def test_get_fingerprint(self):
"""
Creates a new ThresholdEncryptionSetUp and generate commitments for
all trustees add them to the ThresholdEncryptionSetUp
an get a fingerpint
"""
cryptosystem = get_cryptosystem()
commitments = []
# Generate a new instance of ThresholdEncryptionSetUp
tSetUp = ThresholdEncryptionSetUp(cryptosystem, self.num_trustees,
self.threshold)
# Adding the keys from trustees
for i in range(self.num_trustees):
tSetUp.add_trustee_public_key(i, self.trustees[i].public_key)
# Generate commitmes for trustees
for i in range(self.num_trustees):
commitments.append(tSetUp.generate_commitment())
# get_fingerprint must raise ThresholdEncryptionSetUpStateError
# if called without added commitments
self.assertRaises(ThresholdEncryptionSetUpStateError,
tSetUp.get_fingerprint)
# Adding the first self.num_trustees - 1 commitments from trustees
for i in range(self.num_trustees - 1):
tSetUp.add_trustee_commitment(i, commitments[i])
# get_fingerprint must raise ThresholdEncryptionSetUpStateError
# if called without all added commitments
self.assertRaises(ThresholdEncryptionSetUpStateError,
tSetUp.get_fingerprint)
# Add the last commitments from trustees
tSetUp.add_trustee_commitment(self.num_trustees - 1,
commitments[self.num_trustees - 1])
# Create 2 fingerpints and they must match
fingerprint = tSetUp.get_fingerprint()
fingerprintb = tSetUp.get_fingerprint()
self.assertEquals(fingerprint, fingerprintb)
# We create a diferent ThresholdEncryptionSetUp to genera another
# fingerprint that should not match
tSetUp2 = ThresholdEncryptionSetUp(cryptosystem, self.num_trustees - 1,
self.threshold - 1)
for i in range(self.num_trustees - 1):
tSetUp2.add_trustee_public_key(i, self.trustees[i].public_key)
commitments2 = []
for i in range(self.num_trustees - 1):
commitments2.append(tSetUp2.generate_commitment())
for i in range(self.num_trustees - 1):
tSetUp2.add_trustee_commitment(i, commitments2[i])
fingerprint2 = tSetUp2.get_fingerprint()
# figerprints generate from diferent ThresholdEncryptionSetUp
# must be diferent
self.assertNotEqual(fingerprint, fingerprint2)
def setUp(self):
"""
Unit test setup method.
"""
self.num_trustees = 5
self.threshold = 3
self.trustees = []
self.commitments = []
for i in range(self.num_trustees):
self.trustees.append(Trustee())
# Generate a new instance of ThresholdEncryptionSetUp to be used
# for generate publickeys
cryptosystem = get_cryptosystem()
self.tSetUp = ThresholdEncryptionSetUp(cryptosystem, self.num_trustees,
self.threshold)
# Adding the keys from trustees
for i in range(self.num_trustees):
self.tSetUp.add_trustee_public_key(i, self.trustees[i].public_key)
# Generate commitmes for trustees
for i in range(self.num_trustees):
self.commitments.append(self.tSetUp.generate_commitment())
# Adding the trustees commitments
for i in range(self.num_trustees):
self.tSetUp.add_trustee_commitment(i, self.commitments[i])
self.tpkey = self.tSetUp.generate_public_key()
def test_commitmet_adding(self):
"""
Creates a new ThresholdEncryptionSetUp and try to add a trustee c
commitment
"""
cryptosystem = get_cryptosystem()
commitments = []
# Generate a new instance of ThresholdEncryptionSetUp
tSetUp = ThresholdEncryptionSetUp(cryptosystem, self.num_trustees,
self.threshold)
# Adding the keys from trustees
for i in range(self.num_trustees):
tSetUp.add_trustee_public_key(i, self.trustees[i].public_key)
# Generate and add a valid commitment
commitment = tSetUp.generate_commitment()
tSetUp.add_trustee_commitment(0, commitment)
#The commitment for trustee 0 must be the same we just add
self.assertEqual(tSetUp._trustees_commitments[0], commitment)
# add_trustee_commitmnet must raise ValueError with invalid trustee
# values (-1 and self.num_trustees+1)
self.assertRaises(ValueError, tSetUp.add_trustee_commitment, -1,
commitment)
self.assertRaises(ValueError, tSetUp.add_trustee_commitment,
self.num_trustees + 1, commitment)
# Change commitment.num_trustees value to try erros
commitment.num_trustees = self.num_trustees + 1
# add_trustee_commitmnet must raise IncompatibleCommitmentError when
# the commitment has diferent num_trustees value
self.assertRaises(IncompatibleCommitmentError,
tSetUp.add_trustee_commitment, 1, commitment)
# Change commitment.threshold value to try erros
commitment.num_trustees = self.num_trustees
commitment.threshold = self.threshold + 1
# add_trustee_commitmnet must raise IncompatibleCommitmentError when
# the commitment has diferent theshold value
self.assertRaises(IncompatibleCommitmentError,
tSetUp.add_trustee_commitment, 1, commitment)
