nucypher/tests/characters/test_crypto_characters_and_...

import pytest

from nkms.characters import Alice, Ursula, Character
from nkms.crypto import api
from nkms.crypto.constants import NOT_SIGNED
from nkms.crypto.constants import NO_DECRYPTION_PERFORMED
from nkms.crypto.powers import CryptoPower, SigningPower, NoSigningPower, \
    NoEncryptingPower, \
    EncryptingPower

"""
Chapter 1: SIGNING
"""


def test_actor_without_signing_power_cannot_sign():
    """
    We can create a Character with no real CryptoPower to speak of.
    This Character can't even sign a message.
    """
    cannot_sign = CryptoPower(power_ups=[])
    non_signer = Character(crypto_power=cannot_sign)

    # The non-signer's seal doesn't work for signing...
    with pytest.raises(NoSigningPower) as e_info:
        non_signer.seal("something")

    # ...or as a way to cast the public key to bytes or tuple.
    with pytest.raises(NoSigningPower) as e_info:
        bytes(non_signer.seal)
    with pytest.raises(NoSigningPower) as e_info:
        tuple(non_signer.seal)


def test_actor_with_signing_power_can_sign():
    """
    However, simply giving that character a PowerUp bestows the power to sign.

    Instead of having a Character verify the signature, we'll use the lower level API.
    """
    message = b"Llamas."

    signer = Character(crypto_power_ups=[SigningPower], is_me=True)
    seal_of_the_signer = signer.seal

    # We can use the signer's seal to sign a message (since the signer is_me)...
    signature = seal_of_the_signer(message)

    # ...or to get the signer's public key for verification purposes.
    # (note: we use the private _der_encoded_bytes here to test directly against the API, instead of Character)
    verification = api.ecdsa_verify(message, signature._der_encoded_bytes(),
                                    seal_of_the_signer.as_umbral_pubkey())

    assert verification is True


def test_anybody_can_verify():
    """
    In the last example, we used the lower-level Crypto API to verify the signature.

    Here, we show that anybody can do it without needing to directly access Crypto.
    """

    # Alice can sign by default, by dint of her _default_crypto_powerups.
    alice = Alice()

    # So, our story is fairly simple: an everyman meets Alice.
    somebody = Character()
    somebody.learn_about_actor(alice)

    # Alice signs a message.
    message = b"A message for all my friends who can only verify and not sign."
    signature = alice.seal(message)

    # Our everyman can verify it.
    verification, cleartext = somebody.verify_from(alice, message, signature, decrypt=False)
    assert verification is True
    assert cleartext is NO_DECRYPTION_PERFORMED

    # If we pass the signature and message backwards, we get TypeError.
    # with pytest.raises(TypeError):
    #    verification = somebody.verify_from(alice, message, signature)


"""
Chapter 2: ENCRYPTION
"""


def test_signing_only_power_cannot_encrypt():
    """
    Similar to the above with signing, here we show that a Character without the EncryptingKeypair
    PowerUp can't encrypt.
    """

    # Here's somebody who can sign but not encrypt.
    can_sign_but_not_encrypt = Character(crypto_power_ups=[SigningPower])

    # ..and here's Ursula, for whom our Character above wants to encrypt.
    ursula = Ursula()

    # They meet.
    can_sign_but_not_encrypt.learn_about_actor(ursula)

    # The Character has the message ready...
    cleartext = b"This is Officer Rod Farva. Come in, Ursula!  Come in Ursula!"

    # But without the proper PowerUp, no encryption happens.
    with pytest.raises(NoEncryptingPower) as e_info:
        can_sign_but_not_encrypt.encrypt_for(ursula, cleartext)


def test_character_with_encrypting_power_can_encrypt():
    """
    Now, a Character *with* EncryptingKeyPair can encrypt.
    """
    can_sign_and_encrypt = Character(crypto_power_ups=[SigningPower, EncryptingPower])
    ursula = Ursula()
    can_sign_and_encrypt.learn_about_actor(ursula)

    cleartext = b"This is Officer Rod Farva. Come in, Ursula!  Come in Ursula!"

