def test_disjunction():
params = setup()
G, g, o = params
x = o.random()
X = x * g
y = o.random()
Y = y * g
c = o.random()
schnorr0 = Schnorr(X, g, o)
schnorr1 = Schnorr(Y, g, o)
w = (0, x)
disj = Disjunction(schnorr0, schnorr1)
t, aux = disj.commit(w)
z = disj.response(w, t, c, aux)
assert disj.verify(t, c, z)
w = (1, y)
t, aux = disj.commit(w)
z = disj.response(w, t, c, aux)
assert disj.verify(t, c, z)
w = (0, y)
t, aux = disj.commit(w)
z = disj.response(w, t, c, aux)
assert not disj.verify(t, c, z)
def test_conjunction_of_disjunction():
params = setup()
G, g, o = params
x = o.random()
X = x * g
y = o.random()
Y = y * g
a = o.random()
A = a * g
b = o.random()
B = b * g
c = o.random()
schnorr0 = Schnorr(X, g, o)
schnorr1 = Schnorr(Y, g, o)
w0 = (0, x)
disj0 = Disjunction(schnorr0, schnorr1)
schnorr2 = Schnorr(A, g, o)
schnorr3 = Schnorr(B, g, o)
w1 = (1, b)
disj1 = Disjunction(schnorr2, schnorr3)
conj = Conjunction(disj0, disj1)
w = (w0, w1)
t, aux = conj.commit(w)
z = conj.response(w, t, c, aux)
assert conj.verify(t, c, z)
def test_signature_of_conj_of_disj():
params = setup()
G, g, o = params
x = o.random()
X = x * g
y = o.random()
Y = y * g
a = o.random()
A = a * g
b = o.random()
B = b * g
c = o.random()
schnorr0 = Schnorr(X, g, o)
schnorr1 = Schnorr(Y, g, o)
w0 = (0, x)
disj0 = Disjunction(schnorr0, schnorr1)
schnorr2 = Schnorr(A, g, o)
schnorr3 = Schnorr(B, g, o)
w1 = (1, b)
disj1 = Disjunction(schnorr2, schnorr3)
signature = FiatShamirSignature(Conjunction(disj0, disj1))
m = "message"
m_prime = "different_message"
s = signature.sign(m, (w0, w1))
assert signature.verify(m, s)
assert not signature.verify(m_prime, s)
def test_signature_of_protocol_composition():
params = setup()
G, g, o = params
alpha = o.random()
u = alpha * g
beta = o.random()
v = beta * g
gamma = (alpha * beta) % o
w = gamma * g
x = o.random()
X = x * g
y = o.random()
Y = y * g
c = o.random()
cp = ChaumPedersen(u, v, w, g, o)
schnorr0 = Schnorr(X, g, o)
schnorr1 = Schnorr(Y, g, o)
w0 = x
w1 = (0, beta)
disj = Disjunction(cp, schnorr1)
signature = FiatShamirSignature(Conjunction(schnorr0, disj))
m = "message"
m_prime = "different_message"
s = signature.sign(m, (w0, w1))
assert signature.verify(m, s)
assert not signature.verify(m_prime, s)
def test_protocol_composition():
params = setup()
G, g, o = params
alpha = o.random()
u = alpha * g
beta = o.random()
v = beta * g
gamma = (alpha * beta) % o
w = gamma * g
x = o.random()
X = x * g
y = o.random()
Y = y * g
c = o.random()
cp = ChaumPedersen(u, v, w, g, o)
schnorr0 = Schnorr(X, g, o)
schnorr1 = Schnorr(Y, g, o)
w0 = x
w1 = (0, beta)
disj = Disjunction(cp, schnorr1)
conj = Conjunction(schnorr0, disj)
w = (w0, w1)
t, aux = conj.commit(w)
z = conj.response(w, t, c, aux)
assert conj.verify(t, c, z)
def test_frank():
msg = "hello"
_, g, o = setup()
aux = (g, o)
(pk_s, sk_s) = dmf.KeyGen(aux)
(pk_r, sk_r) = dmf.KeyGen(aux)
(pk_j, sk_j) = dmf.KeyGen(aux)
sig = dmf.Frank(sk_s, pk_r, pk_j, msg, aux)
assert dmf.Verify(pk_s, sk_r, pk_j, msg, sig, aux)
assert dmf.Judge(pk_s, pk_r, sk_j, msg, sig, aux)
def test_schnorr():
params = setup()
G, g, o = params
x = o.random()
X = x * g
c = o.random()
schnorr = Schnorr(X, g, o)
t, aux = schnorr.commit(x)
z = schnorr.response(x, t, c, aux)
assert schnorr.verify(t, c, z)
assert not schnorr.verify(t, z, c)
(t_prime, z_prime) = schnorr.sim(c)
assert schnorr.verify(t_prime, c, z_prime)
def test_jforge():
msg = "hello"
_, g, o = setup()
aux = (g, o)
(pk_s, sk_s) = dmf.KeyGen(aux)
(pk_r, sk_r) = dmf.KeyGen(aux)
