chore: Merge branch 'release/v3.1.0'

.github/workflows/ci.yml

@@ -39,6 +39,10 @@ jobs:
           KMS_SHARED_PATH: /tmp
         ports:
           - 9998:9998
+      findex_cloud:
+        image: ghcr.io/cosmian/findex_cloud:0.1.0
+        ports:
+          - 8080:8080
     runs-on: ubuntu-latest
     needs: build
     steps:
@@ -53,19 +57,22 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install mypy types-termcolor>=1.1 types_redis>=4.3
+          pip install mypy types-termcolor>=1.1 types_redis>=4.3 requests>=2.28 types-requests>=2.28
           scripts/ci_install_pyo3_builds.sh
           pip install cloudproof_py*.whl
       - name: Type-check
         run: |
-          mypy src/cloudproof_py/findex/ src/cloudproof_py/cover_crypt/
+          mypy src/cloudproof_py/findex/
+          mypy src/cloudproof_py/cover_crypt/
+          mypy src/cloudproof_py/cloudproof_fpe/
           mypy tests/
           mypy examples/cli_demo
           mypy examples/findex_upsert_search
           mypy examples/cover_crypt
       - name: Run tests
         run: |
           python tests/non_regression_cover_crypt.py --test --write
+          python tests/findex_cloud.py
           python -m unittest tests/test*.py
       - name: Upload non-regression test vectors
         uses: actions/upload-artifact@v3

.pre-commit-config.yaml

@@ -21,7 +21,7 @@ repos:
       - id: debug-statements
       - id: destroyed-symlinks
       - id: detect-private-key
-#      - id: double-quote-string-fixer
+      #      - id: double-quote-string-fixer
       - id: end-of-file-fixer
       - id: file-contents-sorter
       - id: fix-byte-order-marker
@@ -40,38 +40,44 @@ repos:
         args: [] # optional: list of Conventional Commits types to allow e.g. [feat, fix, ci, chore, test]
 
   - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v3.0.0-alpha.4
+    rev: v3.0.0-alpha.6
     hooks:
       - id: prettier
         types_or: [css, javascript, jsx, markdown, bash, java, sh]
 
   - repo: https://github.com/psf/black
-    rev: 22.12.0
+    rev: 23.1.0
     hooks:
-      - id:  black
+      - id: black
 
   - repo: https://github.com/pycqa/flake8
     rev: 6.0.0
     hooks:
-    - id: flake8
-      args: [--max-line-length=100]
+      - id: flake8
+        args: [--max-line-length=100]
 
   - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: 'v0.991'
+    rev: 'v1.1.1'
     hooks:
     - id: mypy
-      additional_dependencies: [types_termcolor==1.1.6, types_redis==4.3.21.6]
+      additional_dependencies: [types_termcolor==1.1.6, types_redis==4.3.21.6, types-requests==2.28.11.15, types-urllib3==1.26.25.8]
 
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.32.2
+    rev: v0.33.0
     hooks:
       - id: markdownlint-fix
-        args: [--disable=MD013, --disable=MD024, --disable=MD041, --disable=MD046]
+        args:
+          [
+            --disable=MD004,
+            --disable=MD013,
+            --disable=MD024,
+            --disable=MD041,
+            --disable=MD046,
+          ]
 
   - repo: https://github.com/Lucas-C/pre-commit-hooks-nodejs
     rev: v1.1.2
     hooks:
       - id: htmlhint
       - id: dockerfile_lint
       - id: markdown-toc
-        args: [--bullets='-'] # comment this to refresh TOC

CHANGELOG.md

@@ -4,6 +4,27 @@ All notable changes to this project will be documented in this file.
 
 ---
 
+## [3.1.0] - 2023-04-06
+
+### Features
+
+- Add Format-Preserving-Encryption (FPE):
+  - add integer and big integers encryption (as string with radix and digits)
+  - add string encryption according to given alphabet
+    - "numeric": 0123456789
+    - "hexa_decimal": 0123456789abcdef
+    - "alpha_lower": abcdefghijklmnopqrstuvwxyz
+    - "alpha_upper": ABCDEFGHIJKLMNOPQRSTUVWXYZ
+    - "alpha": abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
+    - "alpha_numeric": 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
+    - "utf": creates an Alphabet with the first 63489 (~2^16) Unicode characters
+    - "chinese": creates an Alphabet with the Chinese characters
+    - "latin1sup": creates an Alphabet with the latin-1 and latin1-supplement characters (supports French)
+    - "latin1sup_alphanum": creates an Alphabet with the latin-1 and latin1-supplement characters but without the non alphanumeric characters (supports French)
+  - add float encryption
+
+---
+
 ## [3.0.0] - 2023-03-08
 
