2018-06-24 21:46:48 +00:00
|
|
|
import eth_utils
|
2017-10-07 02:29:07 +00:00
|
|
|
import pytest
|
2018-06-23 03:28:08 +00:00
|
|
|
from constant_sorrow import constants
|
2018-08-11 22:56:27 +00:00
|
|
|
|
|
|
|
|
from nucypher.characters import Alice, Character, Bob
|
2018-05-08 19:35:34 +00:00
|
|
|
from nucypher.crypto import api
|
2018-08-11 22:56:27 +00:00
|
|
|
from nucypher.crypto.powers import CryptoPower, SigningPower, NoSigningPower, \
|
|
|
|
|
BlockchainPower, PowerUpError
|
2017-10-13 02:11:07 +00:00
|
|
|
|
2017-11-09 21:48:40 +00:00
|
|
|
"""
|
|
|
|
|
Chapter 1: SIGNING
|
|
|
|
|
"""
|
|
|
|
|
|
2017-10-07 02:29:07 +00:00
|
|
|
|
|
|
|
|
def test_actor_without_signing_power_cannot_sign():
|
|
|
|
|
"""
|
|
|
|
|
We can create a Character with no real CryptoPower to speak of.
|
|
|
|
|
This Character can't even sign a message.
|
|
|
|
|
"""
|
|
|
|
|
cannot_sign = CryptoPower(power_ups=[])
|
2018-06-30 03:25:36 +00:00
|
|
|
non_signer = Character(crypto_power=cannot_sign,
|
|
|
|
|
always_be_learning=False,
|
|
|
|
|
federated_only=True)
|
2017-10-07 02:29:07 +00:00
|
|
|
|
2018-02-24 06:39:10 +00:00
|
|
|
# The non-signer's stamp doesn't work for signing...
|
2017-10-07 02:29:07 +00:00
|
|
|
with pytest.raises(NoSigningPower) as e_info:
|
2018-02-24 06:39:10 +00:00
|
|
|
non_signer.stamp("something")
|
2017-10-07 02:29:07 +00:00
|
|
|
|
2018-04-12 08:37:02 +00:00
|
|
|
# ...or as a way to cast the (non-existent) public key to bytes.
|
2017-10-07 02:29:07 +00:00
|
|
|
with pytest.raises(NoSigningPower) as e_info:
|
2018-02-24 06:39:10 +00:00
|
|
|
bytes(non_signer.stamp)
|
2017-10-07 02:29:07 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_actor_with_signing_power_can_sign():
|
|
|
|
|
"""
|
|
|
|
|
However, simply giving that character a PowerUp bestows the power to sign.
|
|
|
|
|
|
|
|
|
|
Instead of having a Character verify the signature, we'll use the lower level API.
|
|
|
|
|
"""
|
|
|
|
|
message = b"Llamas."
|
|
|
|
|
|
2018-06-30 03:25:36 +00:00
|
|
|
signer = Character(crypto_power_ups=[SigningPower], is_me=True,
|
|
|
|
|
always_be_learning=False, federated_only=True)
|
2018-02-24 06:39:10 +00:00
|
|
|
stamp_of_the_signer = signer.stamp
|
2017-10-07 02:29:07 +00:00
|
|
|
|
2018-02-24 06:39:10 +00:00
|
|
|
# We can use the signer's stamp to sign a message (since the signer is_me)...
|
|
|
|
|
signature = stamp_of_the_signer(message)
|
2017-10-07 02:29:07 +00:00
|
|
|
|
|
|
|
|
# ...or to get the signer's public key for verification purposes.
|
2018-02-13 23:45:02 +00:00
|
|
|
# (note: we use the private _der_encoded_bytes here to test directly against the API, instead of Character)
|
|
|
|
|
verification = api.ecdsa_verify(message, signature._der_encoded_bytes(),
|
2018-02-24 06:39:10 +00:00
|
|
|
stamp_of_the_signer.as_umbral_pubkey())
|
2017-10-07 02:29:07 +00:00
|
|
|
|
2017-10-07 02:46:51 +00:00
|
|
|
assert verification is True
|
2017-10-07 02:29:07 +00:00
|
|
|
|
|
|
|
|
|
2018-06-30 03:25:36 +00:00
|
|
|
def test_anybody_can_verify():
|
2017-10-07 02:29:07 +00:00
|
|
|
"""
|
|
|
|
|
In the last example, we used the lower-level Crypto API to verify the signature.
