bytes object of length >= {}".format(
DEM_NONCE_SIZE))
elif not isinstance(capsule, Capsule) or not capsule.verify():
raise Capsule.NotValid
elif not isinstance(decrypting_key, UmbralPrivateKey):
raise TypeError("The decrypting key is not an UmbralPrivateKey")
if capsule._attached_cfrags:
# Since there are cfrags attached, we assume this is Bob opening the Capsule.
# (i.e., this is a re-encrypted capsule)
encapsulated_key = _open_capsule(capsule,
decrypting_key,
check_proof=check_proof)
else:
# Since there aren't cfrags attached, we assume this is Alice opening the Capsule.
# (i.e., this is an original capsule)
encapsulated_key = _decapsulate_original(decrypting_key, capsule)
dem = UmbralDEM(encapsulated_key)
try:
cleartext = dem.decrypt(ciphertext, authenticated_data=bytes(capsule))
except InvalidTag as e:
raise UmbralDecryptionError() from e
return cleartext
def test_encrypt_decrypt():
key = os.urandom(32)
dem = UmbralDEM(key)
plaintext = b'peace at dawn'
ciphertext0 = dem.encrypt(plaintext)
ciphertext1 = dem.encrypt(plaintext)
assert ciphertext0 != plaintext
assert ciphertext1 != plaintext
# Ciphertext should be different even with same plaintext.
assert ciphertext0 != ciphertext1
# Nonce should be different
assert ciphertext0[:DEM_NONCE_SIZE] != ciphertext1[:DEM_NONCE_SIZE]
cleartext0 = dem.decrypt(ciphertext0)
cleartext1 = dem.decrypt(ciphertext1)
assert cleartext0 == plaintext
assert cleartext1 == plaintext