 ### Features

examples/findex_upsert_search/main.py

@@ -103,7 +103,6 @@ def echo_progress_callback(res: ProgressResults) -> bool:
 
 
 if __name__ == "__main__":
-
     parser = argparse.ArgumentParser(description="Findex example.")
     parser.add_argument(
         "--redis", action="store_true", help="Use Redis to store Findex indexing tables"

pyproject.toml

@@ -7,16 +7,21 @@ cloudproof_py = ["py.typed", "*.pyi"]
 
 [project]
 name = "cloudproof_py"
-version = "3.0.0"
+version = "3.1.0"
 authors = [{ name = "Cosmian Tech", email = "tech@cosmian.com" }]
-description = "Python library for Cosmian Cloud Proof"
+description = "Python library for Cosmian Cloudproof"
 readme = "README.md"
 requires-python = ">=3.7"
 classifiers = [
   "Programming Language :: Python :: 3",
   "Operating System :: OS Independent",
 ]
-dependencies = ["cover-crypt >= 11.0.0, < 12.0.0", "findex >= 3.0.0, < 4.0.0", "cosmian-kms >= 4.3.3, < 5.0.0"]
+dependencies = [
+  "cover-crypt >= 11.0.0, < 12.0.0",
+  "findex >= 3.0.0, < 4.0.0",
+  "cosmian-kms >= 4.3.3, < 5.0.0",
+  "cloudproof-fpe >= 0.1.0, < 1.0.0",
+]
 
 [project.urls]
 "Homepage" = "https://github.com/Cosmian/cloudproof_python"

scripts/ci_install_pyo3_builds.sh

@@ -8,7 +8,7 @@ install_lib() {
         rm linux.zip && rm -rf x86_64*
 }
 
-install_lib "v1.0.0"
+install_lib "v1.1.0"
 if [ $? -ne 0 ]; then
-    install_lib "last_build/feature/pyo3-findex-cloud"
+    install_lib "last_build/feature/expose_fpe_in_interfaces"
 fi

scripts/extract_lib_types.py

@@ -9,6 +9,7 @@
     PKGs_dir = {
         "cloudproof_cover_crypt": f"{SRC_DIR}/cover_crypt",
         "cloudproof_findex": f"{SRC_DIR}/findex",
+        "cloudproof_fpe": f"{SRC_DIR}/cloudproof_fpe",
         "cosmian_kms": f"{SRC_DIR}/kms",
     }
 

src/cloudproof_py/cloudproof_fpe/__init__.py

@@ -0,0 +1,4 @@
+# -*- coding: utf-8 -*-
+from cloudproof_fpe import Alphabet, Integer, Float
+
+__all__ = ["Alphabet", "Integer", "Float"]

tests/findex_cloud.py

@@ -0,0 +1,48 @@
+# -*- coding: utf-8 -*-
+import json
+
+import requests
+
+from cloudproof_py.findex import FindexCloud, Label, Location
+
+if __name__ == "__main__":
+    base_url = "http://localhost:8080"
+    label = Label.from_string("Hello World!")
+
+    # Creating the index on the backend
+    try:
+        response = requests.post(f"{base_url}/indexes", json={"name": "test"})
+    except requests.exceptions.ConnectionError:
+        raise Exception(
+            "Findex Cloud docker should be running on your local machine to run this test!"
+        )
+
+    if response.status_code != 200:
+        raise Exception("Error while creating indexes in Findex Cloud!")
+
+    # Creating access token
+    index = json.loads(response.text)
+    token = FindexCloud.generate_new_token(
+        index["public_id"],
+        bytes(index["fetch_entries_key"]),
+        bytes(index["fetch_chains_key"]),
+        bytes(index["upsert_entries_key"]),
+        bytes(index["insert_chains_key"]),
+    )
+
+    # Upsert data
+    FindexCloud.upsert(
+        {
+            Location.from_string("42"): ["John", "Doe"],
+            Location.from_string("38"): ["Jane", "Doe"],
+        },
+        token,
+        label,
+        base_url=base_url,
+    )
+
+    # Search for keyword 'Doe'
+    res = FindexCloud.search(["Doe"], token, label, base_url=base_url)
+    assert len(res["Doe"]) == 2
+
+    print("Results:", res)

