def setup_brand(brand_identifier):
"""
create keys, brand config file, and brand layers file for NUS
"""
base_id, base_keypair = get_base()
brand_id, brand_keypair = make_keypair()
save_key(brand_id, brand_keypair)
layers = (
(
brand_id,
brand_keypair.publickey(),
),
(
base_id,
base_keypair.publickey(),
),
)
layer_fn = os.path.join(_ESCROW_LAYERS_PATH,
"brand.%s.layers.serial" % (brand_identifier, ))
if os.path.exists(layer_fn):
raise EscrowError("Brand id %s layers exist" % (brand_identifier, ))
with open(layer_fn, "ab") as fobj:
dump(layers, fobj)
write_config("brand.%s" % (brand_identifier, ), brand_id)
print "new keys and config saved for brand %s" % brand_identifier
return brand_id, brand_identifier, layers
def setup_brand(brand_identifier):
"""
create keys, brand config file, and brand layers file for NUS
"""
base_id, base_keypair = get_base()
brand_id, brand_keypair = make_keypair()
save_key(brand_id, brand_keypair)
layers = ( (brand_id, brand_keypair.publickey(), ),
(base_id, base_keypair.publickey(), ), )
layer_fn = os.path.join(_ESCROW_LAYERS_PATH,
"brand.%s.layers.serial" % ( brand_identifier, ))
if os.path.exists(layer_fn):
raise EscrowError("Brand id %s layers exist" % (brand_identifier, ))
with open(layer_fn, "ab") as fobj:
dump(layers, fobj)
write_config("brand.%s" % (brand_identifier, ), brand_id)
print "new keys and config saved for brand %s" % brand_identifier
return brand_id, brand_identifier, layers
def test_write_and_read_layers():
"""
test encapsulating data in many escrow layers and reading it back out
"""
userkey = make_keypair()
layers = list()
for _ in range(_TEST_LAYERS):
layers.append(make_keypair())
# this is the data that goes in the innermost layer
data = os.urandom(_TEST_DATA_SIZE)
layer_data = data
# we encapsulate this data in layers of key escrow
for idx, layer in enumerate(layers):
cipher_layer_data = make_escrow_layer(
layer[0], layer[1].publickey(), layer_data, userkey[1])
# at every layer we test that we can read back the data
plain_layer_data = read_escrow_layer(
{ layer[0]: layer[1] }, cipher_layer_data, userkey[1].publickey())
assert plain_layer_data == layer_data, \
"readback fail at layer %d" % (idx + 1)
layer_data = cipher_layer_data
# read back the layers in reverse
for idx, layer in enumerate(layers[::-1]):
plain_layer_data = read_escrow_layer(
{ layer[0]: layer[1] }, layer_data, userkey[1].publickey())
layer_data = plain_layer_data
# we should get our original data back out
assert layer_data == data
return True
def test_write_and_read_layers():
"""
test encapsulating data in many escrow layers and reading it back out
"""
userkey = make_keypair()
layers = list()
for _ in range(_TEST_LAYERS):
layers.append(make_keypair())
# this is the data that goes in the innermost layer
data = os.urandom(_TEST_DATA_SIZE)
layer_data = data
# we encapsulate this data in layers of key escrow
for idx, layer in enumerate(layers):
cipher_layer_data = make_escrow_layer(layer[0], layer[1].publickey(),
layer_data, userkey[1])
# at every layer we test that we can read back the data
plain_layer_data = read_escrow_layer({layer[0]: layer[1]},
cipher_layer_data,
userkey[1].publickey())
assert plain_layer_data == layer_data, \
"readback fail at layer %d" % (idx + 1)
layer_data = cipher_layer_data
# read back the layers in reverse
for idx, layer in enumerate(layers[::-1]):
plain_layer_data = read_escrow_layer({layer[0]: layer[1]}, layer_data,
userkey[1].publickey())
layer_data = plain_layer_data
# we should get our original data back out
assert layer_data == data
return True
def test_setup_brand():
from key_escrow.server import read_escrow_data
brand_identifier = 'my_test_brand'
brand_id, _brand_keypair, layers = setup_brand(brand_identifier)
assert brand_id == layers[0][0]
_user_key_id, user_keypair = make_keypair()
test_data = "0123456789"
escrowed_data = escrow_binary(layers, test_data, user_keypair)
plain_escrowed_data = read_escrow_data(brand_identifier, escrowed_data,
sign_key=user_keypair.publickey())
assert plain_escrowed_data == test_data
print "setup brand test ok"
return True
def create_base():
"""
Run only once to create base layer of key escrow (which is kept internal.)
create a new (key_id, keypair, ) and save it.
create a new file base.cfg with key_id in first line
"""
base_id, base_keypair = make_keypair()
save_key(base_id, base_keypair)
write_config("base", base_id)
print "base key ID %s and cfg saved" % ( base_id, )
return True
def create_base():
"""
Run only once to create base layer of key escrow (which is kept internal.)
create a new (key_id, keypair, ) and save it.
create a new file base.cfg with key_id in first line
"""
base_id, base_keypair = make_keypair()
save_key(base_id, base_keypair)
write_config("base", base_id)
print "base key ID %s and cfg saved" % (base_id, )
return True