(pk_j, sk_j) = dmf.KeyGen(aux)
sig = dmf.JForge(pk_s, pk_r, sk_j, msg, aux)
assert dmf.Verify(pk_s, sk_r, pk_j, msg, sig, aux)
assert dmf.Judge(pk_s, pk_r, sk_j, msg, sig, aux)
(pi, T, U, A, B) = sig
spok = dmf.Create_DMF_SPoK(pk_s, pk_j, T, U, A, aux)
assert spok.verify(msg, pi)
def test_signature():
params = setup()
G, g, o = params
x = o.random()
X = x * g
y = o.random()
Y = y * g
c = o.random()
m = "message"
m_prime = "different_message"
schnorr = Schnorr(X, g, o)
signature = FiatShamirSignature(schnorr)
s = signature.sign(m, x)
assert signature.verify(m, s)
assert not signature.verify(m_prime, s)
def test_chaum_pedersen():
params = setup()
G, g, o = params
alpha = o.random()
u = alpha * g
beta = o.random()
v = beta * g
gamma = (alpha * beta) % o
w = gamma * g
c = o.random()
cp = ChaumPedersen(u, v, w, g, o)
t, aux = cp.commit(beta)
B_z = cp.response(beta, t, c, aux)
assert cp.verify(t, c, B_z)
assert not cp.verify(t, B_z, c)
(t_prime, z_prime) = cp.sim(c)
assert cp.verify(t_prime, c, z_prime)
def test_conjunction():
params = setup()
G, g, o = params
x = o.random()
X = x * g
y = o.random()
Y = y * g
c = o.random()
schnorr1 = Schnorr(X, g, o)
schnorr2 = Schnorr(Y, g, o)
w = (x, y)
conj = Conjunction(schnorr1, schnorr2)
t, aux = conj.commit(w)
z = conj.response(w, t, c, aux)
assert conj.verify(t, c, z)
w = (y, x)
t, aux = conj.commit(w)
z = conj.response(w, t, c, aux)
assert not conj.verify(t, c, z)
def create_app(test_config=None):
# create and configure the app
app = Flask(__name__, instance_relative_config=True)
app.config.from_mapping(
SECRET_KEY='dev',
DATABASE=os.path.join(app.instance_path, 'amf.sqlite'),
)
if test_config is None:
# load the instance config, if it exists, when not testing
app.config.from_pyfile('config.py', silent=True)
else:
# load the test config if passed in
app.config.from_mapping(test_config)
# ensure the instance folder exists
try:
os.makedirs(app.instance_path)
except OSError:
pass
# create the judge keys if they have not been created yet
with app.app_context():
db = get_db()
row = db.execute('SELECT * FROM judge_keys').fetchone()
if row is None:
_, g, o = setup()
aux = (g, o)
(pk_j, sk_j) = dmf.KeyGen(aux)
db.execute('INSERT INTO judge_keys VALUES (?, ?, ?, ?)',
(g.export(), o.hex().encode('ascii'), pk_j.export(),
sk_j.hex().encode('ascii')))
db.commit()
# GET request for the blacklisted users
@app.route('/blacklist.txt', methods=('GET', 'POST'))
def blacklist():
if request.method == 'GET':
db = get_db()
rows = db.execute('SELECT * FROM blacklist').fetchall()
names = list(map(lambda r: r['username'], rows))
return "\n".join(names)
# GET request for the auxiliary group data
@app.route('/get_aux', methods=('GET', 'POST'))
def get_aux():
if request.method == 'GET':
db = get_db()
g = db.execute('SELECT g FROM judge_keys').fetchone()['g']
o = db.execute('SELECT o FROM judge_keys').fetchone()['o']
return binascii.b2a_base64(g).decode("ascii") + DELIMITER + \
o.decode("ascii")
# GET request for the judge's public keys
@app.route('/get_pk_j', methods=('GET', 'POST'))
def get_pk_j():
if request.method == 'GET':
db = get_db()
pk_j = db.execute('SELECT pk_j FROM judge_keys').fetchone()['pk_j']
return binascii.b2a_base64(pk_j).decode("ascii")
# POST request to store the user's twitter and keybase usernames
@app.route('/register', methods=('GET', 'POST'))
def register():
if request.method == 'POST':
twitter = request.form['twitter']
keybase = request.form['keybase']
db = get_db()
error = None
if not twitter:
error = 'Twitter username is required.'
