def run_insert(conn=None, data=expressive_elems, table='demo', config_name = 'expressive', PKI_object=None): """ Insert a list into the accumulo table specified. Arguments: conn - the Accumulo connection to use data - the list to insert into the Accumulo table table - the name of the table to insert to default_vis - the default visibility label to use. default: '(a&b)|c' config_filept - file pointer to the configuration file for encryption PKI_object - matches the interface on encryption PKI OBJECT, default is DummyEncryptionPKI """ if conn is None: conn = pyaccumulo.Accumulo(host='localhost', port=42424, user='******', password='******') if PKI_object is None: PKI_object = DummyEncryptionPKI(conn=conn) config_filept = StringIO(schema[config_name]) encrypter = AccumuloEncrypt(config_filept, PKI_object) print "\nEnrypting with the following schema: \n\n" + descriptions[config_name] write_list_to_table(conn, encrypter, table, data)
def _create_encryptor_dict(config): ''' Helper function that parses a config file and creates a key object before creating an encryptor dict that can be passed into and EncMutation. ''' config_parser = ConfigParser.ConfigParser() config_parser.readfp(config) key_object = DummyEncryptionPKI() return AccumuloEncrypt._config_to_encryptor(config_parser, key_object)
def setUp(self): #Set up encryptor_dict config = stringio.StringIO( '[row]\n'+\ 'key_id = Pycrypto_AES_CFB\n'+\ 'encryption = Pycrypto_AES_CFB\n'+\ 'cell_sections = row\n'+\ '[colFamily]\n'+\ 'key_id = Pycrypto_AES_CFB\n'+\ 'cell_sections = colFamily,colQualifier\n'+\ 'encryption = Pycrypto_AES_CFB') config_identity = stringio.StringIO( '[row]\n'+\ 'key_id = Identity\n'+\ 'encryption = Identity\n'+\ 'cell_sections = row\n'+\ '[colFamily]\n'+\ 'key_id = Identity\n'+\ 'cell_sections = colFamily\n'+\ 'encryption = Identity') config_det = stringio.StringIO( '[row]\n'+\ 'key_id = Pycrypto_AES_SIV\n'+\ 'encryption = Pycrypto_AES_SIV\n'+\ 'cell_sections = row\n'+\ '[colFamily]\n'+\ 'key_id = Pycrypto_AES_SIV\n'+\ 'cell_sections = colFamily,colQualifier\n'+\ 'encryption = Pycrypto_AES_SIV') # Use a consistent PKI self.pki = DummyEncryptionPKI() self.encryptor_dict = self._create_encryptor_dict(config) self.encryptor_dict_identity = self._create_encryptor_dict(config_identity) self.encryptor_dict_det = self._create_encryptor_dict(config_det) #Sample mutation mut = Mutation('abcd') mut.put(cf='cf1',cq='cq1', cv='cv1', ts = '12345', val = 'val1') self.mut = mut #complex Sample mutation c_mut = Mutation('abcd') c_mut.put(cf='cf1',cq='cq1', cv='cv1', ts = '12345', val = 'val1') c_mut.put(cf='cf2', val='val2') c_mut.put(cf='cf3',cq='cq3', val = 'val3') c_mut.put(val = 'val4') self.c_mut = c_mut
def run_retrieve(conn=None, table='demo', config_name = 'expressive', PKI_object=None): """ Retrieves and decrypts values from the specified table, outputting the appropriate error messages if not. Arguments: conn - the Accumulo connection to use data - the list to insert into the Accumulo table table - the name of the table to insert to config_filept - file pointer to the configuration file for encryption PKI_object - matches the interface on encryption PKI OBJECT, default is DummyEncryptionPKI """ if conn is None: conn = pyaccumulo.Accumulo(host='localhost', port=42424, user='******', password='******') if PKI_object is None: PKI_object = DummyEncryptionPKI(conn=conn) total = 0 config_filept = StringIO(schema[config_name]) decrypter = AccumuloEncrypt(config_filept, PKI_object) for entry in conn.scan(table): total = total + 1 try: cell = decrypter.decrypt(entry) if config_name == 'print': print 'Entry: \n Row - %s,\n Column_Visibility - %s,\n Column_Family - %s,\n Column_Qualifier - %s,\n Value - %s\n' %(base64.b64encode(cell.row), cell.cv, base64.b64encode(cell.cf), base64.b64encode(cell.cq), base64.b64encode(cell.val)) elif config_name == 'vis_print': print 'Entry: \n Row - %s,\n Column_Visibility - %s,\n Column_Family - %s,\n Column_Qualifier - %s,\n Value - %s\n' %(cell.row, cell.cv, cell.cf, cell.cq, base64.b64encode(cell.val)) else: print 'Entry: \n Row - %s,\n Column_Visibility - %s,\n Column_Family - %s,\n Column_Qualifier - %s,\n Value - %s\n' % (cell.row, cell.cv,cell.cf,cell.cq,cell.val) except DecryptionException as ve: print 'Error: Entry failed to decrypt.' print 'Error message:', ve.msg print print 'Finished, decrypted %d total entries.' %(total)