|
|
|
|
|
|
|
|
|
|
Here, we show that anybody can do it without needing to directly access Crypto.
|
|
|
|
|
"""
|
|
|
|
|
# Alice can sign by default, by dint of her _default_crypto_powerups.
|
2018-06-30 03:25:36 +00:00
|
|
|
alice = Alice(federated_only=True, always_be_learning=False)
|
2017-10-07 02:29:07 +00:00
|
|
|
|
|
|
|
|
# So, our story is fairly simple: an everyman meets Alice.
|
2018-06-30 03:25:36 +00:00
|
|
|
somebody = Character(always_be_learning=False, federated_only=True)
|
2017-10-07 02:29:07 +00:00
|
|
|
|
|
|
|
|
# Alice signs a message.
|
|
|
|
|
message = b"A message for all my friends who can only verify and not sign."
|
2018-02-24 06:39:10 +00:00
|
|
|
signature = alice.stamp(message)
|
2017-10-07 02:29:07 +00:00
|
|
|
|
|
|
|
|
# Our everyman can verify it.
|
2018-07-16 18:58:24 +00:00
|
|
|
cleartext = somebody.verify_from(alice, message, signature, decrypt=False)
|
2018-04-02 03:17:47 +00:00
|
|
|
assert cleartext is constants.NO_DECRYPTION_PERFORMED
|
2017-10-07 02:29:07 +00:00
|
|
|
|
2018-05-21 19:40:42 +00:00
|
|
|
|
2018-06-24 21:46:48 +00:00
|
|
|
def test_character_blockchain_power(testerchain):
|
2018-08-12 03:18:24 +00:00
|
|
|
|
|
|
|
|
# TODO: Handle multiple providers
|
2018-06-24 21:46:48 +00:00
|
|
|
eth_address = testerchain.interface.w3.eth.accounts[0]
|
2018-08-18 23:24:35 +00:00
|
|
|
sig_privkey = testerchain.interface.providers[0].ethereum_tester.backend._key_lookup[eth_utils.to_canonical_address(eth_address)]
|
2018-06-24 21:46:48 +00:00
|
|
|
sig_pubkey = sig_privkey.public_key
|
|
|
|
|
|
2018-07-02 12:18:31 +00:00
|
|
|
signer = Character(is_me=True, checksum_address=eth_address)
|
2018-06-24 21:46:48 +00:00
|
|
|
signer._crypto_power.consume_power_up(BlockchainPower(testerchain, eth_address))
|
|
|
|
|
|
|
|
|
|
# Due to testing backend, the account is already unlocked.
|
|
|
|
|
power = signer._crypto_power.power_ups(BlockchainPower)
|
|
|
|
|
power.is_unlocked = True
|
2018-08-07 00:47:51 +00:00
|
|
|
# power.unlock_account('this-is-not-a-secure-password')
|
2018-06-24 21:46:48 +00:00
|
|
|
|
|
|
|
|
data_to_sign = b'What does Ursula look like?!?'
