def test_kfrag_serialization(alices_keys, bobs_keys):
delegating_privkey, signing_privkey = alices_keys
signer_alice = Signer(signing_privkey)
_receiving_privkey, receiving_pubkey = bobs_keys
kfrags = pre.split_rekey(delegating_privkey, signer_alice,
receiving_pubkey, 1, 2)
kfrag_bytes = kfrags[0].to_bytes()
curve = default_curve()
assert len(kfrag_bytes) == KFrag.expected_bytes_length(curve)
new_frag = pre.KFrag.from_bytes(kfrag_bytes)
assert new_frag._id == kfrags[0]._id
assert new_frag._bn_key == kfrags[0]._bn_key
assert new_frag._point_noninteractive == kfrags[0]._point_noninteractive
assert new_frag._point_commitment == kfrags[0]._point_commitment
assert new_frag._point_xcoord == kfrags[0]._point_xcoord
def test_kfrag_serialization(alices_keys, bobs_keys, kfrags):
delegating_privkey, signing_privkey = alices_keys
_receiving_privkey, receiving_pubkey = bobs_keys
for kfrag in kfrags:
kfrag_bytes = kfrag.to_bytes()
assert len(kfrag_bytes) == KFrag.expected_bytes_length()
new_kfrag = KFrag.from_bytes(kfrag_bytes)
assert new_kfrag._id == kfrag._id
assert new_kfrag._bn_key == kfrag._bn_key
assert new_kfrag._point_noninteractive == kfrag._point_noninteractive
assert new_kfrag._point_commitment == kfrag._point_commitment
assert new_kfrag._point_xcoord == kfrag._point_xcoord
assert new_kfrag.verify(signing_pubkey=signing_privkey.get_pubkey(),
delegating_pubkey=delegating_privkey.get_pubkey(),
receiving_pubkey=receiving_pubkey)
assert new_kfrag == kfrag
def test_kfrag_serialization(alices_keys, bobs_keys, kfrags):
delegating_privkey, signing_privkey = alices_keys
_receiving_privkey, receiving_pubkey = bobs_keys
for kfrag in kfrags:
kfrag_bytes = kfrag.to_bytes()
assert len(kfrag_bytes) == KFrag.expected_bytes_length()
new_kfrag = KFrag.from_bytes(kfrag_bytes)
assert new_kfrag.id == kfrag.id
assert new_kfrag._bn_key == kfrag._bn_key
assert new_kfrag._point_precursor == kfrag._point_precursor
assert new_kfrag._point_commitment == kfrag._point_commitment
assert new_kfrag.keys_in_signature == kfrag.keys_in_signature
assert new_kfrag.signature_for_proxy == kfrag.signature_for_proxy
assert new_kfrag.signature_for_bob == kfrag.signature_for_bob
assert new_kfrag.verify(
signing_pubkey=signing_privkey.get_pubkey(),
delegating_pubkey=delegating_privkey.get_pubkey(),
receiving_pubkey=receiving_pubkey)
assert new_kfrag == kfrag
class KeyStore(object):
"""
A storage class of cryptographic keys.
"""
kfrag_splitter = BytestringSplitter(Signature,
(KFrag, KFrag.expected_bytes_length()))
def __init__(self, sqlalchemy_engine=None):
"""
Initalizes a KeyStore object.
:param sqlalchemy_engine: SQLAlchemy engine object to create session
"""
self.engine = sqlalchemy_engine
Session = sessionmaker(bind=sqlalchemy_engine)
# This will probably be on the reactor thread for most production configs.
# Best to treat like hot lava.
self._session_on_init_thread = Session()
def add_key(self, key, is_signing=True, session=None) -> Key:
"""
:param key: Keypair object to store in the keystore.
:return: The newly added key object.
"""
session = session or self._session_on_init_thread
fingerprint = fingerprint_from_key(key)
key_data = bytes(key)
new_key = Key(fingerprint, key_data, is_signing)
session.add(new_key)
session.commit()
return new_key
def get_key(
self,
fingerprint: bytes,
session=None
) -> Union[keypairs.EncryptingKeypair, keypairs.SigningKeypair]:
"""
Returns a key from the KeyStore.
