def test_det_row_search(self):
config = '[row]\n'+\
'key_id = Pycrypto_AES_SIV\n'+\
'encryption = Pycrypto_AES_SIV\n'
self._run_search(config, 'brow', None, [
Cell('brow', 'cf1', 'cq1', '', 6, 'val1'),
Cell('brow', 'cf2', 'cq2', '', 7, 'val2')
])
def test_unencrypted_search(self):
config = '[colFamily]\n'+\
'key_id = Pycrypto_AES_CBC\n'+\
'cell_sections = colFamily\n'+\
'encryption = Pycrypto_AES_CBC\n'
self._run_search(config, 'brow', None, [
Cell('brow', 'cf1', 'cq1', '', 6, 'val1'),
Cell('brow', 'cf2', 'cq2', '', 7, 'val2')
])
def test_det_row_cf_search(self):
config = '[row]\n'+\
'key_id = Pycrypto_AES_SIV\n'+\
'encryption = Pycrypto_AES_SIV\n'+\
'[colFamily]\n'+\
'key_id = Pycrypto_AES_SIV\n'+\
'cell_sections = colFamily\n'+\
'encryption = Pycrypto_AES_SIV\n'
self._run_search(config, 'brow', [['cf1']],
[Cell('brow', 'cf1', 'cq1', '', 6, 'val1')])
self._run_search(config, 'arow', [['cf1'], ['cf3']], [
Cell('arow', 'cf1', 'cq1', '', 1, 'val1'),
Cell('arow', 'cf1', 'cq1', '', 3, 'val3'),
Cell('arow', 'cf3', 'cq4', '', 5, 'val5')
])
def test_det_non_det_search(self):
config = '[row]\n'+\
'key_id = Pycrypto_AES_SIV\n'+\
'encryption = Pycrypto_AES_SIV\n'+\
'[colFamily]\n'+\
'key_id = Pycrypto_AES_CBC\n'+\
'cell_sections = colFamily\n'+\
'encryption = Pycrypto_AES_CBC\n'+\
'[colQualifier]\n'+\
'key_id = Pycrypto_AES_SIV\n'+\
'cell_sections = colQualifier\n'+\
'encryption = Pycrypto_AES_CBC\n'
self._run_search(config, 'brow', None, [
Cell('brow', 'cf1', 'cq1', '', 6, 'val1'),
Cell('brow', 'cf2', 'cq2', '', 7, 'val2')
])
def test_det_cq_search(self):
config = '[colQualifier]\n'+\
'key_id = Pycrypto_AES_SIV\n'+\
'cell_sections = colQualifier\n'+\
'encryption = Pycrypto_AES_SIV\n'
self._run_search(config, 'brow', [['cf1', 'cq1']],
[Cell('brow', 'cf1', 'cq1', '', 6, 'val1')])
def _split_entry(self, entry):
# Value format: <metadata>|<signature>|<actual value>
metadata, sig, value = string.split(entry.val, '|', maxsplit=2)
tup = (entry.row, entry.cf, entry.cq, entry.cv, None, value)
return (SignedEntry(cell_string=str(tup), metadata=metadata,
sig=sig), Cell(*tup))
def test_get_and_split_values(self):
'''
Tests get_values_by_cell_string and split_values_by_cell_string
'''
mut = EncMutation(self.mut,self.encryptor_dict)
values = EncMutation.concatenate_cell_section_values(mut, ['colFamily','colQualifier'])
self.assertEqual(values, ['cf1+cq1'])
split_values = EncMutation.split_values(values)
self.assertEqual(split_values, [('cf1',),('cq1',)])
cell = Cell('row','cf','cq','cv',1234,'val')
value = EncCell.get_value_by_cell_string(cell._asdict(), ['colFamily', 'colQualifier'])
self.assertEqual(value, 'cf+cq')
split_value = EncCell.split_value_by_cell_string(value)
self.assertEqual(split_value,['cf','cq'])
def test_encrypt_decrypt_cell(self):
'''
Tests encrypt then decrypt functionality of EncCell
'''
cell = Cell('row','cf','cq','cv',1234,'val')
enc_cell = EncCell.encrypt(cell, self.encryptor_dict)
dec_cell = EncCell.decrypt(enc_cell, self.encryptor_dict)
self.assertEqual(cell, dec_cell,
str(dec_cell) + " was not correctly encrypted and decrypted " +\
"should be " + str(cell))
def test_decrypt_cell(self):
'''
Tests decryption functionality of EncCell when
decryption is identity function
'''
cell = Cell('row','cf','cq','cv',1234,'val')
dec_cell = EncCell.decrypt(cell, self.encryptor_dict_identity)
self.assertEqual(cell, dec_cell,
str(dec_cell) + " was not correctly handled during decyption process " +\
"should be " + str(cell))
def _split_entry(self, entry):
""" Extract the original visibility, signature, and other signature
metadata from the visibility field.