# Test what happens with invalid cryptosystem
# Create another cryptosystem
second_cryptosys_file = os.path.join(
os.path.dirname(__file__),
"TestThresholdEncryptionSetUp.resources",
"test1024bits_second.pvcryptosys")
# Load the cryptosystem from file
second_cryptosys = EGCryptoSystem.from_file(second_cryptosys_file)
commitment.threshold = self.threshold
commitment.cryptosystem = second_cryptosys
# Must raise IncompatibleCommitmentError with diferent cryptosys
self.assertRaises(IncompatibleCommitmentError,
tSetUp.add_trustee_commitment, 1, commitment)
def test_generate_privatekey(self):
"""
Creates a new ThresholdEncryptionSetUp and generate commitments for
all trustees add them to the ThresholdEncryptionSetUp
and generate a private key
"""
cryptosystem = get_cryptosystem()
commitments = []
# Generate a new instance of ThresholdEncryptionSetUp
tSetUp = ThresholdEncryptionSetUp(cryptosystem, self.num_trustees,
self.threshold)
# Adding the keys from trustees
for i in range(self.num_trustees):
tSetUp.add_trustee_public_key(i, self.trustees[i].public_key)
# Generate commitmes for trustees
for i in range(self.num_trustees):
commitments.append(tSetUp.generate_commitment())
# generate_private_key must raise ThresholdEncryptionSetUpStateError
# if called without added commitments
self.assertRaises(ThresholdEncryptionSetUpStateError,
tSetUp.generate_private_key, 0,
self.trustees[0].private_key)
# Adding the first self.num_trustees - 1 commitments from trustees
for i in range(self.num_trustees - 1):
tSetUp.add_trustee_commitment(i, commitments[i])
# generate_private_key must raise ThresholdEncryptionSetUpStateError
# if called without all added commitments
self.assertRaises(ThresholdEncryptionSetUpStateError,
tSetUp.generate_private_key, 0,
self.trustees[0].private_key)
# Add the last commitments from trustees
tSetUp.add_trustee_commitment(self.num_trustees - 1,
commitments[self.num_trustees - 1])
# Must fail if the trustee doenst have his corresponding private_key
self.assertRaises(InvalidCommitmentError, tSetUp.generate_private_key,
0, self.trustees[1].private_key)
privatekey = tSetUp.generate_private_key(0,
self.trustees[0].private_key)
# The privatekey atributes must be the expected from tSetUp
self.assertTrue(privatekey.cryptosystem, cryptosystem)
self.assertEqual(privatekey.num_trustees, self.num_trustees)
self.assertEqual(privatekey.threshold, self.threshold)
self.assertEqual(privatekey.public_key, tSetUp.generate_public_key())
def test_generate_publickey(self):
"""
Creates a new ThresholdEncryptionSetUp and generate commitments for
all trustees add them to the ThresholdEncryptionSetUp
and generate a public key
"""
cryptosystem = get_cryptosystem()
commitments = []
# Generate a new instance of ThresholdEncryptionSetUp
tSetUp = ThresholdEncryptionSetUp(cryptosystem, self.num_trustees,
self.threshold)
# Adding the keys from trustees
for i in range(self.num_trustees):
tSetUp.add_trustee_public_key(i, self.trustees[i].public_key)
# Generate commitmes for trustees
for i in range(self.num_trustees):
commitments.append(tSetUp.generate_commitment())
# generate_commitment must raise ThresholdEncryptionSetUpStateError
# if called without added commitments
self.assertRaises(ThresholdEncryptionSetUpStateError,
tSetUp.generate_public_key)
# Adding the first self.num_trustees - 1 commitments from trustees
for i in range(self.num_trustees - 1):
tSetUp.add_trustee_commitment(i, commitments[i])
# generate_commitment must raise ThresholdEncryptionSetUpStateError
# if called without all added commitments
self.assertRaises(ThresholdEncryptionSetUpStateError,
tSetUp.generate_public_key)
# Add the last commitments from trustees
tSetUp.add_trustee_commitment(self.num_trustees - 1,
commitments[self.num_trustees - 1])
publickey = tSetUp.generate_public_key()
# The generated public key must have the same cryptosystem, trustees
# and threshold
self.assertEqual(publickey.cryptosystem, cryptosystem)
self.assertEqual(publickey.num_trustees, self.num_trustees)
self.assertEqual(publickey.threshold, self.threshold)
# Check that multiple calls generate the same public key
publickey2 = tSetUp.generate_public_key()
self.assertEqual(publickey2, publickey)
self.assertEqual(publickey2.get_fingerprint(),
publickey.get_fingerprint())
def test_partial_decryption(self):
"""
Create a ciphertext with the threshold public key and decrypt it and
create others ciphertext to prove IncompatibleCiphertextError
"""
tprk = self.tSetUp.generate_private_key(0,
self.trustees[0].private_key)
text_to_encrypt_dir = os.path.join(
