def test_key_encoder_decoder(random_ec_curvebn1): priv_key = random_ec_curvebn1 umbral_key = UmbralPrivateKey(priv_key, default_params()) encoded_key = umbral_key.to_bytes(encoder=base64.urlsafe_b64encode) decoded_key = UmbralPrivateKey.from_bytes(encoded_key, decoder=base64.urlsafe_b64decode) assert decoded_key.to_bytes() == umbral_key.to_bytes()
def _encrypt_credential_and_voter_short_private_key( self, credential: Tuple[UmbralPublicKey, Signer], private_key: UmbralPrivateKey) -> Dict[str, Tuple[bytes, Capsule]]: """encrypt credential and voter short private key Arguments: credential {Tuple[UmbralPublicKey, Signer]} private_key {UmbralPrivateKey} Returns: Dict[str, Tuple[bytes, Capsule]] -- need to save Capsule """ credential_bytes = credential[0].to_bytes() + bytes(credential[1]) private_key_bytes = private_key.to_bytes() (enc_credential, c_capsule) = encrypt(self.public_key, credential_bytes) (enc_private_key, p_capsule) = encrypt(self.public_key, private_key_bytes) voter_public_key = credential[0] for capsule in (c_capsule, p_capsule): capsule.set_correctness_keys(delegating=self.public_key, receiving=voter_public_key, verifying=self.verifying_key) return { "credential": (enc_credential, c_capsule), "private_key": (enc_private_key, p_capsule) }
def _encrypt_umbral_key(wrapping_key: bytes, umbral_key: UmbralPrivateKey) -> bytes: """ Encrypts a key with nacl's XSalsa20-Poly1305 algorithm (SecretBox). Returns an encrypted key as bytes with the nonce appended. """ # TODO: Deprecate this method once key wrapping is refined in pyumbral return bytes(SecretBox(wrapping_key).encrypt(umbral_key.to_bytes()))
def test_public_key_serialization(random_ec_curvebn1): umbral_key = UmbralPrivateKey(random_ec_curvebn1, default_params()).get_pubkey() pub_point = umbral_key.point_key encoded_key = umbral_key.to_bytes() decoded_key = UmbralPublicKey.from_bytes(encoded_key) assert pub_point == decoded_key.point_key
def test_private_key_serialization(random_ec_curvebn1): priv_key = random_ec_curvebn1 umbral_key = UmbralPrivateKey(priv_key, default_params()) encoded_key = umbral_key.to_bytes() decoded_key = UmbralPrivateKey.from_bytes(encoded_key) assert priv_key == decoded_key.bn_key
def _encrypt_umbral_key(wrapping_key: bytes, umbral_key: UmbralPrivateKey) -> Dict[str, bytes]: """ Encrypts a key with nacl's XSalsa20-Poly1305 algorithm (SecretBox). Returns an encrypted key as bytes with the nonce appended. """ nonce = os.urandom(__NONCE_LENGTH) ciphertext = SecretBox(wrapping_key).encrypt(umbral_key.to_bytes(), nonce).ciphertext return {'nonce': nonce, 'key': ciphertext}
def create_policy(self, label: bytes, alice_privkey: UmbralPrivateKey, bob_pubkey: UmbralPublicKey, policy_expiration, m: int, n: int): """ Create a Policy with Alice granting Bob access to `label` DataSource :param label: A label to represent the policies data :param alice_privkey: Alice's private key :param bob_pubkey: Bob's public key :param policy_expiration: Datetime of policy expiration duration :param m: Minimum number of KFrags needed to rebuild ciphertext :param n: Total number of rekey shares to generate :return: The policy granted to Bob """ # This is not how this should be implemented, but I am still figuring out # the keying material and why it is randomly generated when a character is # initialized, instead of being derived from the keys like the other powers # or explained how it should be stored. d = DelegatingPower() d.umbral_keying_material = UmbralKeyingMaterial.from_bytes( alice_privkey.to_bytes() + alice_privkey.get_pubkey().to_bytes()) # Initialize Alice ALICE = Alice( crypto_power_ups=[ SigningPower(keypair=SigningKeypair(alice_privkey)), EncryptingPower(keypair=EncryptingKeypair(alice_privkey)), # DelegatingPower d ], network_middleware=RestMiddleware(), known_nodes=(self.ursula, ), federated_only=True, always_be_learning=True) # Initialize Bob BOB = Bob(crypto_power_ups=[ SigningPower(pubkey=bob_pubkey), EncryptingPower(pubkey=bob_pubkey) ], known_nodes=(self.ursula, ), federated_only=True, always_be_learning=True) # Alice grants a policy for Bob policy = ALICE.grant(BOB, label, m=m, n=n, expiration=policy_expiration) return policy
def test_private_key_serialization_with_encryption(random_ec_curvebn1): priv_key = random_ec_curvebn1 umbral_key = UmbralPrivateKey(priv_key, default_params()) insecure_cost = 15 # This is deliberately insecure, just to make the tests faster encoded_key = umbral_key.to_bytes(password=b'test', _scrypt_cost=insecure_cost) decoded_key = UmbralPrivateKey.from_bytes(encoded_key, password=b'test', _scrypt_cost=insecure_cost) assert priv_key == decoded_key.bn_key
def _encrypt_umbral_key(wrapping_key: bytes, umbral_key: UmbralPrivateKey) -> dict: """ Encrypts a key with nacl's XSalsa20-Poly1305 algorithm (SecretBox). Returns an encrypted key as bytes with the nonce appended. """ nonce = os.urandom(24) enc_key = SecretBox(wrapping_key).encrypt(umbral_key.to_bytes(), nonce) crypto_data = { 'nonce': urlsafe_b64encode(nonce).decode(), 'enc_key': urlsafe_b64encode(enc_key).decode() } return crypto_data
def test_public_key_to_uncompressed_bytes(random_ec_curvebn1): umbral_key = UmbralPrivateKey(random_ec_curvebn1, default_params()).get_pubkey() key_bytes = umbral_key.to_bytes(is_compressed=False) assert len(key_bytes) == Point.expected_bytes_length(is_compressed=False)