def run_search(conn=None, table='demo', config_name = 'expressive', PKI_object=None, row_range='Analytics'): """ Retrieves and decrypts values from the specified table, outputting the appropriate error messages if not. Arguments: conn - the Accumulo connection to use data - the list to insert into the Accumulo table table - the name of the table to insert to config_filept - file pointer to the configuration file for encryption PKI_object - matches the interface on encryption PKI OBJECT, default is DummyEncryptionPKI row_range - the keyword to search for """ if conn is None: conn = pyaccumulo.Accumulo(host='localhost', port=42424, user='******', password='******') if PKI_object is None: PKI_object = DummyEncryptionPKI(conn=conn) total = 0 enc_config_filept = StringIO(schema[config_name]) dec_config_filept = StringIO(schema[config_name]) encrypter = AccumuloEncrypt(enc_config_filept, PKI_object) enc_row, _ = encrypter.encrypt_search(row_range, None) range = pyaccumulo.Range(srow = enc_row, sinclude = True, erow = enc_row, einclude = True) for entry in conn.scan(table, scanrange=range): total = total + 1 try: cell = encrypter.decrypt(entry) print "Entry: (%s, %s, %s, %s)" % (cell.row, cell.cf, cell.cq, cell.val) except DecryptionException as ve: print 'Error: Entry failed to decrypt.' print 'Error message:', ve.msg print print 'Finished, decrypted %d total entries.' %(total)
def test_encrypt_decrypt(self): ''' Tests encrypting and decrypting the shares ''' DummyPKI = DummyEncryptionPKI() expressions = [ 'a&b', 'a&b&c', 'a|b', 'a|b|c', '(a&b)|c', '(a|b)&c', 'a|(b&c)', 'a&(b|c)', '(a&b)|(b&c)', '(a|b)&(c|d)' ] for e in expressions: secret = Random.get_random_bytes(16) encrypted_shares = SecretVisTreeEncryptor.encrypt_secret_shares( e, secret, Keytor('VIS_AES_CBC', DummyPKI, 16), Pycrypto_AES_CBC) share = SecretVisTreeEncryptor.decrypt_secret_shares( e, encrypted_shares, Keytor('VIS_AES_CBC', DummyPKI, 16), Pycrypto_AES_CBC) self.assertEqual(share, secret)
def setUp(self): # Keep the same PKI around, since it generates a new RSA key # for key wraps each time self.pki = DummyEncryptionPKI()
def main(): parser = OptionParser() parser.add_option("-v", '--verbose', dest="verbose", action="store_true", default=False, help="Verbose output") accumulo_group = OptionGroup( parser, 'Options that control the accumulo connection') accumulo_group.add_option('--host', dest='host', default='localhost', help='Host for Accumulo. Default: localhost') accumulo_group.add_option('--user', dest='user', default='root', help='User for Accumulo. Default: root') accumulo_group.add_option('--password', dest='password', default='secret', help='Password for Accumulo user. Default: ...') accumulo_group.add_option('--port', dest='port', type='int', default=42424, help="Port for Accumulo. Default: 42424") parser.add_option_group(accumulo_group) output_group = OptionGroup(parser, 'Options that control output') output_group.add_option('--log-file', dest='log_file', default='output.log', help='Output file for performance numbers') output_group.add_option('--table-prefix', dest='table_prefix', default='perf', help='Prefix used for data tables') output_group.add_option('--profile', dest='profile', action='store_true', default=False, help="Profiles encryption code") output_group.add_option( '--cache_key', dest='cache_key', action='store_true', default=False, help='Keys are now cached during encryption and