2017-09-28 00:07:36 +00:00
|
|
|
from kademlia.network import Server
|
2017-10-17 04:45:43 +00:00
|
|
|
|
2017-10-11 02:18:24 +00:00
|
|
|
from nkms.crypto import api
|
2017-10-13 02:11:07 +00:00
|
|
|
from nkms.crypto.constants import NOT_SIGNED, NO_DECRYPTION_PERFORMED
|
2017-10-17 21:01:25 +00:00
|
|
|
from nkms.crypto.powers import CryptoPower, SigningPower, EncryptingPower
|
2017-09-28 00:07:36 +00:00
|
|
|
from nkms.network.server import NuCypherDHTServer, NuCypherSeedOnlyDHTServer
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class Character(object):
|
|
|
|
|
"""
|
|
|
|
|
A base-class for any character in our cryptography protocol narrative.
|
|
|
|
|
"""
|
|
|
|
|
_server = None
|
|
|
|
|
_server_class = Server
|
2017-10-05 19:20:53 +00:00
|
|
|
_actor_mapping = {}
|
2017-10-07 02:29:07 +00:00
|
|
|
_default_crypto_powerups = None
|
2017-09-28 00:07:36 +00:00
|
|
|
|
2017-10-09 21:03:16 +00:00
|
|
|
class NotFound(KeyError):
|
2017-10-06 00:26:41 +00:00
|
|
|
"""raised when we try to interact with an actor of whom we haven't learned yet."""
|
|
|
|
|
|
2017-10-07 02:29:07 +00:00
|
|
|
def __init__(self, attach_server=True, crypto_power: CryptoPower = None,
|
|
|
|
|
crypto_power_ups=[]):
|
|
|
|
|
"""
|
|
|
|
|
:param attach_server: Whether to attach a Server when this Character is born.
|
|
|
|
|
:param crypto_power: A CryptoPower object; if provided, this will be the character's CryptoPower.
|
|
|
|
|
:param crypto_power_ups: If crypto_power is not provided, a new CryptoPower will be made and
|
|
|
|
|
will consume all of the CryptoPowerUps in this list.
|
|
|
|
|
|
|
|
|
|
If neither crypto_power nor crypto_power_ups are provided, we give this Character all CryptoPowerUps
|
|
|
|
|
listed in their _default_crypto_powerups attribute.
|
|
|
|
|
"""
|
2017-10-07 03:49:59 +00:00
|
|
|
if crypto_power and crypto_power_ups:
|
|
|
|
|
raise ValueError("Pass crypto_power or crypto_power_ups (or neither), but not both.")
|
|
|
|
|
|
2017-09-28 00:07:36 +00:00
|
|
|
if attach_server:
|
|
|
|
|
self.attach_server()
|
2017-10-07 02:29:07 +00:00
|
|
|
if crypto_power:
|
|
|
|
|
self._crypto_power = crypto_power
|
|
|
|
|
elif crypto_power_ups:
|
|
|
|
|
self._crypto_power = CryptoPower(power_ups=crypto_power_ups)
|
|
|
|
|
else:
|
|
|
|
|
self._crypto_power = CryptoPower(self._default_crypto_powerups)
|
2017-10-06 00:26:41 +00:00
|
|
|
|
|
|
|
|
class Seal(object):
|
|
|
|
|
"""
|
|
|
|
|
Can be called to sign something or used to express the signing public key as bytes.
|
|
|
|
|
"""
|
2017-10-14 22:07:10 +00:00
|
|
|
__call__ = self._crypto_power.sign
|
|
|
|
|
|
|
|
|
|
def _as_tuple(seal):
|
|
|
|
|
return self._crypto_power.pubkey_sig_tuple()
|
2017-10-07 02:29:07 +00:00
|
|
|
|
2017-10-14 22:07:10 +00:00
|
|
|
def __iter__(seal):
|
|
|
|
|
yield from seal._as_tuple()
|
2017-10-07 02:29:07 +00:00
|
|
|
|
2017-10-14 22:07:10 +00:00
|
|
|
def __bytes__(seal):
|
2017-10-17 05:25:16 +00:00
|
|
|
return self._crypto_power.pubkey_sig_bytes()
|
2017-10-06 00:26:41 +00:00
|
|
|
|
2017-10-14 22:07:10 +00:00
|
|
|
def __eq__(seal, other):
|
2017-10-15 00:00:02 +00:00
|
|
|
return other == seal._as_tuple() or other == bytes(seal)
|
2017-10-07 02:29:07 +00:00
|
|
|
|
2017-10-06 00:26:41 +00:00
|
|
|
self.seal = Seal()
|
2017-09-28 00:07:36 +00:00
|
|
|
|
|
|
|
|
def attach_server(self, ksize=20, alpha=3, id=None, storage=None,
|
|
|
|
|
*args, **kwargs) -> None:
|
|
|
|
|
self._server = self._server_class(ksize, alpha, id, storage, *args, **kwargs)
|
|
|
|
|
|
|
|
|
|
@property
|
|
|
|
|
def server(self) -> Server:
|
|
|
|
|
if self._server:
|
|
|
|
|
return self._server
|
|
|
|
|
else:
|
|
|
|
|
raise RuntimeError("Server hasn't been attached.")
