Browse Source

zencode improve test and documentation for simple and dp3t scenarios

master
Jaromil 3 years ago
parent
commit
e6339c45ae
  1. 15
      build/zencode_scenario.sh
  2. 4
      docs/Makefile
  3. 38
      docs/pages/zencode.md
  4. 6
      src/lua/zenroom_common.lua
  5. 4
      test/zencode_data.lua
  6. 52
      test/zencode_dp3t/run.sh
  7. 8
      test/zencode_numericals.lua
  8. 124
      test/zencode_simple/run.sh

15
build/zencode_scenario.sh

@ -0,0 +1,15 @@
#!/usr/bin/env zsh
#
# build the zencode scenario test scripts and copy them into the
# documentation folder. called from zenroom/docs
scen="$1"
R="$PWD/.."
[[ -r "$R/test/zencode_${scen}" ]] || {
echo "error in script $0"
echo "scenario not found: $R/test/zencode_${scen}"
exit 1 }
pushd $R/test/zencode_${scen}
./run.sh
cp -av *zen *json $R/docs/_media/examples/zencode_${scen}
popd

4
docs/Makefile

@ -14,7 +14,9 @@ website:
@ln -fs _media/js/zenroom.data .
@mkdir -p _media/examples
@cp -v ../examples/*.keys ../examples/*.data ../examples/*.lua _media/examples/
@cp -av ../test/zencode_coconut ../test/zencode_simple _media/examples/
@../build/zencode_scenario.sh dp3t
@../build/zencode_scenario.sh simple
@cp -av ../test/zencode_coconut _media/examples/
@cp -v ../bindings/javascript/README.md pages/javascript.md
@cp -v ../bindings/python3/README.md pages/python.md

38
docs/pages/zencode.md

@ -58,18 +58,11 @@ In this phase each participant will create his/her own keypair, store it and com
The statement to generate a keypair (public and private keys) is simple:
[](../_media/examples/zencode_simple/AES01.zen ':include :type=code gherkin')
[](../_media/examples/zencode_simple/alice_keygen.zen ':include :type=code gherkin')
It will produce something like this:
```json
"Alice": {
"keypair": {
"private_key": "u64:F_NaS3Y6Xw6BW...",
"public_key": "u64:BLG0OGDwzP_gY41TZgGpUB4lTYCgpx9BJVScxSQAfwqEi..."
}
}
```
[](../_media/examples/zencode_simple/alice_keypair.json ':include :type=code json')
Where the public key is usually a longer octet and actually an [Elliptic Curve Point](/lua/modules/ECP.html) coordinate.
@ -96,14 +89,10 @@ After both Alice and Bob have their own keypairs and they both know
each other public key we can move forward to do asymmetric encryption
and signatures.
[](../_media/examples/zencode_simple/AES02.zen ':include :type=code gherkin')
[](../_media/examples/zencode_simple/alice_keypub.zen ':include :type=code gherkin')
```json
"Alice": {
"public_key": "u64:BLG0OGDwzP_gY41TZgGpUB4lTYCgpx9BJVScxSQAfwqEi..."
}
```
[](../_media/examples/zencode_simple/alice_pub.json ':include :type=code json')
The advantage of using Zencode here is the use of the `valid` keyword which effectively parses the `public key` object and verifies it as valid, in this case as being a valid point on the elliptic curve in use. This greatly reduces the possibility of common mistakes.
@ -121,14 +110,7 @@ Before getting to the encryption 2 other objects must be given:
So with an input separated between DATA and KEYS or grouped together in an array like:
```json
[
{"Bob": {"public_key":"u64:BGF59uMP0DkHoTjMT..."} },
{"Alice": { "keypair": {
"private_key": "u64:F_NaS3Y6Xw6BW...",
"public_key": "u64:BLG0OGDwzP_gY41TZgGpUB4lTYCgpx9BJVScxSQAfwqEi..." } } }
]
```
[](../_media/examples/zencode_simple/bob_keyring.json ':include :type=code json')
[](../_media/examples/zencode_simple/AES05.zen ':include :type=code gherkin')
@ -150,12 +132,15 @@ sequenceDiagram
**1. Alice encrypts the message using Bob's public key**
[](../_media/examples/zencode_simple/AES05.zen ':include :type=code gherkin')
**2. Bob prepares a keyring with Alice's public key**
[](../_media/examples/zencode_simple/AES06.zen ':include :type=code gherkin')
**3. Bob decrypts the message using Alice's public key**
[](../_media/examples/zencode_simple/AES07.zen ':include :type=code gherkin')
In this basic example the session key for encryption is made combining
@ -255,12 +240,7 @@ These 3 arguments can be written or imported, but must given before using the `I
The output is returned in `secret message` and it looks like:
```json
{"secret_message":{"iv":"u64:-tU2gbox9kATCeC2k_zkhYM-PBA3IzvN7HtfyVXdzB4",
"header":"u64:dGhpc19pc19mb3JfQm9i",
"text":"u64:cw4M3FBO3zaPRAB26d6y8SMPGgAo_0AmJUrhg5dmKwoEB7BWLAAD_A2h",
"checksum":"u64:UugLrIuxRX46BETc1-XkrA"}}
```
[](../_media/examples/zencode_simple/cipher_message.json ':include :type=code json')
To decode make sure to have that secret password and that a valid `secret message` is given, then use:

