From 34807581e64b54072ae6199931cd74a3c244b494 Mon Sep 17 00:00:00 2001 From: tuxxy Date: Sat, 31 Mar 2018 13:12:33 -0600 Subject: [PATCH 1/2] Inject params on encrypt, decrypt, and open_capsule --- tests/test_capsule/test_capsule_operations.py | 2 +- tests/test_simple_api.py | 9 +++--- umbral/pre.py | 32 +++++++++++-------- 3 files changed, 24 insertions(+), 19 deletions(-) diff --git a/tests/test_capsule/test_capsule_operations.py b/tests/test_capsule/test_capsule_operations.py index fd1cabc..af00796 100644 --- a/tests/test_capsule/test_capsule_operations.py +++ b/tests/test_capsule/test_capsule_operations.py @@ -85,7 +85,7 @@ def test_capsule_as_dict_key(alices_keys): capsule.attach_cfrag(cfrag) # Even if we activate the capsule, it still serves as the same key. - cleartext = pre.decrypt(ciphertext, capsule, alices_keys.priv, alices_keys.pub) + cleartext = pre.decrypt(capsule, alices_keys.priv, ciphertext, alices_keys.pub) assert some_dict[capsule] == "Thing that Bob wants to try per-Capsule" assert cleartext == plain_data diff --git a/tests/test_simple_api.py b/tests/test_simple_api.py index f6c6d6b..7049a39 100644 --- a/tests/test_simple_api.py +++ b/tests/test_simple_api.py @@ -26,9 +26,9 @@ def test_simple_api(N, M, curve=default_curve()): pub_key_bob = priv_key_bob.get_pubkey() plain_data = b'peace at dawn' - ciphertext, capsule = pre.encrypt(pub_key_alice, plain_data) + ciphertext, capsule = pre.encrypt(pub_key_alice, plain_data, params=params) - cleartext = pre.decrypt(ciphertext, capsule, priv_key_alice) + cleartext = pre.decrypt(capsule, priv_key_alice, ciphertext, pub_key_alice, params=params) assert cleartext == plain_data kfrags = pre.split_rekey(priv_key_alice, pub_key_bob, M, N, params=params) @@ -36,11 +36,10 @@ def test_simple_api(N, M, curve=default_curve()): cfrag = pre.reencrypt(kfrag, capsule, params=params) capsule.attach_cfrag(cfrag) - reenc_cleartext = pre.decrypt(ciphertext, capsule, priv_key_bob, pub_key_alice) + reenc_cleartext = pre.decrypt(capsule, priv_key_bob, ciphertext, pub_key_alice, params=params) assert reenc_cleartext == plain_data -@pytest.mark.xfail(raises=InvalidTag) # remove this mark to fail instead of ignore @pytest.mark.parametrize("curve", secp_curves) @pytest.mark.parametrize("N, M", parameters) def test_simple_api_on_multiple_curves(N, M, curve): @@ -51,5 +50,5 @@ def test_public_key_encryption(alices_keys): priv_key_alice, pub_key_alice = alices_keys plain_data = b'peace at dawn' ciphertext, capsule = pre.encrypt(pub_key_alice, plain_data) - cleartext = pre.decrypt(ciphertext, capsule, priv_key_alice) + cleartext = pre.decrypt(capsule, priv_key_alice, ciphertext) assert cleartext == plain_data diff --git a/umbral/pre.py b/umbral/pre.py index c5a6095..6bfd833 100644 --- a/umbral/pre.py +++ b/umbral/pre.py @@ -122,9 +122,10 @@ class Capsule(object): def _reconstruct_shamirs_secret(self, pub_a: Union[UmbralPublicKey, Point], - priv_b: Union[UmbralPrivateKey, BigNum]) -> None: + priv_b: Union[UmbralPrivateKey, BigNum], + params: UmbralParameters=None) -> None: - params = default_params() + params = params if params is not None else default_params() if isinstance(priv_b, UmbralPrivateKey): priv_b = priv_b.bn_key @@ -476,14 +477,17 @@ def _decapsulate_reencrypted(pub_key: Point, priv_key: BigNum, return key -def encrypt(alice_pubkey: UmbralPublicKey, plaintext: bytes) -> Tuple[bytes, Capsule]: +def encrypt(alice_pubkey: UmbralPublicKey, plaintext: bytes, + params: UmbralParameters=None) -> Tuple[bytes, Capsule]: """ Performs an encryption using the UmbralDEM object and encapsulates a key for the sender using the public key provided. Returns the ciphertext and the KEM Capsule. """ - key, capsule = _encapsulate(alice_pubkey.point_key, CHACHA20_KEY_SIZE) + params = params if params is not None else default_params() + + key, capsule = _encapsulate(alice_pubkey.point_key, CHACHA20_KEY_SIZE, params=params) capsule_bytes = bytes(capsule) @@ -494,46 +498,48 @@ def encrypt(alice_pubkey: UmbralPublicKey, plaintext: bytes) -> Tuple[bytes, Cap def _open_capsule(capsule: Capsule, bob_private_key: UmbralPrivateKey, - alice_pub_key: UmbralPublicKey) -> bytes: + alice_pub_key: UmbralPublicKey, params: UmbralParameters=None) -> bytes: """ Activates the Capsule from the attached CFrags, opens the Capsule and returns what is inside. This will often be a symmetric key. """ - - params = default_params() + params = params if params is not None else default_params() priv_b = bob_private_key.bn_key pub_b = priv_b * params.g pub_a = alice_pub_key.point_key - capsule._reconstruct_shamirs_secret(pub_a, priv_b) + capsule._reconstruct_shamirs_secret(pub_a, priv_b, params=params) - key = _decapsulate_reencrypted(pub_b, priv_b, pub_a, capsule) + key = _decapsulate_reencrypted(pub_b, priv_b, pub_a, capsule, params=params) return key -def decrypt(ciphertext: bytes, capsule: Capsule, - priv_key: UmbralPrivateKey, alice_pub_key: UmbralPublicKey=None) -> bytes: +def decrypt(capsule: Capsule, priv_key: UmbralPrivateKey, + ciphertext: bytes, alice_pub_key: UmbralPublicKey=None, + params: UmbralParameters=None) -> bytes: """ Opens the capsule and gets what's inside. We hope that's a symmetric key, which we use to decrypt the ciphertext and return the resulting cleartext. """ + params = params if params is not None else default_params() + if capsule._attached_cfrags: # Since there are cfrags attached, we assume this is Bob opening the Capsule. bob_priv_key = priv_key - key = _open_capsule(capsule, bob_priv_key, alice_pub_key) + key = _open_capsule(capsule, bob_priv_key, alice_pub_key, params=params) dem = UmbralDEM(key) original_capsule_bytes = capsule._original_to_bytes() cleartext = dem.decrypt(ciphertext, authenticated_data=original_capsule_bytes) else: # Since there aren't cfrags attached, we assume this is Alice opening the Capsule. - key = _decapsulate_original(priv_key.bn_key, capsule) + key = _decapsulate_original(priv_key.bn_key, capsule, params=params) dem = UmbralDEM(key) capsule_bytes = bytes(capsule) From caea15cb7a6d161f7a38dce0512e8530db3b9289 Mon Sep 17 00:00:00 2001 From: jMyles Date: Mon, 2 Apr 2018 19:00:41 -0700 Subject: [PATCH 2/2] Fixing parameter order and cleaning up some imports. --- tests/test_capsule/test_capsule_operations.py | 5 ++--- tests/test_simple_api.py | 6 +++--- umbral/pre.py | 5 ++--- 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/tests/test_capsule/test_capsule_operations.py b/tests/test_capsule/test_capsule_operations.py index af00796..54684d5 100644 --- a/tests/test_capsule/test_capsule_operations.py +++ b/tests/test_capsule/test_capsule_operations.py @@ -1,10 +1,9 @@ import pytest -from umbral import pre, keys +from umbral import pre from umbral.bignum import BigNum from umbral.point import Point from umbral.pre import Capsule -from tests.conftest import parameters def test_capsule_creation(alices_keys): @@ -85,7 +84,7 @@ def test_capsule_as_dict_key(alices_keys): capsule.attach_cfrag(cfrag) # Even if we activate the capsule, it still serves as the same key. - cleartext = pre.decrypt(capsule, alices_keys.priv, ciphertext, alices_keys.pub) + cleartext = pre.decrypt(ciphertext, capsule, alices_keys.priv, alices_keys.pub) assert some_dict[capsule] == "Thing that Bob wants to try per-Capsule" assert cleartext == plain_data diff --git a/tests/test_simple_api.py b/tests/test_simple_api.py index 7049a39..d4e8c8b 100644 --- a/tests/test_simple_api.py +++ b/tests/test_simple_api.py @@ -28,7 +28,7 @@ def test_simple_api(N, M, curve=default_curve()): plain_data = b'peace at dawn' ciphertext, capsule = pre.encrypt(pub_key_alice, plain_data, params=params) - cleartext = pre.decrypt(capsule, priv_key_alice, ciphertext, pub_key_alice, params=params) + cleartext = pre.decrypt(ciphertext, capsule, priv_key_alice, params=params) assert cleartext == plain_data kfrags = pre.split_rekey(priv_key_alice, pub_key_bob, M, N, params=params) @@ -36,7 +36,7 @@ def test_simple_api(N, M, curve=default_curve()): cfrag = pre.reencrypt(kfrag, capsule, params=params) capsule.attach_cfrag(cfrag) - reenc_cleartext = pre.decrypt(capsule, priv_key_bob, ciphertext, pub_key_alice, params=params) + reenc_cleartext = pre.decrypt(ciphertext, capsule, priv_key_bob, pub_key_alice, params=params) assert reenc_cleartext == plain_data @@ -50,5 +50,5 @@ def test_public_key_encryption(alices_keys): priv_key_alice, pub_key_alice = alices_keys plain_data = b'peace at dawn' ciphertext, capsule = pre.encrypt(pub_key_alice, plain_data) - cleartext = pre.decrypt(capsule, priv_key_alice, ciphertext) + cleartext = pre.decrypt(ciphertext, capsule, priv_key_alice) assert cleartext == plain_data diff --git a/umbral/pre.py b/umbral/pre.py index 6bfd833..2cb75ca 100644 --- a/umbral/pre.py +++ b/umbral/pre.py @@ -518,9 +518,8 @@ def _open_capsule(capsule: Capsule, bob_private_key: UmbralPrivateKey, return key -def decrypt(capsule: Capsule, priv_key: UmbralPrivateKey, - ciphertext: bytes, alice_pub_key: UmbralPublicKey=None, - params: UmbralParameters=None) -> bytes: +def decrypt(ciphertext: bytes, capsule: Capsule, + priv_key: UmbralPrivateKey, alice_pub_key: UmbralPublicKey=None, params: UmbralParameters=None) -> bytes: """ Opens the capsule and gets what's inside.