    # TODO: Make encrypt_for actually encrypt.
    ciphertext, signature = can_sign_and_encrypt.encrypt_for(ursula, cleartext, sign=False)
    assert signature == NOT_SIGNED

    assert ciphertext is not None
A fairly serious version of the high-level signing and verification system. 2017-10-07 02:29:07 +00:00			`import pytest`

			`from nkms.characters import Alice, Ursula, Character`
Fix tests and update imports to reflect nkms.crypto.api 2017-10-11 02:18:24 +00:00			`from nkms.crypto import api`
Moving EncryptingKeypair over to powers. 2017-10-11 05:39:25 +00:00			`from nkms.crypto.constants import NOT_SIGNED`
Character encryption tests. Note that CryptoPower.decrypt and Character.encrypt_for have fake logic until EncryptingPower is implemented. 2017-10-13 02:11:07 +00:00			`from nkms.crypto.constants import NO_DECRYPTION_PERFORMED`
Fixed verification of signature from a stranger. 2018-02-13 23:45:02 +00:00			`from nkms.crypto.powers import CryptoPower, SigningPower, NoSigningPower, \`
			`NoEncryptingPower, \`
Character encryption tests. Note that CryptoPower.decrypt and Character.encrypt_for have fake logic until EncryptingPower is implemented. 2017-10-13 02:11:07 +00:00			`EncryptingPower`

Test organization: moved utility functions to their own module. 2017-11-09 21:48:40 +00:00			`"""`
			`Chapter 1: SIGNING`
			`"""`

A fairly serious version of the high-level signing and verification system. 2017-10-07 02:29:07 +00:00
			`def test_actor_without_signing_power_cannot_sign():`
			`"""`
			`We can create a Character with no real CryptoPower to speak of.`
			`This Character can't even sign a message.`
			`"""`
			`cannot_sign = CryptoPower(power_ups=[])`
			`non_signer = Character(crypto_power=cannot_sign)`

Some clarifying details in character tests. 2017-10-07 02:46:51 +00:00			`# The non-signer's seal doesn't work for signing...`
A fairly serious version of the high-level signing and verification system. 2017-10-07 02:29:07 +00:00			`with pytest.raises(NoSigningPower) as e_info:`
			`non_signer.seal("something")`

Seal now implements dunders instead of custom methods. 2017-10-14 22:07:10 +00:00			`# ...or as a way to cast the public key to bytes or tuple.`
A fairly serious version of the high-level signing and verification system. 2017-10-07 02:29:07 +00:00			`with pytest.raises(NoSigningPower) as e_info:`
Seal now implements dunders instead of custom methods. 2017-10-14 22:07:10 +00:00			`bytes(non_signer.seal)`
Some clarifying details in character tests. 2017-10-07 02:46:51 +00:00			`with pytest.raises(NoSigningPower) as e_info:`
Seal now implements dunders instead of custom methods. 2017-10-14 22:07:10 +00:00			`tuple(non_signer.seal)`
A fairly serious version of the high-level signing and verification system. 2017-10-07 02:29:07 +00:00

			`def test_actor_with_signing_power_can_sign():`
			`"""`
			`However, simply giving that character a PowerUp bestows the power to sign.`

			`Instead of having a Character verify the signature, we'll use the lower level API.`
			`"""`
			`message = b"Llamas."`

Characters can now be created from either a signing or encryption key. Fixes #156. 2018-02-05 19:25:17 +00:00			`signer = Character(crypto_power_ups=[SigningPower], is_me=True)`
A fairly serious version of the high-level signing and verification system. 2017-10-07 02:29:07 +00:00			`seal_of_the_signer = signer.seal`

Characters can now be created from either a signing or encryption key. Fixes #156. 2018-02-05 19:25:17 +00:00			`# We can use the signer's seal to sign a message (since the signer is_me)...`
A fairly serious version of the high-level signing and verification system. 2017-10-07 02:29:07 +00:00			`signature = seal_of_the_signer(message)`

			`# ...or to get the signer's public key for verification purposes.`
Fixed verification of signature from a stranger. 2018-02-13 23:45:02 +00:00			`# (note: we use the private _der_encoded_bytes here to test directly against the API, instead of Character)`
			`verification = api.ecdsa_verify(message, signature._der_encoded_bytes(),`
			`seal_of_the_signer.as_umbral_pubkey())`
A fairly serious version of the high-level signing and verification system. 2017-10-07 02:29:07 +00:00
Some clarifying details in character tests. 2017-10-07 02:46:51 +00:00			`assert verification is True`
A fairly serious version of the high-level signing and verification system. 2017-10-07 02:29:07 +00:00

			`def test_anybody_can_verify():`
			`"""`
			`In the last example, we used the lower-level Crypto API to verify the signature.`

			`Here, we show that anybody can do it without needing to directly access Crypto.`
			`"""`

			`# Alice can sign by default, by dint of her _default_crypto_powerups.`
			`alice = Alice()`

			`# So, our story is fairly simple: an everyman meets Alice.`
			`somebody = Character()`
			`somebody.learn_about_actor(alice)`

			`# Alice signs a message.`
			`message = b"A message for all my friends who can only verify and not sign."`
			`signature = alice.seal(message)`

