def run_insert(conn=None,
data=expressive_elems,
table='demo',
config_name = 'expressive',
PKI_object=None):
""" Insert a list into the accumulo table specified.
Arguments:
conn - the Accumulo connection to use
data - the list to insert into the Accumulo table
table - the name of the table to insert to
default_vis - the default visibility label to use. default: '(a&b)|c'
config_filept - file pointer to the configuration file for encryption
PKI_object - matches the interface on encryption PKI OBJECT, default is
DummyEncryptionPKI
"""
if conn is None:
conn = pyaccumulo.Accumulo(host='localhost',
port=42424,
user='******',
password='******')
if PKI_object is None:
PKI_object = DummyEncryptionPKI(conn=conn)
config_filept = StringIO(schema[config_name])
encrypter = AccumuloEncrypt(config_filept, PKI_object)
print "\nEnrypting with the following schema: \n\n" + descriptions[config_name]
write_list_to_table(conn, encrypter, table, data)
def _create_encryptor_dict(config):
'''
Helper function that parses a config file and creates a key
object before creating an encryptor dict that can be passed
into and EncMutation.
'''
config_parser = ConfigParser.ConfigParser()
config_parser.readfp(config)
key_object = DummyEncryptionPKI()
return AccumuloEncrypt._config_to_encryptor(config_parser, key_object)
def setUp(self):
#Set up encryptor_dict
config = stringio.StringIO(
'[row]\n'+\
'key_id = Pycrypto_AES_CFB\n'+\
'encryption = Pycrypto_AES_CFB\n'+\
'cell_sections = row\n'+\
'[colFamily]\n'+\
'key_id = Pycrypto_AES_CFB\n'+\
'cell_sections = colFamily,colQualifier\n'+\
'encryption = Pycrypto_AES_CFB')
config_identity = stringio.StringIO(
'[row]\n'+\
'key_id = Identity\n'+\
'encryption = Identity\n'+\
'cell_sections = row\n'+\
'[colFamily]\n'+\
'key_id = Identity\n'+\
'cell_sections = colFamily\n'+\
'encryption = Identity')
config_det = stringio.StringIO(
'[row]\n'+\
'key_id = Pycrypto_AES_SIV\n'+\
'encryption = Pycrypto_AES_SIV\n'+\
'cell_sections = row\n'+\
'[colFamily]\n'+\
'key_id = Pycrypto_AES_SIV\n'+\
'cell_sections = colFamily,colQualifier\n'+\
'encryption = Pycrypto_AES_SIV')
# Use a consistent PKI
self.pki = DummyEncryptionPKI()
self.encryptor_dict = self._create_encryptor_dict(config)
self.encryptor_dict_identity = self._create_encryptor_dict(config_identity)
self.encryptor_dict_det = self._create_encryptor_dict(config_det)
#Sample mutation
mut = Mutation('abcd')
mut.put(cf='cf1',cq='cq1', cv='cv1', ts = '12345', val = 'val1')
self.mut = mut
#complex Sample mutation
c_mut = Mutation('abcd')
c_mut.put(cf='cf1',cq='cq1', cv='cv1', ts = '12345', val = 'val1')
c_mut.put(cf='cf2', val='val2')
c_mut.put(cf='cf3',cq='cq3', val = 'val3')
c_mut.put(val = 'val4')
self.c_mut = c_mut
def run_retrieve(conn=None,
table='demo',
config_name = 'expressive',
PKI_object=None):
""" Retrieves and decrypts values from the specified table,
outputting the appropriate error messages if not.
Arguments:
conn - the Accumulo connection to use
data - the list to insert into the Accumulo table
table - the name of the table to insert to
config_filept - file pointer to the configuration file for encryption
PKI_object - matches the interface on encryption PKI OBJECT, default is
DummyEncryptionPKI
"""
if conn is None:
conn = pyaccumulo.Accumulo(host='localhost',
port=42424,
user='******',
password='******')
if PKI_object is None:
PKI_object = DummyEncryptionPKI(conn=conn)
total = 0
config_filept = StringIO(schema[config_name])
decrypter = AccumuloEncrypt(config_filept, PKI_object)
for entry in conn.scan(table):
total = total + 1
try:
cell = decrypter.decrypt(entry)
if config_name == 'print':
print 'Entry: \n Row - %s,\n Column_Visibility - %s,\n Column_Family - %s,\n Column_Qualifier - %s,\n Value - %s\n' %(base64.b64encode(cell.row),
cell.cv,
base64.b64encode(cell.cf),
base64.b64encode(cell.cq),
base64.b64encode(cell.val))
elif config_name == 'vis_print':
print 'Entry: \n Row - %s,\n Column_Visibility - %s,\n Column_Family - %s,\n Column_Qualifier - %s,\n Value - %s\n' %(cell.row,
cell.cv,
cell.cf,
cell.cq,
base64.b64encode(cell.val))
else:
print 'Entry: \n Row - %s,\n Column_Visibility - %s,\n Column_Family - %s,\n Column_Qualifier - %s,\n Value - %s\n' % (cell.row, cell.cv,cell.cf,cell.cq,cell.val)
except DecryptionException as ve:
print 'Error: Entry failed to decrypt.'