os.path.dirname(__file__), "TestThresholdPrivateKey.resources")
text_to_encrypt = os.path.join(text_to_encrypt_dir, "text_to_encrypt")
text_encrypted = self.tpkey.encrypt_text(text_to_encrypt)
# Decrypt the file created with our public key must be fine
tprk.generate_partial_decryption(text_encrypted)
# Create another ThresholdEcryptuonSetUp with other 1024 bits
# cryptosys to create a cypthertext that cant be decrypted
second_cryptosys_file = os.path.join(
os.path.dirname(__file__),
"TestThresholdEncryptionSetUp.resources",
"test1024bits_second.pvcryptosys")
# Load the cryptosystem from file
second_cryptosys = EGCryptoSystem.from_file(second_cryptosys_file)
secondtSetUp = ThresholdEncryptionSetUp(second_cryptosys,
self.num_trustees,
self.threshold)
# Adding the keys from trustees for 2ndsetUp
for i in range(self.num_trustees):
secondtSetUp.add_trustee_public_key(i, self.trustees[i].public_key)
secondcommitments = []
# Generate commitmes for trustees for 2ndsetUp
for i in range(self.num_trustees):
secondcommitments.append(secondtSetUp.generate_commitment())
# Adding the secont trustees commitments
for i in range(self.num_trustees):
secondtSetUp.add_trustee_commitment(i, secondcommitments[i])
# Generate secon cryptosis publickey
secondtpkey = secondtSetUp.generate_public_key()
# Encrypt the file with the secon cryptosis publickey
secondtext_encrypted = secondtpkey.encrypt_text(text_to_encrypt)
# Try to decryp something created with other ThresholdEcryptuonSetUp
# must raise IncompatibleCiphertextError
self.assertRaises(IncompatibleCiphertextError,
tprk.generate_partial_decryption,
secondtext_encrypted)
# Create another ThresholdEcryptuonSetUp with other 512 bits
# cryptosys to create a cypthertext that cant be decrypted
third_cryptosys_file = os.path.join(
os.path.dirname(__file__),
"TestThresholdEncryptionSetUp.resources",
"test512bits.pvcryptosys")
# Load the cryptosystem from file
third_cryptosys = EGCryptoSystem.from_file(third_cryptosys_file)
thirdtSetUp = ThresholdEncryptionSetUp(third_cryptosys,
self.num_trustees,
self.threshold)
# Adding the keys from trustees for 2ndsetUp
for i in range(self.num_trustees):
thirdtSetUp.add_trustee_public_key(i, self.trustees[i].public_key)
thirdcommitments = []
# Generate commitmes for trustees for 2ndsetUp
for i in range(self.num_trustees):
thirdcommitments.append(thirdtSetUp.generate_commitment())
# Adding the secont trustees commitments
for i in range(self.num_trustees):
thirdtSetUp.add_trustee_commitment(i, thirdcommitments[i])
# Generate secon cryptosis publickey
thirdtpkey = thirdtSetUp.generate_public_key()
# Encrypt the file with the secon cryptosis publickey
thirdtext_encrypted = thirdtpkey.encrypt_text(text_to_encrypt)
# Try to decryp something created with other ThresholdEcryptuonSetUp
# must raise IncompatibleCiphertextError
self.assertRaises(IncompatibleCiphertextError,
tprk.generate_partial_decryption,
thirdtext_encrypted)
def test_generate_keypar(self):
"""
Creates a new ThresholdEncryptionSetUp and generate commitments for
all trustees add them to the ThresholdEncryptionSetUp
and generate a key par
"""
cryptosystem = get_cryptosystem()
commitments = []
# Generate a new instance of ThresholdEncryptionSetUp
tSetUp = ThresholdEncryptionSetUp(cryptosystem, self.num_trustees,
self.threshold)
# Adding the keys from trustees
for i in range(self.num_trustees):
tSetUp.add_trustee_public_key(i, self.trustees[i].public_key)
# Generate commitmes for trustees
for i in range(self.num_trustees):
commitments.append(tSetUp.generate_commitment())
# generate_key_pair must raise ThresholdEncryptionSetUpStateError
# if called without added commitments
self.assertRaises(ThresholdEncryptionSetUpStateError,
tSetUp.generate_key_pair, 0,
self.trustees[0].private_key)
# Adding the first self.num_trustees - 1 commitments from trustees
for i in range(self.num_trustees - 1):
tSetUp.add_trustee_commitment(i, commitments[i])
# generate_key_pair must raise ThresholdEncryptionSetUpStateError
# if called without all added commitments
self.assertRaises(ThresholdEncryptionSetUpStateError,
tSetUp.generate_key_pair, 0,
self.trustees[0].private_key)
# Add the last commitments from trustees
tSetUp.add_trustee_commitment(self.num_trustees - 1,
commitments[self.num_trustees - 1])
# Must fail if the trustee doesn't have his corresponding private_key
self.assertRaises(InvalidCommitmentError, tSetUp.generate_key_pair, 0,
self.trustees[1].private_key)
#TODO:
# How to test malicious commitmens or invalid ones
keypar = tSetUp.generate_key_pair(0, self.trustees[0].private_key)
