def test_charm_crypto():
# instantiate a bilinear pairing map
pairing_group = PairingGroup('MNT224')
cpabe = CPabe_BSW07(pairing_group)
hyb_abe = HybridABEnc(cpabe, pairing_group)
# run the set up
(pk, msk) = hyb_abe.setup() # Public Key and Master SECRET Key
# generate a key
attr_list = ['U-11890454', 'D-46', 'D-46-GUEST']
key = hyb_abe.keygen(pk, msk, attr_list)
serialized_pk = serialize_charm_object(pk, pairing_group)
pk = deserialize_charm_object(serialized_pk, pairing_group)
serialized_key = serialize_charm_object(key, pairing_group)
key = deserialize_charm_object(serialized_key, pairing_group)
# choose a random message
msg = "Hello World"
# generate a ciphertext
policy_str = '(u-11890454 OR d-46 OR d-46-GUEST)' # evaluates to "((U-11890454 or D-46) or D-46-GUEST)" - see upper chars
ctxt = hyb_abe.encrypt(pk, msg, policy_str)
policy_str = '(u-1 AND d-46 AND d-46-GUEST)' # Re-encrypted data with new policy
ctxt2 = hyb_abe.encrypt(pk, msg, policy_str)
# decryption
rec_msg = hyb_abe.decrypt(pk, key, ctxt).decode("utf-8")
with pytest.raises(Exception):
hyb_abe.decrypt(pk, key, ctxt2)
assert rec_msg == msg, "Failed." # "First successfully decrypted, second not."
def decrypt():
decryptor = AttrAuthUser.get_using_jwt_token(request.headers.get("Authorization", None))
owner_api_username = request.args.get("api_username", None)
serialized_ciphertext = request.args.get("ciphertext", None)
arg_check = check_missing_request_argument(
(owner_api_username, OWNER_API_USERNAME_MISSING_ERROR_MSG),
(serialized_ciphertext, CIPHERTEXT_MISSING_ERROR_MSG))
if arg_check is not True:
return arg_check
pairing_group = create_pairing_group()
cp_abe = create_cp_abe()
data_owner = db.session.query(AttrAuthUser) \
.filter(AttrAuthUser.api_username == owner_api_username) \
.first()
if data_owner is None:
return http_json_response(False, 400, **{"error": INVALID_OWNER_API_USERNAME_ERROR_MSG})
public_key = deserialize_charm_object(data_owner.master_keypair.data_public, pairing_group)
private_key = deserialize_charm_object(get_private_key_based_on_owner(decryptor, data_owner).data, pairing_group)
ciphertext = deserialize_charm_object(str.encode(serialized_ciphertext), pairing_group)
try:
plaintext = cp_abe.decrypt(public_key, private_key, ciphertext)
except:
return http_json_response(False, 400, **{"error": COULD_NOT_DECRYPT_ERROR_MSG})
# return plaintext
return http_json_response(**{'plaintext': plaintext.decode("utf-8")})
def decrypt_using_abe_serialized_key(serialized_ciphertext, serialized_pk,
serialized_sk):
pairing_group = create_pairing_group()
cp_abe = create_cp_abe()
try:
public_key = deserialize_charm_object(str.encode(serialized_pk),
pairing_group)
private_key = deserialize_charm_object(str.encode(serialized_sk),
pairing_group)
ciphertext = deserialize_charm_object(
str.encode(serialized_ciphertext), pairing_group)
except (binascii.Error, zlib.error):
raise Exception("One of the serialized objects is invalid.")
plaintext = cp_abe.decrypt(public_key, private_key, ciphertext)
return plaintext.decode("utf-8")
def test_serialize_and_deserialize_pk():
pairing_group = create_pairing_group()
cp_abe = create_cp_abe()
public_key, master_key = cp_abe.setup()
assert public_key == deserialize_charm_object(
serialize_charm_object(public_key, pairing_group), pairing_group)
def encrypt_using_abe_serialized_key(pk, plaintext, policy_string):
pairing_group = create_pairing_group()
cp_abe = create_cp_abe()
try:
public_key = deserialize_charm_object(str.encode(pk), pairing_group)
except binascii.Error:
raise Exception("Invalid public key.")