print 'Error message:', ve.msg
print
print 'Finished, decrypted %d total entries.' %(total)
def run_search(conn=None,
table='demo',
config_name = 'expressive',
PKI_object=None,
row_range='Analytics'):
""" Retrieves and decrypts values from the specified table,
outputting the appropriate error messages if not.
Arguments:
conn - the Accumulo connection to use
data - the list to insert into the Accumulo table
table - the name of the table to insert to
config_filept - file pointer to the configuration file for encryption
PKI_object - matches the interface on encryption PKI OBJECT, default is
DummyEncryptionPKI
row_range - the keyword to search for
"""
if conn is None:
conn = pyaccumulo.Accumulo(host='localhost',
port=42424,
user='******',
password='******')
if PKI_object is None:
PKI_object = DummyEncryptionPKI(conn=conn)
total = 0
enc_config_filept = StringIO(schema[config_name])
dec_config_filept = StringIO(schema[config_name])
encrypter = AccumuloEncrypt(enc_config_filept, PKI_object)
enc_row, _ = encrypter.encrypt_search(row_range, None)
range = pyaccumulo.Range(srow = enc_row, sinclude = True,
erow = enc_row, einclude = True)
for entry in conn.scan(table, scanrange=range):
total = total + 1
try:
cell = encrypter.decrypt(entry)
print "Entry: (%s, %s, %s, %s)" % (cell.row, cell.cf, cell.cq, cell.val)
except DecryptionException as ve:
print 'Error: Entry failed to decrypt.'
print 'Error message:', ve.msg
print
print 'Finished, decrypted %d total entries.' %(total)
def test_encrypt_decrypt(self):
'''
Tests encrypting and decrypting the shares
'''
DummyPKI = DummyEncryptionPKI()
expressions = [
'a&b', 'a&b&c', 'a|b', 'a|b|c', '(a&b)|c', '(a|b)&c', 'a|(b&c)',
'a&(b|c)', '(a&b)|(b&c)', '(a|b)&(c|d)'
]
for e in expressions:
secret = Random.get_random_bytes(16)
encrypted_shares = SecretVisTreeEncryptor.encrypt_secret_shares(
e, secret, Keytor('VIS_AES_CBC', DummyPKI, 16),
Pycrypto_AES_CBC)
share = SecretVisTreeEncryptor.decrypt_secret_shares(
e, encrypted_shares, Keytor('VIS_AES_CBC', DummyPKI, 16),
Pycrypto_AES_CBC)
self.assertEqual(share, secret)
def setUp(self):
# Keep the same PKI around, since it generates a new RSA key
# for key wraps each time
self.pki = DummyEncryptionPKI()
def main():
parser = OptionParser()
parser.add_option("-v",
'--verbose',
dest="verbose",
action="store_true",
default=False,
help="Verbose output")
accumulo_group = OptionGroup(
parser, 'Options that control the accumulo connection')
accumulo_group.add_option('--host',
dest='host',
default='localhost',
help='Host for Accumulo. Default: localhost')
accumulo_group.add_option('--user',
dest='user',
default='root',
help='User for Accumulo. Default: root')
accumulo_group.add_option('--password',
dest='password',
default='secret',
help='Password for Accumulo user. Default: ...')