tests/test_fpe.py

@@ -0,0 +1,132 @@
+# -*- coding: utf-8 -*-
+import os
+import unittest
+
+from cloudproof_py.cloudproof_fpe import Alphabet, Float, Integer
+
+KEY_LENGTH = 32
+KEY = os.urandom(KEY_LENGTH)
+TWEAK = os.urandom(1024)
+
+
+class TestFpe(unittest.TestCase):
+    """
+    A unit test case for the Alphabet encryption and decryption methods.
+    """
+
+    def test_credit_card_numbers(self) -> None:
+        """
+        FPE on credit card numbers
+        """
+        alphabet = Alphabet("numeric")
+
+        for credit_card_number in [
+            "1234-1234-1234-1234",
+            "0000-0000-0000-0000",
+            "1234-5678-9012-3456",
+        ]:
+            ciphertext = alphabet.encrypt(KEY, TWEAK, credit_card_number)
+            cleartext = alphabet.decrypt(KEY, TWEAK, ciphertext)
+            assert len(credit_card_number) == len(ciphertext)
+            assert cleartext == credit_card_number
+
+    def test_chinese_text(self) -> None:
+        """
+        FPE on chinese text
+        """
+        alphabet = Alphabet("chinese")
+
+        for chinese_text in [
+            "天地玄黄 宇宙洪荒",
+            "日月盈昃 辰宿列张",
+            "寒来暑往 秋收冬藏",
+        ]:
+            ciphertext = alphabet.encrypt(KEY, TWEAK, chinese_text)
+            cleartext = alphabet.decrypt(KEY, TWEAK, ciphertext)
+            assert len(chinese_text) == len(ciphertext)
+            assert cleartext == chinese_text
+
+    def test_utf_text(self) -> None:
+        """
+        FPE on utf text
+        """
+        alphabet = Alphabet("utf")
+
+        for utf_text in [
+            "Bérangère Aigüe",
+            "ПРС-ТУФХЦЧШЩЪЫЬ ЭЮЯаб-вгдежз ийклмнопрст уфхцчш",
+            "吢櫬䀾羑襃￥",
+        ]:
+            ciphertext = alphabet.encrypt(KEY, TWEAK, utf_text)
+            cleartext = alphabet.decrypt(KEY, TWEAK, ciphertext)
+            assert len(utf_text) == len(ciphertext)
+            assert cleartext == utf_text
+
+    def test_custom_alphabet(self) -> None:
+        """
+        FPE with custom alphabet: adding the special characters /@&* to
+        the alpha numeric alphabet
+        """
+        alphabet = Alphabet("alpha_numeric")
+        alphabet.extend_with("/@&*")
+
+        for custom_alphabet_text in [
+            "Bérangère Aigüe 1234-&@",
+            "@@@@",
+            "&&&&&&&&&&&&&&&&&&",
+        ]:
+            ciphertext = alphabet.encrypt(KEY, TWEAK, custom_alphabet_text)
+            cleartext = alphabet.decrypt(KEY, TWEAK, ciphertext)
+            assert len(custom_alphabet_text) == len(ciphertext)
+            assert cleartext == custom_alphabet_text
+
+    def test_numbers(self) -> None:
+        """
+        FPE on numbers.
+        """
+        itg = Integer(10, 10)
+
+        for my_integer in [
+            1,
+            12,
+            1234567890,
+        ]:
+            ciphertext = itg.encrypt(KEY, TWEAK, my_integer)
+            cleartext = itg.decrypt(KEY, TWEAK, ciphertext)
+            assert cleartext == my_integer
+
+    def test_big_numbers(self) -> None:
+        """
+        FPE on numbers and big numbers.
+        """
+        big_int = Integer(10, 100)
+        for my_big_integer in [
+            "1",
+            "12",
+            "1234567890",
+            "123456789012345678901234567890",
+            "1234567890123456789012345678901234567890",
+            "12345678901234567890123456789012345678901234567890",
+        ]:
+            ciphertext = big_int.encrypt_big(KEY, TWEAK, my_big_integer)
+            cleartext = big_int.decrypt_big(KEY, TWEAK, ciphertext)
+            assert cleartext == my_big_integer
+
+    def test_floats(self) -> None:
+        """
+        FPE on floats
+        """
+        flt = Float()
+
+        for my_float in [
+            -1.0,
+            123456.0,
+            123456.123456,
+        ]:
+            ciphertext = flt.encrypt(KEY, TWEAK, my_float)
+            cleartext = flt.decrypt(KEY, TWEAK, ciphertext)
+            assert cleartext == my_float
+
+
+if __name__ == "__main__":
+    unittest.main()