# Test that InvalidCommitmentError is raised when given corrupt or
# malformed commitments.
replaced_idx = 1
malformed_commitment = copy.deepcopy(commitments[replaced_idx])
# We swap the first two public coefficients of the commitment, this
# generates an inconsistency between the stored public coefficients and
# the encrypted partial private keys.
temp = malformed_commitment.public_coefficients[1]
malformed_commitment.public_coefficients[1] = \
malformed_commitment.public_coefficients[0]
malformed_commitment.public_coefficients[0] = temp
tSetUp.add_trustee_commitment(replaced_idx, malformed_commitment)
self.assertRaises(InvalidCommitmentError, tSetUp.generate_key_pair, 1,
self.trustees[1].private_key)
def test_commitment_generation(self):
"""
Create a new ThresholdEncryptionSetUp, add the keys from trustees
and generate a commitment from those keys.
"""
cryptosystem = get_cryptosystem()
# Generate a new instance of ThresholdEncryptionSetUp
tSetUp = ThresholdEncryptionSetUp(cryptosystem, self.num_trustees,
self.threshold)
# Create another trustee to generate and prove errors
errorTrustee = Trustee()
# Must raise ValueError with invalid trustee value
self.assertRaises(ValueError, tSetUp.add_trustee_public_key, -1,
errorTrustee)
self.assertRaises(ValueError, tSetUp.add_trustee_public_key, 6,
errorTrustee)
# Must raise ThresholdEncryptionSetUpStateError with an invalid amount
# of trustee keys (0)
self.assertRaises(ThresholdEncryptionSetUpStateError,
tSetUp.generate_commitment)
# Adding the first self.num_trustees - 1 keys from trustees
for i in range(self.num_trustees - 1):
tSetUp.add_trustee_public_key(i, self.trustees[i].public_key)
# Must raise ThresholdEncryptionSetUpStateError with an invalid amount
# of trustee keys (self.num_trustees - 1)
self.assertRaises(ThresholdEncryptionSetUpStateError,
tSetUp.generate_commitment)
# Add the las key from trustees
tSetUp.add_trustee_public_key(
self.num_trustees - 1,
self.trustees[self.num_trustees - 1].public_key)
# Generate a commitment
commitment = tSetUp.generate_commitment()
# We check the cryptosystem, trustees number and threshold from the
# obtained commitment, must be the same we used to create the
# ThresholdEncryptionSetUp object
self.assertEqual(commitment.cryptosystem, cryptosystem)
self.assertEqual(commitment.num_trustees, self.num_trustees)
self.assertEqual(commitment.threshold, self.threshold)
# public_coefficients must have self.threshold coefficients with the
# form cryptosystem.generator^c % cryptosystem.prime where c is a
# random number in Z_{q}^* (prime = 2q + 1).
# We check theres is self.threshold coefficients and they are in
# Z_{p}^*
self.assertEqual(len(commitment.public_coefficients), self.threshold)
for coeff in commitment.public_coefficients:
self.assertTrue(1 <= coeff < cryptosystem.get_prime())
# encrypted_partial_private_keys has the values of a polynomial in
# Z_{q}^* in some point , encrypted with the private key of the
# correesponding trustee
# There should be as many encrypted_partial_private_keys as trustees.
self.assertEqual(len(commitment.encrypted_partial_private_keys),
self.num_trustees)
# Decrypt every partial private key and check that their values are in
# Z_{q}^*
q = (cryptosystem.get_prime() - 1) / 2 # p = 2q + 1
for i in range(self.num_trustees):
priv_key = self.trustees[i].private_key
# Decrypt
enc_pp_key = commitment.encrypted_partial_private_keys[i]
bitstream = priv_key.decrypt_to_bitstream(enc_pp_key)
bitstream.seek(0)
pp_key = bitstream.get_num(cryptosystem.get_nbits())
# Check the value myst be in Z_{q}^*
self.assertTrue(1 <= pp_key < q)