accumulo_group.add_option('--port',
dest='port',
type='int',
default=42424,
help="Port for Accumulo. Default: 42424")
parser.add_option_group(accumulo_group)
output_group = OptionGroup(parser, 'Options that control output')
output_group.add_option('--log-file',
dest='log_file',
default='output.log',
help='Output file for performance numbers')
output_group.add_option('--table-prefix',
dest='table_prefix',
default='perf',
help='Prefix used for data tables')
output_group.add_option('--profile',
dest='profile',
action='store_true',
default=False,
help="Profiles encryption code")
output_group.add_option(
'--cache_key',
dest='cache_key',
action='store_true',
default=False,
help='Keys are now cached during encryption and decryption')
output_group.add_option(
'--use_accumulo_keystore',
dest='accumulo_keystore',
action='store_true',
default=False,
help=
"Keys are stored in Accumulo if option is included, otherwise they are stored locally"
)
parser.add_option_group(output_group)
test_group = OptionGroup(parser,
"Options that control what tests are being run")
test_group.add_option('--all',
dest='all',
action='store_true',
default=False,
help='Runs all the different tests')
test_group.add_option(
'--non-ceabac',
dest='non_ceabac',
action='store_true',
default=False,
help='Runs the non-CEABAC tests with a simple schema')
test_group.add_option('--ceabac',
dest='ceabac',
action='store_true',
default=False,
help='Runs the CEABAC tests with a simple schema')
test_group.add_option(
'--vis-ceabac',
dest='vis_ceabac',
action='store_true',
default=False,
help='Runs CEABAC in CBC mode with varying visibility fields')
test_group.add_option('--diff_schemas_ceabac',
dest='diff_ceabac',
action='store_true',
default=False,
help='Runs several different schemas for VIS_CBC')
test_group.add_option('--diff_schemas_non_ceabac',
dest='diff_non_ceabac',
action='store_true',
default=False,
help='Runs several different schemas for AES_CBC')
test_group.add_option(
'--mixed_schemas',
dest='mixed_schemas',
action='store_true',
default=False,
help='Runs a set of schemas where the schemes are both CEABAC and not')
parser.add_option_group(test_group)
entries_group = OptionGroup(
parser, "Options that control how many entries are run")
entries_group.add_option('--num_entries',
dest='num_entries',
type='int',
default=1000,
help='Total number of cells being run')
entries_group.add_option('--num_rows',
dest='num_rows',
type='int',
default=100,
help='Total number of rows being run')
parser.add_option_group(entries_group)
(cl_flags, _) = parser.parse_args()
#set up logging
if cl_flags.verbose:
log_level = logging.DEBUG
else:
log_level = logging.INFO
logging.basicConfig(filename=cl_flags.log_file,
level=log_level,
format='%(levelname)s-%(asctime)s: %(message)s')
logger = logging.getLogger("performance_testing")
#check inputs
if cl_flags.all and (cl_flags.non_ceabac or cl_flags.ceabac
or cl_flags.vis_ceabac):
logger.error(
'--all is already specified, do not need to define other tests to run'
)
#create accumulo connection
conn = Accumulo(host=cl_flags.host,
port=cl_flags.port,
user=cl_flags.user,
password=cl_flags.password)
#create benchmarker
if cl_flags.cache_key:
logger.info('Using the caching version of the pki')
pki = DummyCachingEncryptionPKI(
conn=conn if cl_flags.accumulo_keystore else None)
else:
pki = DummyEncryptionPKI(
conn=conn if cl_flags.accumulo_keystore else None)
benchmarker = Benchmarker(logger=logger, pki=pki, conn=conn)
if cl_flags.all:
run_non_ceabac(benchmarker, cl_flags.table_prefix, logger,
cl_flags.profile, cl_flags)
run_ceabac(benchmarker, cl_flags.table_prefix, logger,
cl_flags.profile, cl_flags)
run_vis_ceabac(benchmarker, cl_flags.table_prefix, logger,
cl_flags.profile, cl_flags)
run_diff_ceabac(benchmarker, cl_flags.table_prefix, logger,
cl_flags.profile, cl_flags)
run_diff_non_ceabac(benchmarker, cl_flags.table_prefix, logger,
cl_flags.profile, cl_flags)
run_mixed_schemas(benchmarker, cl_flags.table_prefix, logger,
cl_flags.profile, cl_flags)
if cl_flags.non_ceabac:
run_non_ceabac(benchmarker, cl_flags.table_prefix, logger,
cl_flags.profile, cl_flags)
if cl_flags.ceabac:
run_ceabac(benchmarker, cl_flags.table_prefix, logger,
cl_flags.profile, cl_flags)
if cl_flags.vis_ceabac:
run_vis_ceabac(benchmarker, cl_flags.table_prefix, logger,
cl_flags.profile, cl_flags)
if cl_flags.diff_ceabac:
run_diff_ceabac(benchmarker, cl_flags.table_prefix, logger,
cl_flags.profile, cl_flags)
if cl_flags.diff_non_ceabac:
run_diff_non_ceabac(benchmarker, cl_flags.table_prefix, logger,
cl_flags.profile, cl_flags)
if cl_flags.mixed_schemas:
run_mixed_schemas(benchmarker, cl_flags.table_prefix, logger,
cl_flags.profile, cl_flags)