6
src/lua/zenroom_common.lua

@ -230,10 +230,12 @@ local function split(src,pat)
src:gsub(pat, function(x) tbl[#tbl+1]=x end)
return tbl
end
function strtok(src)
function strtok(src, pat)
if not src then return { } end
pat = pat or "%S+"
ZEN.assert(luatype(src) == "string", "strtok error: argument is not a string")
return split(src, "%S+") end
return split(src, pat)
end
-- assert all values in table are converted to zenroom types
-- used in zencode when transitioning out of given memory

4
test/zencode_data.lua

@ -14,8 +14,8 @@ rule check version 1.0.0
rule input encoding string
Given I have a 'inside' inside 'first'
and I have a 'third'
When I write 'first.inside' in 'test'
and I write 'three' in 'tertiur'
When I write string 'first.inside' in 'test'
and I write string 'three' in 'tertiur'
and I verify 'third' is equal to 'tertiur'
Then print the 'test' as 'string'
]])

52
test/zencode_dp3t/run.sh

@ -2,38 +2,16 @@
# https://github.com/DP-3T/documents
# use executable in current directory
Z=../../src/zenroom
D=.
####################
# common script init
if ! test -r ../utils.sh; then
echo "run executable from its own directory: $0"; exit 1; fi
. ../utils.sh
Z="`detect_zenroom_path` `detect_zenroom_conf`"
####################
if test -r ./zenroom-linux-amd64; then
Z=./zenroom-linux-amd64
D=./out-dp3t
elif test -r ./zenroom-osx.command; then
Z=./zenroom-osx.command;
D=./out-dp3t
elif test -r ./src/zenroom; then
Z=./src/zenroom
D=./out-dp3t
elif test -r ../../src/zenroom; then
Z=../../src/zenroom
D=./out-dp3t
fi
if ! test -r $Z; then
echo "Zenroom executable not found"
echo "download yours from https://files.dyne.org/zenroom/nightly/"
exit 1
fi
alias zenroom=$Z
chmod +x $Z
echo "Zenroom executable: $Z"
mkdir -p $D
echo "destination dir: $D"
cat <<EOF | $Z -z | tee $D/SK1.json
cat <<EOF | tee dp3t_keygen.zen | $Z -z | tee SK1.json
rule check version 1.0.0
rule input encoding hex
rule output encoding hex
@ -44,7 +22,7 @@ Then print the 'secret day key'
EOF
cat <<EOF | $Z -z -a $D/SK1.json | tee $D/SK2.json
cat <<EOF | tee dp3t_keyderiv.zen | $Z -z -a SK1.json | tee SK2.json
scenario 'dp3t': Decentralized Privacy-Preserving Proximity Tracing
rule check version 1.0.0
rule input encoding hex
@ -54,11 +32,7 @@ When I renew the secret day key to a new day
Then print the 'secret day key'
EOF
cat <<EOF | tee $D/moments.json
{ "moments": "8" }
EOF
cat <<EOF | $Z -z -k $D/SK2.json | tee $D/EphID_2.json
cat <<EOF | tee dp3t_ephidgen.zen | $Z -z -k SK2.json | tee EphID_2.json
scenario 'dp3t': Decentralized Privacy-Preserving Proximity Tracing
rule check version 1.0.0
rule input encoding hex
@ -73,7 +47,7 @@ EOF
# now generate a test with 40.000 infected SK
cat <<EOF | $Z -c memmanager=sys -z > $D/SK_infected_40k.json
cat <<EOF | $Z -z > SK_infected_40k.json
rule check version 1.0.0
rule input encoding hex
rule output encoding hex
@ -84,7 +58,7 @@ Then print the 'list of infected'
EOF
# extract a few random infected ephemeral ids to simulate proximity
cat <<EOF | $Z -c memmanager=sys,debug=1 -z -a $D/SK_infected_40k.json | tee $D/EphID_infected.json
cat <<EOF | $Z -z -a SK_infected_40k.json | tee EphID_infected.json
scenario 'dp3t'
rule check version 1.0.0
rule input encoding hex
@ -100,7 +74,7 @@ Then print the 'ephemeral ids'
EOF
# given a list of infected and a list of ephemeral ids
cat <<EOF | time $Z -c memmanager=sys,debug=1 -z -a $D/SK_infected_40k.json -k $D/EphID_infected.json
cat <<EOF | tee dp3t_check.zen | $Z -z -a SK_infected_40k.json -k EphID_infected.json
scenario 'dp3t'
rule check version 1.0.0
rule input encoding hex