|
|
|
|
|
|
2017-10-14 22:07:10 +00:00
|
|
|
@property
|
|
|
|
|
def name(self):
|
|
|
|
|
return self.__class__.__name__
|
|
|
|
|
|
2017-10-07 02:29:07 +00:00
|
|
|
def learn_about_actor(self, actor):
|
|
|
|
|
self._actor_mapping[actor.id()] = actor
|
2017-10-05 19:20:53 +00:00
|
|
|
|
|
|
|
|
def encrypt_for(self, recipient: str, cleartext: bytes, sign: bool = True,
|
2017-10-13 21:06:33 +00:00
|
|
|
sign_cleartext=True) -> tuple:
|
2017-10-05 19:20:53 +00:00
|
|
|
"""
|
|
|
|
|
Looks up recipient actor, finds that actor's pubkey_enc on our keyring, and encrypts for them.
|
|
|
|
|
Optionally signs the message as well.
|
|
|
|
|
|
|
|
|
|
:param recipient: The character whose public key will be used to encrypt cleartext.
|
2017-10-06 00:26:41 +00:00
|
|
|
:param cleartext: The secret to be encrypted.
|
2017-10-05 19:20:53 +00:00
|
|
|
:param sign: Whether or not to sign the message.
|
|
|
|
|
:param sign_cleartext: When signing, the cleartext is signed if this is True, Otherwise, the resulting ciphertext is signed.
|
|
|
|
|
:return: A tuple, (ciphertext, signature). If sign==False, then signature will be NOT_SIGNED.
|
|
|
|
|
"""
|
|
|
|
|
actor = self._lookup_actor(recipient)
|
2017-10-13 02:11:07 +00:00
|
|
|
|
2017-10-17 04:45:43 +00:00
|
|
|
ciphertext = self._crypto_power.encrypt_for(actor.public_key(EncryptingPower),
|
|
|
|
|
cleartext)
|
2017-10-05 19:20:53 +00:00
|
|
|
if sign:
|
|
|
|
|
if sign_cleartext:
|
2017-10-11 05:39:25 +00:00
|
|
|
signature = self.seal(cleartext)
|
2017-10-05 19:20:53 +00:00
|
|
|
else:
|
2017-10-11 05:39:25 +00:00
|
|
|
signature = self.seal(ciphertext)
|
2017-10-05 19:20:53 +00:00
|
|
|
else:
|
|
|
|
|
signature = NOT_SIGNED
|
|
|
|
|
|
|
|
|
|
return ciphertext, signature
|
|
|
|
|
|
2017-10-13 04:31:03 +00:00
|
|
|
def verify_from(self, actor_whom_sender_claims_to_be: "Character", signature: bytes,
|
2017-10-17 03:13:38 +00:00
|
|
|
message: bytes, decrypt=False,
|
2017-10-13 21:06:33 +00:00
|
|
|
signature_is_on_cleartext=False) -> tuple:
|
2017-10-05 19:20:53 +00:00
|
|
|
"""
|
|
|
|
|
Inverse of encrypt_for.
|
|
|
|
|
|
2017-10-13 04:31:03 +00:00
|
|
|
:param actor_that_sender_claims_to_be: A Character instance representing the actor whom the sender claims to be. We check the public key owned by this Character instance to verify.
|
|
|
|
|
:param messages: The messages to be verified.
|
|
|
|
|
:param decrypt: Whether or not to decrypt the messages.
|
|
|
|
|
:param signature_is_on_cleartext: True if we expect the signature to be on the cleartext. Otherwise, we presume that the ciphertext is what is signed.
|
|
|
|
|
:return: (Whether or not the signature is valid, the decrypted plaintext or NO_DECRYPTION_PERFORMED)
|
2017-10-05 19:20:53 +00:00
|
|
|
"""
|
2017-10-13 02:11:07 +00:00
|
|
|
cleartext = NO_DECRYPTION_PERFORMED
|
|
|
|
|
if signature_is_on_cleartext:
|
|
|
|
|
if decrypt:
|
2017-10-17 03:13:38 +00:00
|
|
|
cleartext = self._crypto_power.decrypt(message)
|
2017-10-13 02:11:07 +00:00
|
|
|
msg_digest = api.keccak_digest(cleartext)
|
|
|
|
|
else:
|
|
|
|
|
raise ValueError(
|
|
|
|
|
"Can't look for a signature on the cleartext if we're not decrypting.")