elif not keybase:
error = 'Keybase username is required.'
elif db.execute('SELECT keybase FROM user WHERE twitter = ?',
(twitter, )).fetchone() is not None:
error = 'User {} is already registered.'.format(username)
if error is None:
db.execute('INSERT INTO user (twitter, keybase) VALUES (?, ?)',
(twitter, keybase))
db.commit()
return "Successfully added user."
return error
# POST request to get the keybase username associated to a twitter username
@app.route('/get_username', methods=('GET', 'POST'))
def get_username():
if request.method == 'POST':
twitter = request.form['twitter']
db = get_db()
error = None
kb = db.execute('SELECT keybase FROM user WHERE twitter = ?',
(twitter, )).fetchone()
if kb is None:
return "Incorrect username."
return kb['keybase']
# request to handle abuse reports
@app.route('/report', methods=('GET', 'POST'))
def report():
frank = request.form['frank'].split(DELIMITER)
sender = request.form['sender']
reporter = request.form['reporter']
msg = request.form['message']
test = request.form['test']
db = get_db()
sig = str_to_frank(frank, G)
if test == "True":
with open("test.txt", "rb") as file:
data = file.read()
info = data.split(DELIMITER.encode('ascii'))
pk_s = EcPt.from_binary(info[0], G)
pk_r = EcPt.from_binary(info[2], G)
else:
sender_kb = db.execute(
'SELECT keybase FROM user WHERE twitter = ?',
(sender, )).fetchone()['keybase']
reporter_kb = db.execute(
'SELECT keybase FROM user WHERE twitter = ?',
(reporter, )).fetchone()['keybase']
r = requests.get("https://" + sender_kb +
".keybase.pub/amf/amf_pk.txt")
pk_s = EcPt.from_binary(
binascii.a2b_base64(r.text.encode('ascii')), G)
r = requests.get("https://" + reporter_kb +
".keybase.pub/amf/amf_pk.txt")
pk_r = EcPt.from_binary(
binascii.a2b_base64(r.text.encode('ascii')), G)
db = get_db()
g_db = db.execute('SELECT g FROM judge_keys').fetchone()['g']
o_db = db.execute('SELECT o FROM judge_keys').fetchone()['o']
sk_j_db = db.execute('SELECT sk_j FROM judge_keys').fetchone()['sk_j']
g = EcPt.from_binary(g_db, G)
o = Bn.from_hex(o_db.decode('ascii'))
sk_j = Bn.from_hex(sk_j_db.decode('ascii'))
aux = (g, o)
if not dmf.Judge(pk_s, pk_r, sk_j, msg, sig, aux):
return "Message could not be authenticated by judge."
else:
prob = call_perspective_api(msg, ["TOXICITY"], PERSPECTIVE_KEY)
if prob["TOXICITY"] > TOXICITY_THRESHOLD:
db.execute('INSERT INTO blacklist VALUES (?)', (sender, ))
db.commit()
return sender + " has been added to the blacklist."
else:
return "Message not judged to be abusive."
from . import db
db.init_app(app)
return app