8
test/zencode_numericals.lua

@ -7,8 +7,8 @@ ZEN:begin()
ZEN:parse([[
rule check version 1.0.0
Given nothing
When I set 'left' to '10'
and I set 'right' to '20'
When I write number '10' in 'left'
and I write number '20' in 'right'
and number 'left' is less or equal than 'right'
Then print 'OK'
]])
@ -31,8 +31,8 @@ ZEN:begin()
ZEN:parse([[
rule check version 1.0.0
Given nothing
When I set 'left' to '0a' formatted as 'hex'
and I set 'right' to '14' formatted as 'hex'
When I set 'left' to '0a' base '16'
and I set 'right' to '14' base '16'
and number 'left' is less than 'right'
Then print 'OK'
]])

124
test/zencode_simple/run.sh

@ -0,0 +1,124 @@
#!/usr/bin/env bash
####################
# common script init
if ! test -r ../utils.sh; then
echo "run executable from its own directory: $0"; exit 1; fi
. ../utils.sh
Z="`detect_zenroom_path` `detect_zenroom_conf`"
####################
cat <<EOF | tee SYM01.zen | $Z -z > secret.json
rule check version 1.0.0
Scenario simple: Generate a random password
Given nothing
When I create a random 'password'
Then print the 'password'
EOF
cat <<EOF | tee SYM02.zen | $Z -z > cipher_message.json
Scenario simple: Encrypt a message with the password
Given nothing
# only inline input, no KEYS or DATA passed
When I write string 'my secret word' in 'password'
and I write string 'a very short but very confidential message' in 'whisper'
and I write string 'for your eyes only' in 'header'
# header is implicitly used when encrypt
and I encrypt the secret message 'whisper' with 'password'
# anything introduced by 'the' becomes a new variable
Then print the 'secret message'
EOF
cat <<EOF | tee SYM03.zen | $Z -a cipher_message.json -z
Scenario simple: Decrypt the message with the password
Given I have a valid 'secret message'
When I write string 'my secret word' in 'password'
and I decrypt the secret message with 'password'
Then print as 'string' the 'text' inside 'message'
and print as 'string' the 'header' inside 'message'
EOF
cat <<EOF | tee alice_keygen.zen | $Z -z > alice_keypair.json
Scenario 'simple': Create the keypair
Given that I am known as 'Alice'
When I create the keypair
Then print my data
EOF
cat <<EOF | tee alice_keypub.zen | $Z -z -k alice_keypair.json > alice_pub.json
Scenario 'simple': Publish the public key
Given that I am known as 'Alice'
and I have my valid 'public key'
Then print my 'public key'
EOF
cat <<EOF | tee DSA01.zen | $Z -z -k alice_keypair.json | tee alice_signs_to_bob.json
Rule check version 1.0.0
Scenario 'simple': Alice signs a message for Bob
Given that I am known as 'Alice'
and I have my valid 'keypair'
When I write string 'This is my signed message to Bob.' in 'draft'
and I create the signature of 'draft'
Then print my 'signature'
and print my 'draft'
EOF
cat <<EOF | tee DSA02.zen | $Z -z -k alice_pub.json -a alice_signs_to_bob.json
rule check version 1.0.0
Scenario 'simple': Bob verifies the signature from Alice
Given that I am known as 'Bob'
and I have a valid 'public key' from 'Alice'
and I have a valid 'signature' from 'Alice'
and I have a 'draft'
When I verify the 'draft' is signed by 'Alice'
Then print 'signature' 'correct' as 'string'
and print as 'string' the 'draft'
EOF
cat <<EOF | tee bob_keygen.zen | $Z -z > bob_keypair.json
Scenario 'simple': Create the keypair
Given that I am known as 'Bob'
When I create the keypair
Then print my data
EOF
cat <<EOF | tee bob_keypub.zen | $Z -z -k bob_keypair.json > bob_pub.json
Scenario 'simple': Publish the public key
Given that I am known as 'Bob'
and I have my valid 'public key'
Then print my 'public key'
EOF
cat <<EOF | tee AES05.zen | $Z -z -k alice_keypair.json -a bob_pub.json | tee alice_to_bob.json
Rule check version 1.0.0
Scenario 'simple': Alice encrypts a message for Bob
Given that I am known as 'Alice'
and I have my valid 'keypair'
and I have a valid 'public key' from 'Bob'
When I write string 'This is my secret message.' in 'message'
and I write string 'This is the header' in 'header'
and I encrypt the message for 'Bob'
Then print the 'secret message'
EOF
cat <<EOF | tee AES06.zen | $Z -z -k bob_keypair.json -a alice_pub.json | tee bob_keyring.json
Rule check version 1.0.0
Scenario 'simple': Bob gathers public keys in his keyring
Given that I am 'Bob'
and I have my valid 'keypair'
and I have a valid 'public key' from 'Alice'
Then print my 'keypair'
and print the 'public key'
EOF
cat <<EOF | tee AES07.zen | $Z -z -k bob_keyring.json -a alice_to_bob.json
Rule check version 1.0.0
Scenario 'simple': Bob decrypts the message from Alice
Given that I am known as 'Bob'
and I have my valid 'keypair'
and I have a valid 'public key' from 'Alice'
and I have a valid 'secret message'
When I decrypt the secret message from 'Alice'
Then print as 'string' the 'message'
and print as 'string' the 'header' inside 'secret message'
EOF
Loading…
Cancel
Save