Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_cfrag_serialization_with_proof_and_metadata(prepared_capsule, kfrags):
# Example of potential metadata to describe the re-encryption request
metadata = b'This is an example of metadata for re-encryption request'
for kfrag in kfrags:
cfrag = pre.reencrypt(kfrag, prepared_capsule, provide_proof=True, metadata=metadata)
cfrag_bytes = cfrag.to_bytes()
proof = cfrag.proof
assert proof is not None
assert proof.metadata is not None
new_cfrag = CapsuleFrag.from_bytes(cfrag_bytes)
assert new_cfrag.point_e1 == cfrag.point_e1
assert new_cfrag.point_v1 == cfrag.point_v1
assert new_cfrag.kfrag_id == cfrag.kfrag_id
assert new_cfrag.point_precursor == cfrag.point_precursor
new_proof = new_cfrag.proof
assert new_proof is not None
assert new_proof.point_e2 == proof.point_e2
assert new_proof.point_v2 == proof.point_v2
"""
If the three keys do appear together, along with the capsule,
we can attach them all at once.
"""
delegating_privkey, signing_privkey = alices_keys
unrelated_receiving_pubkey = UmbralPrivateKey.gen_key().get_pubkey()
capsule.set_correctness_keys(delegating_privkey.get_pubkey(),
unrelated_receiving_pubkey,
signing_privkey.get_pubkey()
)
for kfrag in kfrags:
with pytest.raises(KFrag.NotValid):
cfrag = pre.reencrypt(kfrag, capsule)
def test_cfrag_serialization_no_proof_no_metadata(prepared_capsule, kfrags):
for kfrag in kfrags:
cfrag = pre.reencrypt(kfrag, prepared_capsule, provide_proof=False)
cfrag_bytes = cfrag.to_bytes()
proof = cfrag.proof
assert proof is None
assert len(cfrag_bytes) == CapsuleFrag.expected_bytes_length()
new_cfrag = CapsuleFrag.from_bytes(cfrag_bytes)
assert new_cfrag.point_e1 == cfrag.point_e1
assert new_cfrag.point_v1 == cfrag.point_v1
assert new_cfrag.kfrag_id == cfrag.kfrag_id
assert new_cfrag.point_precursor == cfrag.point_precursor
new_proof = new_cfrag.proof
assert new_proof is None
('Subtraction', point1 - point2),
('Multiplication', bn1 * point1),
('Inversion', -point1),
]
for (operation, result) in test:
assert result == Point.from_bytes(expected[operation]), 'Error in {}'.format(operation)
test = [('To_affine.X', point1.to_affine()[0]),
('To_affine.Y', point1.to_affine()[1]),
]
for (operation, result) in test:
assert result == int.from_bytes(expected[operation], 'big'), 'Error in {}'.format(operation)
assert kdf(point1, pre.DEM_KEYSIZE) == expected['kdf']
metadata_i = "This is an example of metadata for re-encryption request #{}"
metadata_i = metadata_i.format(i).encode()
if i == 0:
# Let's put the re-encryption of a different Alice ciphertext
cfrag = pre.reencrypt(kfrag, capsule_alice2, metadata=metadata_i)
else:
cfrag = pre.reencrypt(kfrag, capsule_alice1, metadata=metadata_i)
cfrags.append(cfrag)
# CFrag 0 is not valid ...
assert not cfrags[0].verify_correctness(capsule_alice1)
# ... and trying to attach it raises an error.
with pytest.raises(pre.UmbralCorrectnessError) as exception_info:
capsule_alice1.attach_cfrag(cfrags[0])
correctness_error = exception_info.value
assert cfrags[0] in correctness_error.offending_cfrags
assert len(correctness_error.offending_cfrags) == 1
# The rest of CFrags should be correct:
correct_cases = 0
for cfrag_i in cfrags[1:]:
assert cfrag_i.verify_correctness(capsule_alice1)
capsule_alice1.attach_cfrag(cfrag_i)
correct_cases += 1
assert correct_cases == len(cfrags[1:])
# -----------
bobs_private_key = keys.UmbralPrivateKey.gen_key()
bobs_public_key = bobs_private_key.get_pubkey()
#6
# Bob receives a capsule through a side channel (s3, ipfs, Google cloud, etc)
bob_capsule = capsule
#7
# Attempt Bob's decryption (fail)
try:
fail_decrypted_data = pre.decrypt(ciphertext=ciphertext,
capsule=bob_capsule,
decrypting_key=bobs_private_key)
except pre.UmbralDecryptionError:
print("Decryption failed! Bob doesn't has access granted yet.")
#8
# Alice grants access to Bob by generating kfrags
# -----------------------------------------------
# When Alice wants to grant Bob access to open her encrypted messages,
# she creates *threshold split re-encryption keys*, or *"kfrags"*,
# which are next sent to N proxies or *Ursulas*.
# She uses her private key, and Bob's public key, and she sets a minimum
# threshold of 10, for 20 total shares
kfrags = pre.generate_kfrags(delegating_privkey=alices_private_key,
signer=alices_signer,
receiving_pubkey=bobs_public_key,
threshold=10,
N=20)