:param fingerprint: Fingerprint, in bytes, of key to return
:return: Keypair of the returned key.
"""
session = session or self._session_on_init_thread
key = session.query(Key).filter_by(fingerprint=fingerprint).first()
if not key:
raise NotFound(
"No key with fingerprint {} found.".format(fingerprint))
pubkey = UmbralPublicKey.from_bytes(key.key_data)
return pubkey
def del_key(self, fingerprint: bytes, session=None):
"""
Deletes a key from the KeyStore.
:param fingerprint: Fingerprint of key to delete
"""
session = session or self._session_on_init_thread
session.query(Key).filter_by(fingerprint=fingerprint).delete()
session.commit()
def add_policy_arrangement(
self,
expiration,
deposit,
hrac,
kfrag=None,
alice_pubkey_sig=None, # alice_pubkey_enc,
alice_signature=None,
session=None) -> PolicyArrangement:
"""
Creates a PolicyArrangement to the Keystore.
:return: The newly added PolicyArrangement object
"""
session = session or self._session_on_init_thread
alice_key_instance = session.query(Key).filter_by(
key_data=bytes(alice_pubkey_sig)).first()
if not alice_key_instance:
alice_key_instance = Key.from_umbral_key(alice_pubkey_sig,
is_signing=True)
# alice_pubkey_enc = self.add_key(alice_pubkey_enc)
# bob_pubkey_sig = self.add_key(bob_pubkey_sig)
new_policy_arrangement = PolicyArrangement(
expiration,
deposit,
hrac,
kfrag,
alice_pubkey_sig=alice_key_instance,
alice_signature=None, # bob_pubkey_sig.id
)
session.add(new_policy_arrangement)
session.commit()
return new_policy_arrangement
def get_policy_arrangement(self,
hrac: bytes,
session=None) -> PolicyArrangement:
"""
Returns the PolicyArrangement by its HRAC.
:return: The PolicyArrangement object
"""
session = session or self._session_on_init_thread
policy_arrangement = session.query(PolicyArrangement).filter_by(
hrac=hrac).first()
if not policy_arrangement:
raise NotFound(
"No PolicyArrangement with {} HRAC found.".format(hrac))
return policy_arrangement
def del_policy_arrangement(self, hrac: bytes, session=None):
"""
Deletes a PolicyArrangement from the Keystore.
"""
session = session or self._session_on_init_thread
session.query(PolicyArrangement).filter_by(hrac=hrac).delete()
session.commit()
def attach_kfrag_to_saved_arrangement(self,
alice,
hrac_as_hex,
kfrag,
session=None):
session = session or self._session_on_init_thread
policy_arrangement = session.query(PolicyArrangement).filter_by(
hrac=hrac_as_hex.encode()).first()
if policy_arrangement is None:
raise NotFound(
"Can't attach a kfrag to non-existent Arrangement with hrac {}"
.format(hrac_as_hex))
if policy_arrangement.alice_pubkey_sig.key_data != alice.stamp:
raise alice.SuspiciousActivity
policy_arrangement.k_frag = bytes(kfrag)
session.commit()
def add_workorder(self,
bob_pubkey_sig,
bob_signature,
hrac,
session=None) -> Workorder:
"""
Adds a Workorder to the keystore.
"""
session = session or self._session_on_init_thread
bob_pubkey_sig = self.add_key(bob_pubkey_sig)
new_workorder = Workorder(bob_pubkey_sig.id, bob_signature, hrac)
session.add(new_workorder)
session.commit()
return new_workorder
def get_workorders(self, hrac: bytes, session=None) -> Workorder:
"""
Returns a list of Workorders by HRAC.
"""
session = session or self._session_on_init_thread
workorders = session.query(Workorder).filter_by(hrac=hrac)
if not workorders:
raise NotFound("No Workorders with {} HRAC found.".format(hrac))
return workorders
def del_workorders(self, hrac: bytes, session=None):
"""
Deletes a Workorder from the Keystore.
"""
session = session or self._session_on_init_thread
workorders = session.query(Workorder).filter_by(hrac=hrac)
deleted = workorders.delete()
session.commit()
return deleted