ciphertext = cp_abe.encrypt(public_key, str(plaintext), policy_string)
return serialize_charm_object(ciphertext, pairing_group).decode("utf-8")
def test_keygen_already_has_key_from_owner(client, app_and_ctx,
attr_auth_access_token_one,
attr_auth_access_token_two):
data = {
"access_token": attr_auth_access_token_one,
"attr_list": "1 1-2 1-GUEST",
"api_username": "******",
"device_id": "1"
}
app, ctx = app_and_ctx
with app.app_context():
receiver = AttrAuthUser.get_by_id(2) # TestUser access_token
old_private_key = next(key for key in receiver.private_keys
if key.challenger_id == 1)
old_private_key_data = old_private_key.data
old_private_key_key_update = old_private_key.key_update
private_keys_num = len(receiver.private_keys)
assert_got_data_from_post(client, '/attr_auth/user/keygen', data)
receiver = AttrAuthUser.get_by_id(2) # TestUser access_token
new_private_key = next(key for key in sorted(
receiver.private_keys, key=lambda p: p.key_update, reverse=True)
if key.challenger_id == 1)
assert old_private_key_data != new_private_key.data
assert old_private_key_key_update < new_private_key.key_update
assert len(receiver.private_keys) > private_keys_num
# Try to encrypt and decrypt
pairing_group = create_pairing_group()
cp_abe = create_cp_abe()
plaintext = "Hello World"
data_owner = AttrAuthUser.get_by_id(1)
policy_str = '(1-GUEST)'
public_key = deserialize_charm_object(
data_owner.master_keypair.data_public, pairing_group)
new_private_key = deserialize_charm_object(new_private_key.data,
pairing_group)
ciphertext = cp_abe.encrypt(public_key, plaintext, policy_str)
decrypted_msg = cp_abe.decrypt(public_key, new_private_key, ciphertext)
assert plaintext == decrypted_msg.decode("utf-8")
def test_keygen_doesnt_have_key_from_owner(client, app_and_ctx,
attr_auth_access_token_one,
attr_auth_access_token_two):
data = {
"access_token": attr_auth_access_token_two,
"attr_list": "2 2-1 2-GUEST",
"api_username": "******",
"device_id": "1"
}
app, ctx = app_and_ctx
with app.app_context():
receiver = AttrAuthUser.get_by_id(1)
num_of_old_keys = len(receiver.private_keys)
assert_got_data_from_post(client, '/attr_auth/user/keygen', data)
receiver = AttrAuthUser.get_by_id(1)
new_private_key = next(key for key in receiver.private_keys
if key.challenger_id == 2)
assert len(receiver.private_keys) == num_of_old_keys + 1
# Try to encrypt and decrypt
pairing_group = create_pairing_group()
cp_abe = create_cp_abe()
plaintext = "Hello World"
data_owner = AttrAuthUser.get_by_id(2)
policy_str = '(2-GUEST)'
public_key = deserialize_charm_object(
data_owner.master_keypair.data_public, pairing_group)
new_private_key = deserialize_charm_object(new_private_key.data,
pairing_group)
ciphertext = cp_abe.encrypt(public_key, plaintext, policy_str)
decrypted_msg = cp_abe.decrypt(public_key, new_private_key, ciphertext)
assert plaintext == decrypted_msg.decode("utf-8")
def encrypt():
data_owner = AttrAuthUser.get_using_jwt_token(request.headers.get("Authorization", None))
plaintext = request.args.get("message", None)
policy_string = request.args.get("policy_string", None)
arg_check = check_missing_request_argument(
(plaintext, MESSAGE_MISSING_ERROR_MSG),
(policy_string, POLICY_STRING_MISSING_ERROR_MSG))
if arg_check is not True:
return arg_check
pairing_group = create_pairing_group()
cp_abe = create_cp_abe()
public_key = deserialize_charm_object(data_owner.master_keypair.data_public, pairing_group)
ciphertext = cp_abe.encrypt(public_key, plaintext, policy_string)
# return ciphertext
return http_json_response(**{'ciphertext': serialize_charm_object(ciphertext, pairing_group).decode("utf-8")})
def test_create_private_key():
pairing_group = create_pairing_group()
cp_abe = create_cp_abe()
public_key, master_key = cp_abe.setup()
serialized_public_key = serialize_charm_object(public_key, pairing_group)
serialized_master_key = serialize_charm_object(master_key, pairing_group)
serialized_private_key = create_private_key(serialized_master_key,
serialized_public_key,
["1", "1-2", "1-GUEST"])
plaintext_in = "stuff"
policy_string = "(1)"
ciphertext = cp_abe.encrypt(public_key, plaintext_in, policy_string)
private_key = deserialize_charm_object(serialized_private_key,
pairing_group)
plaintext_out = cp_abe.decrypt(public_key, private_key, ciphertext)
assert plaintext_in == plaintext_out.decode()