decryption') output_group.add_option( '--use_accumulo_keystore', dest='accumulo_keystore', action='store_true', default=False, help= "Keys are stored in Accumulo if option is included, otherwise they are stored locally" ) parser.add_option_group(output_group) test_group = OptionGroup(parser, "Options that control what tests are being run") test_group.add_option('--all', dest='all', action='store_true', default=False, help='Runs all the different tests') test_group.add_option( '--non-ceabac', dest='non_ceabac', action='store_true', default=False, help='Runs the non-CEABAC tests with a simple schema') test_group.add_option('--ceabac', dest='ceabac', action='store_true', default=False, help='Runs the CEABAC tests with a simple schema') test_group.add_option( '--vis-ceabac', dest='vis_ceabac', action='store_true', default=False, help='Runs CEABAC in CBC mode with varying visibility fields') test_group.add_option('--diff_schemas_ceabac', dest='diff_ceabac', action='store_true', default=False, help='Runs several different schemas for VIS_CBC') test_group.add_option('--diff_schemas_non_ceabac', dest='diff_non_ceabac', action='store_true', default=False, help='Runs several different schemas for AES_CBC') test_group.add_option( '--mixed_schemas', dest='mixed_schemas', action='store_true', default=False, help='Runs a set of schemas where the schemes are both CEABAC and not') parser.add_option_group(test_group) entries_group = OptionGroup( parser, "Options that control how many entries are run") entries_group.add_option('--num_entries', dest='num_entries', type='int', default=1000, help='Total number of cells being run') entries_group.add_option('--num_rows', dest='num_rows', type='int', default=100, help='Total number of rows being run') parser.add_option_group(entries_group) (cl_flags, _) = parser.parse_args() #set up logging if cl_flags.verbose: log_level = logging.DEBUG else: log_level = logging.INFO logging.basicConfig(filename=cl_flags.log_file, level=log_level, format='%(levelname)s-%(asctime)s: %(message)s') logger = logging.getLogger("performance_testing") #check inputs if cl_flags.all and (cl_flags.non_ceabac or cl_flags.ceabac or cl_flags.vis_ceabac): logger.error( '--all is already specified, do not need to define other tests to run' ) #create accumulo connection conn = Accumulo(host=cl_flags.host, port=cl_flags.port, user=cl_flags.user, password=cl_flags.password) #create benchmarker if cl_flags.cache_key: logger.info('Using the caching version of the pki') pki = DummyCachingEncryptionPKI( conn=conn if cl_flags.accumulo_keystore else None) else: pki = DummyEncryptionPKI( conn=conn if cl_flags.accumulo_keystore else None) benchmarker = Benchmarker(logger=logger, pki=pki, conn=conn) if cl_flags.all: run_non_ceabac(benchmarker, cl_flags.table_prefix, logger, cl_flags.profile, cl_flags) run_ceabac(benchmarker, cl_flags.table_prefix, logger, cl_flags.profile, cl_flags) run_vis_ceabac(benchmarker, cl_flags.table_prefix, logger, cl_flags.profile, cl_flags) run_diff_ceabac(benchmarker, cl_flags.table_prefix, logger, cl_flags.profile, cl_flags) run_diff_non_ceabac(benchmarker, cl_flags.table_prefix, logger, cl_flags.profile, cl_flags) run_mixed_schemas(benchmarker, cl_flags.table_prefix, logger, cl_flags.profile, cl_flags) if cl_flags.non_ceabac: run_non_ceabac(benchmarker, cl_flags.table_prefix, logger, cl_flags.profile, cl_flags) if cl_flags.ceabac: run_ceabac(benchmarker, cl_flags.table_prefix, logger, cl_flags.profile, cl_flags) if cl_flags.vis_ceabac: run_vis_ceabac(benchmarker, cl_flags.table_prefix, logger, cl_flags.profile, cl_flags) if cl_flags.diff_ceabac: run_diff_ceabac(benchmarker, cl_flags.table_prefix, logger, cl_flags.profile, cl_flags) if cl_flags.diff_non_ceabac: run_diff_non_ceabac(benchmarker, cl_flags.table_prefix, logger, cl_flags.profile, cl_flags) if cl_flags.mixed_schemas: run_mixed_schemas(benchmarker, cl_flags.table_prefix, logger, cl_flags.profile, cl_flags)