|
|
|
|
|
sig = power.sign_message(data_to_sign)
|
|
|
|
|
|
|
|
|
|
is_verified = power.verify_message(eth_address, sig_pubkey.to_bytes(), data_to_sign, sig)
|
|
|
|
|
assert is_verified == True
|
|
|
|
|
|
|
|
|
|
# Test a bad message:
|
|
|
|
|
with pytest.raises(PowerUpError):
|
2018-08-07 00:47:51 +00:00
|
|
|
power.verify_message(eth_address, sig_pubkey.to_bytes(), data_to_sign + b'bad', sig)
|
2018-06-24 21:46:48 +00:00
|
|
|
|
|
|
|
|
# Test a bad address/pubkey pair
|
|
|
|
|
with pytest.raises(ValueError):
|
|
|
|
|
power.verify_message(
|
|
|
|
|
testerchain.interface.w3.eth.accounts[1],
|
|
|
|
|
sig_pubkey.to_bytes(),
|
|
|
|
|
data_to_sign,
|
|
|
|
|
sig)
|
|
|
|
|
|
|
|
|
|
# Test a signature without unlocking the account
|
|
|
|
|
power.is_unlocked = False
|
|
|
|
|
with pytest.raises(PowerUpError):
|
|
|
|
|
power.sign_message(b'test')
|
|
|
|
|
|
|
|
|
|
# Test lockAccount call
|
2018-08-07 00:47:51 +00:00
|
|
|
del (power)
|
2018-06-24 21:46:48 +00:00
|
|
|
|
|
|
|
|
|
2017-10-11 05:39:25 +00:00
|
|
|
"""
|
2017-11-09 21:48:40 +00:00
|
|
|
Chapter 2: ENCRYPTION
|
2017-10-11 05:39:25 +00:00
|
|
|
"""
|
|
|
|
|
|
2018-02-14 08:18:55 +00:00
|
|
|
|
2018-02-14 01:32:15 +00:00
|
|
|
def test_anybody_can_encrypt():
|
2017-10-11 05:39:25 +00:00
|
|
|
"""
|
2018-02-14 01:32:15 +00:00
|
|
|
Similar to anybody_can_verify() above; we show that anybody can encrypt.
|
2017-10-11 05:39:25 +00:00
|
|
|
"""
|
2018-06-30 03:25:36 +00:00
|
|
|
someone = Character(always_be_learning=False, federated_only=True)
|
|
|
|
|
bob = Bob(is_me=False, federated_only=True)
|
2017-10-11 05:39:25 +00:00
|
|
|
|
|
|
|
|
cleartext = b"This is Officer Rod Farva. Come in, Ursula! Come in Ursula!"
|
|
|
|
|
|
2018-06-23 03:28:08 +00:00
|
|
|
ciphertext, signature = someone.encrypt_for(bob, cleartext, sign=False)
|
2018-04-02 01:52:08 +00:00
|
|
|
|
|
|
|
|
assert signature == constants.NOT_SIGNED
|
2017-11-22 04:22:16 +00:00
|
|
|
assert ciphertext is not None
|
2018-02-14 08:19:09 +00:00
|
|
|
|
2018-05-21 19:40:42 +00:00
|
|
|
|
2018-07-16 21:36:19 +00:00
|
|
|
def test_node_deployer(ursulas):
|
|
|
|
|
for ursula in ursulas:
|
|
|
|
|
deployer = ursula.get_deployer()
|
|
|
|
|
assert deployer.options['https_port'] == ursula.rest_interface.port
|
|
|
|
|
assert deployer.application == ursula.rest_app
|
|
|
|
|
|
|
|
|
|
|
2018-02-14 08:19:09 +00:00
|
|
|
"""
|
2018-07-16 18:58:24 +00:00
|
|
|
What follows are various combinations of signing and encrypting, to match
|
|
|
|
|
real-world scenarios.
|
2018-02-14 08:19:09 +00:00
|
|
|
"""
|
|
|
|
|
|
2018-05-21 19:40:42 +00:00
|
|
|
|
2018-02-14 08:19:09 +00:00
|
|
|
def test_sign_cleartext_and_encrypt(alice, bob):
|
|
|
|
|
"""
|
2018-07-16 18:58:24 +00:00
|
|
|
Exhibit One: Alice signs the cleartext and encrypts her signature inside
|
|
|
|
|
the ciphertext.
|
2018-02-14 08:19:09 +00:00
|
|
|
"""
|
|
|
|
|
message = b"Have you accepted my answer on StackOverflow yet?"
