nucypher/tests/characters/test_crypto_characters_and_their_powers.py

import pytest

from nkms.characters import Alice, Ursula, Character
from nkms.crypto import api
from nkms.crypto.constants import NOT_SIGNED
from nkms.crypto.powers import CryptoPower, SigningKeypair, NoSigningPower, NoEncryptingPower, \
    EncryptingKeypair

"""
SIGNING
"""


def test_actor_without_signing_power_cannot_sign():
    """
    We can create a Character with no real CryptoPower to speak of.
    This Character can't even sign a message.
    """
    cannot_sign = CryptoPower(power_ups=[])
    non_signer = Character(crypto_power=cannot_sign)

    # The non-signer's seal doesn't work for signing...
    with pytest.raises(NoSigningPower) as e_info:
        non_signer.seal("something")

    # ...or as a way to show the public key.
    with pytest.raises(NoSigningPower) as e_info:
        non_signer.seal.as_bytes()
    with pytest.raises(NoSigningPower) as e_info:
        non_signer.seal.as_tuple()


def test_actor_with_signing_power_can_sign():
    """
    However, simply giving that character a PowerUp bestows the power to sign.

    Instead of having a Character verify the signature, we'll use the lower level API.
    """
    message = b"Llamas."

    signer = Character(crypto_power_ups=[SigningKeypair])
    seal_of_the_signer = signer.seal

    # We can use the signer's seal to sign a message...
    signature = seal_of_the_signer(message)

    # ...or to get the signer's public key for verification purposes.
    sig = api.ecdsa_load_sig(signature)
    verification = api.ecdsa_verify(*sig, api.keccak_digest(message), seal_of_the_signer.as_tuple())

    assert verification is True


def test_anybody_can_verify():
    """
    In the last example, we used the lower-level Crypto API to verify the signature.

    Here, we show that anybody can do it without needing to directly access Crypto.
    """

    # Alice can sign by default, by dint of her _default_crypto_powerups.
    alice = Alice()

    # So, our story is fairly simple: an everyman meets Alice.
    somebody = Character()
    somebody.learn_about_actor(alice)

    # Alice signs a message.
    message = b"A message for all my friends who can only verify and not sign."
    signature = alice.seal(message)

    # Our everyman can verify it.
    verification = somebody.verify_from(alice, signature, message)
    assert verification is True


"""
ENCRYPTION
"""


def test_signing_only_power_cannot_encrypt():
    """
    Similar to the above with signing, here we show that a Character without the EncryptingKeypair
    PowerUp can't encrypt.
    """

    # Here's somebody who can sign but not encrypt.
    can_sign_but_not_encrypt = Character(crypto_power_ups=[SigningKeypair])

    # ..and here's Ursula, for whom our Character above wants to encrypt.
    ursula = Ursula()

    # They meet.
    can_sign_but_not_encrypt.learn_about_actor(ursula)

    # The Character has the message ready...
    cleartext = "This is Officer Rod Farva. Come in, Ursula!  Come in Ursula!"

    # But without the proper PowerUp, no encryption happens.
    with pytest.raises(NoEncryptingPower) as e_info:
        can_sign_but_not_encrypt.encrypt_for(ursula, cleartext)


def test_character_with_encrypting_power_can_encrypt():
    """
    Now, a Character *with* EncryptingKeyPair can encrypt.
    """
    can_sign_and_encrypt = Character(crypto_power_ups=[SigningKeypair, EncryptingKeypair])
    ursula = Ursula()
    can_sign_and_encrypt.learn_about_actor(ursula)

    cleartext = b"This is Officer Rod Farva. Come in, Ursula!  Come in Ursula!"

    # TODO: Make encrypt_for actually encrypt.
    ciphertext, signature = can_sign_and_encrypt.encrypt_for(ursula, cleartext, sign=False)
    assert signature == NOT_SIGNED

    assert ciphertext is not None # annnd fail.