This function assumes that the entry has been signed, and that the
signature metadata is put in quotation marks and appended to the
end of the visibility field, as follows:
<original visibility field>|",<metadata>,<base 64 encoded signature>,"
keyword arguments:
entry - a pyaccumulo entry
Returns two values:
- A named tuple containing the original string, the
metadata associated with the signature (either the signature
algorithm's name or the signer's ID), and the signature itself.
- A Cell object (from pyaccumulo) representing the original
cell, without metadata
"""
#split the visibility field into actual visibility and
#signature
full_vis = entry.cv
pieces = full_vis.split(',')
# Check a couple of simple invariants about the signature field.
# Note that these will NOT prevent the code from interpreting any
# malformed or unsigned piece of metadata, but they should catch a
# lot of cases, and help provide better error messages in the case
# that an entry up for verification was not actually signed.
if len(pieces) < 4:
raise VerificationException(
'Visibility field contains too few entries to contain metadata'
)
if not (pieces[-1] == '"' and pieces[-4][-2:] == '|"'):
raise VerificationException(
'Visibility field contains wrong formatting for signature metadata'
)
metadata, sig = pieces[-3:-1]
# Join up with any other commas that may have existed, and truncate
# the trailing |" that was added to the end, before the first
# metadata comma.
cell_vis = ','.join(pieces[0:-3])[:-2]
#construct the data tuple and convert it to a string
tup = (entry.row, entry.cf, entry.cq, cell_vis, None, entry.val)
cell_string = str(tup)
return SignedEntry(cell_string=cell_string, metadata=metadata,
sig=sig), Cell(*tup)
def decrypt(cell, encryptor_dict):
'''
Arguments:
cell - cell to be encrypted
encryptor_dict - dictionary keyed by cell location
containing a tuple of the encryptor class and also
contains the key object for retrieving the key
Returns new cell with all locations in cell decrypted
that are noted in encryptor_dict
'''
cell_dict = cell._asdict()
dec_cell = cell_dict.copy()
for (cell_string, encryptor) in encryptor_dict.items():
encryptor.encryption.decrypt_cell(cell_dict, dec_cell,
encryptor.key_container,
cell_string,
encryptor.cell_sections)
return Cell(*[dec_cell[field] for field in CELL_ORDER])
def _check_encrypt_decrypt_cell(encClass):
'''
Tests the encrypt then decryption functionality of the various algorithms
on cells
'''
config = stringio.StringIO(
'[colFamily]\n'+\
'key_id = '+ encClass.name +'\n'+\
'encryption = ' + encClass.name)
encryptor_dict = _create_encryptor_dict(config)
cell = Cell('row', 'cf', 'cq', '(a&b)|c', 1234, 'val')
enc_cell = EncCell.encrypt(cell, encryptor_dict)
dec_cell = EncCell.decrypt(enc_cell, encryptor_dict)
eq_(cell, dec_cell,
str(dec_cell) + " was not correctly encrypted and decrypted " +\
"should be " + str(cell))