|
|
|
|
|
|
2018-07-16 18:58:24 +00:00
|
|
|
message_kit, _signature = alice.encrypt_for(bob, message,
|
|
|
|
|
sign_plaintext=True)
|
2018-02-14 08:19:09 +00:00
|
|
|
|
2018-07-16 18:58:24 +00:00
|
|
|
# Notice that our function still returns the signature here, in case Alice
|
|
|
|
|
# wants to do something else with it, such as post it publicly for later
|
|
|
|
|
# public verifiability.
|
2018-02-14 08:19:09 +00:00
|
|
|
|
2018-07-16 18:58:24 +00:00
|
|
|
# However, we can expressly refrain from passing the Signature, and the
|
|
|
|
|
# verification still works:
|
|
|
|
|
cleartext = bob.verify_from(alice, message_kit, signature=None,
|
|
|
|
|
decrypt=True)
|
2018-02-14 08:19:09 +00:00
|
|
|
assert cleartext == message
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_encrypt_and_sign_the_ciphertext(alice, bob):
|
|
|
|
|
"""
|
2018-07-16 18:58:24 +00:00
|
|
|
Now, Alice encrypts first and then signs the ciphertext, providing a
|
|
|
|
|
Signature that is completely separate from the message.
|
|
|
|
|
This is useful in a scenario in which Bob needs to prove authenticity
|
|
|
|
|
publicly without disclosing contents.
|
2018-02-14 08:19:09 +00:00
|
|
|
"""
|
|
|
|
|
message = b"We have a reaaall problem."
|
2018-07-16 18:58:24 +00:00
|
|
|
message_kit, signature = alice.encrypt_for(bob, message,
|
|
|
|
|
sign_plaintext=False)
|
|
|
|
|
cleartext = bob.verify_from(alice, message_kit, signature, decrypt=True)
|
2018-02-14 08:19:09 +00:00
|
|
|
assert cleartext == message
|
|
|
|
|
|
|
|
|
|
|
2018-04-05 17:20:34 +00:00
|
|
|
def test_encrypt_and_sign_including_signature_in_both_places(alice, bob):
|
|
|
|
|
"""
|
2018-07-16 18:58:24 +00:00
|
|
|
Same as above, but showing that we can include the signature in both
|
|
|
|
|
the plaintext (to be found upon decryption) and also passed into
|
|
|
|
|
verify_from() (eg, gleaned over a side-channel).
|
2018-04-05 17:20:34 +00:00
|
|
|
"""
|
|
|
|
|
message = b"We have a reaaall problem."
|
2018-07-16 18:58:24 +00:00
|
|
|
message_kit, signature = alice.encrypt_for(bob, message,
|
|
|
|
|
sign_plaintext=True)
|
|
|
|
|
cleartext = bob.verify_from(alice, message_kit, signature,
|
|
|
|
|
decrypt=True)
|
2018-04-05 17:20:34 +00:00
|
|
|
assert cleartext == message
|
|
|
|
|
|
|
|
|
|
|
2018-02-14 08:19:09 +00:00
|
|
|
def test_encrypt_but_do_not_sign(alice, bob):
|
2018-02-28 03:55:46 +00:00
|
|
|
"""
|
|
|
|
|
Finally, Alice encrypts but declines to sign.
|
2018-07-16 18:58:24 +00:00
|
|
|
This is useful in a scenario in which Alice wishes to plausibly disavow
|
|
|
|
|
having created this content.
|
2018-02-28 03:55:46 +00:00
|
|
|
"""
|
2018-07-16 18:58:24 +00:00
|
|
|
# TODO: How do we accurately demonstrate this test safely, if at all?
|
2018-02-14 08:19:09 +00:00
|
|
|
message = b"If Bonnie comes home and finds an unencrypted private key in her keystore, I'm gonna get divorced."
|
|
|
|
|
|
2018-07-16 18:58:24 +00:00
|
|
|
# Alice might also want to encrypt a message but *not* sign it, in order
|
|
|
|
|
# to refrain from creating evidence that can prove she was the
|
|
|
|
|
# original sender.
|
2018-02-14 08:19:09 +00:00
|
|
|
message_kit, not_signature = alice.encrypt_for(bob, message, sign=False)
|
|
|
|
|
|
|
|
|
|
# The message is not signed...
|
2018-04-02 01:52:08 +00:00
|
|
|
assert not_signature == constants.NOT_SIGNED
|
2018-02-14 08:19:09 +00:00
|
|
|
|
|
|
|
|
# ...and thus, the message is not verified.
|
2018-07-16 18:58:24 +00:00
|
|
|
with pytest.raises(Character.InvalidSignature):
|
|
|
|
|
bob.verify_from(alice, message_kit, decrypt=True)
|