|
|
|
|
|
else:
|
2017-10-17 03:13:38 +00:00
|
|
|
msg_digest = api.keccak_digest(message)
|
2017-10-13 02:11:07 +00:00
|
|
|
|
2017-10-05 19:20:53 +00:00
|
|
|
actor = self._lookup_actor(actor_whom_sender_claims_to_be)
|
2017-10-14 22:07:10 +00:00
|
|
|
signature_pub_key = actor.seal
|
2017-10-13 02:11:07 +00:00
|
|
|
|
2017-10-11 02:18:24 +00:00
|
|
|
sig = api.ecdsa_load_sig(signature)
|
2017-10-13 02:11:07 +00:00
|
|
|
return api.ecdsa_verify(*sig, msg_digest, signature_pub_key), cleartext
|
2017-10-05 19:20:53 +00:00
|
|
|
|
2017-10-07 02:29:07 +00:00
|
|
|
def _lookup_actor(self, actor: "Character"):
|
2017-10-05 19:20:53 +00:00
|
|
|
try:
|
2017-10-07 02:29:07 +00:00
|
|
|
return self._actor_mapping[actor.id()]
|
2017-10-06 00:26:41 +00:00
|
|
|
except KeyError:
|
2017-10-09 21:03:16 +00:00
|
|
|
raise self.NotFound("We haven't learned of an actor with ID {}".format(actor.id()))
|
2017-10-07 02:29:07 +00:00
|
|
|
|
|
|
|
|
def id(self):
|
|
|
|
|
return "whatever actor id ends up being - {}".format(id(self))
|
2017-10-05 19:20:53 +00:00
|
|
|
|
2017-10-17 04:45:43 +00:00
|
|
|
def public_key(self, key_class):
|
2017-10-17 03:13:38 +00:00
|
|
|
try:
|
2017-10-17 04:45:43 +00:00
|
|
|
return self._crypto_power.public_keys[key_class]
|
2017-10-17 03:13:38 +00:00
|
|
|
except KeyError:
|
2017-10-17 04:45:43 +00:00
|
|
|
raise # TODO: Does it make sense to have a specialized exception here? Probably.
|
2017-10-17 03:13:38 +00:00
|
|
|
|
2017-09-28 00:07:36 +00:00
|
|
|
|
|
|
|
|
class Alice(Character):
|
|
|
|
|
_server_class = NuCypherSeedOnlyDHTServer
|
2017-10-17 21:01:25 +00:00
|
|
|
_default_crypto_powerups = [SigningPower, EncryptingPower]
|
2017-09-28 00:07:36 +00:00
|
|
|
|
|
|
|
|
def find_best_ursula(self):
|
|
|
|
|
# TODO: Right now this just finds the nearest node and returns its ip and port. Make it do something useful.
|
|
|
|
|
return self.server.bootstrappableNeighbors()[0]
|
2017-10-06 00:26:41 +00:00
|
|
|
|
|
|
|
|
def generate_re_encryption_keys(self,
|
2017-10-14 22:07:10 +00:00
|
|
|
bob,
|
2017-10-06 00:26:41 +00:00
|
|
|
m,
|
|
|
|
|
n):
|
|
|
|
|
# TODO: Make this actually work.
|
2017-10-14 22:07:10 +00:00
|
|
|
pubkey_enc_bob = bob.seal # ??? We need Bob's enc key, not sig.
|
2017-10-06 00:26:41 +00:00
|
|
|
kfrags = [
|
2017-10-18 08:52:01 +00:00
|
|
|
b'sfasdfsd9',
|
|
|
|
|
b'dfasd09fi',
|
|
|
|
|
b'sdfksd3f9',
|
2017-10-06 00:26:41 +00:00
|
|
|
]
|
|
|
|
|
|
|
|
|
|
return kfrags
|
2017-10-12 22:30:17 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class Bob(Character):
|
2017-10-17 21:01:25 +00:00
|
|
|
_default_crypto_powerups = [SigningPower, EncryptingPower]
|
2017-10-12 22:30:17 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class Ursula(Character):
|
|
|
|
|
_server_class = NuCypherDHTServer
|
2017-10-17 21:01:25 +00:00
|
|
|
_default_crypto_powerups = [SigningPower, EncryptingPower]
|