			`# Our everyman can verify it.`
Tests with Bob getting the signature from Alice properly. 2017-11-22 06:03:31 +00:00			`verification, cleartext = somebody.verify_from(alice, message, signature, decrypt=False)`
Some clarifying details in character tests. 2017-10-07 02:46:51 +00:00			`assert verification is True`
Character encryption tests. Note that CryptoPower.decrypt and Character.encrypt_for have fake logic until EncryptingPower is implemented. 2017-10-13 02:11:07 +00:00			`assert cleartext is NO_DECRYPTION_PERFORMED`
A fairly serious version of the high-level signing and verification system. 2017-10-07 02:29:07 +00:00
logic to check that passing signature<=-=>message backwards raises TypeError (commented out for now). 2017-10-12 20:36:49 +00:00			`# If we pass the signature and message backwards, we get TypeError.`
			`# with pytest.raises(TypeError):`
			`# verification = somebody.verify_from(alice, message, signature)`

A fairly serious version of the high-level signing and verification system. 2017-10-07 02:29:07 +00:00
Moving EncryptingKeypair over to powers. 2017-10-11 05:39:25 +00:00			`"""`
Test organization: moved utility functions to their own module. 2017-11-09 21:48:40 +00:00			`Chapter 2: ENCRYPTION`
Moving EncryptingKeypair over to powers. 2017-10-11 05:39:25 +00:00			`"""`


A fairly serious version of the high-level signing and verification system. 2017-10-07 02:29:07 +00:00			`def test_signing_only_power_cannot_encrypt():`
Some clarifying details in character tests. 2017-10-07 02:46:51 +00:00			`"""`
			`Similar to the above with signing, here we show that a Character without the EncryptingKeypair`
			`PowerUp can't encrypt.`
			`"""`

			`# Here's somebody who can sign but not encrypt.`
Use SigningPower instead of SigningKeypair in test_crypto_characters_and_their_powers Use SigningPower instead of SigningKeypair correctly Use correct SigningPower 2017-10-17 21:03:36 +00:00			`can_sign_but_not_encrypt = Character(crypto_power_ups=[SigningPower])`
Some clarifying details in character tests. 2017-10-07 02:46:51 +00:00
			`# ..and here's Ursula, for whom our Character above wants to encrypt.`
A fairly serious version of the high-level signing and verification system. 2017-10-07 02:29:07 +00:00			`ursula = Ursula()`

Some clarifying details in character tests. 2017-10-07 02:46:51 +00:00			`# They meet.`
			`can_sign_but_not_encrypt.learn_about_actor(ursula)`

			`# The Character has the message ready...`
Tests with Bob getting the signature from Alice properly. 2017-11-22 06:03:31 +00:00			`cleartext = b"This is Officer Rod Farva. Come in, Ursula! Come in Ursula!"`
A fairly serious version of the high-level signing and verification system. 2017-10-07 02:29:07 +00:00
Some clarifying details in character tests. 2017-10-07 02:46:51 +00:00			`# But without the proper PowerUp, no encryption happens.`
A fairly serious version of the high-level signing and verification system. 2017-10-07 02:29:07 +00:00			`with pytest.raises(NoEncryptingPower) as e_info:`
Some clarifying details in character tests. 2017-10-07 02:46:51 +00:00			`can_sign_but_not_encrypt.encrypt_for(ursula, cleartext)`
Moving EncryptingKeypair over to powers. 2017-10-11 05:39:25 +00:00

			`def test_character_with_encrypting_power_can_encrypt():`
			`"""`
			`Now, a Character with EncryptingKeyPair can encrypt.`
			`"""`
Use SigningPower instead of SigningKeypair in test_crypto_characters_and_their_powers Use SigningPower instead of SigningKeypair correctly Use correct SigningPower 2017-10-17 21:03:36 +00:00			`can_sign_and_encrypt = Character(crypto_power_ups=[SigningPower, EncryptingPower])`
Moving EncryptingKeypair over to powers. 2017-10-11 05:39:25 +00:00			`ursula = Ursula()`
			`can_sign_and_encrypt.learn_about_actor(ursula)`

			`cleartext = b"This is Officer Rod Farva. Come in, Ursula! Come in Ursula!"`

			`# TODO: Make encrypt_for actually encrypt.`
			`ciphertext, signature = can_sign_and_encrypt.encrypt_for(ursula, cleartext, sign=False)`
			`assert signature == NOT_SIGNED`

OK, fixtures are implemented in the tests that need them. 2017-11-22 04:22:16 +00:00			`assert ciphertext is not None`