fraunhofer-aisec / rabe Goto Github PK
View Code? Open in Web Editor NEWrabe is an Attribute Based Encryption library, written in Rust
License: MIT License
rabe is an Attribute Based Encryption library, written in Rust
License: MIT License
More or less.
You need to create a policy with ~80 attributes to produces the bug and call encrypt/keygen, respectively.
Unclear if this is a parser issue or scheme issue.
Happens with AC17/BSW schemes (all).
Hi all,
I compiled and built the lib based on the readme in the parent directory, but for some reason running rabe
commands led to a 'zsh: command not found: rabe' error, suggesting something went wrong.
WHen I went to compile rabe-console, everything but the last step worked. Running ../target/release/rabe
returned the following error:
--s <s>
USAGE:
rabe [OPTIONS] --s <s> [SUBCOMMAND]
For more information try --help```
which is cyclical because `rabe --help` doesn't work either.
How should I troubleshoot this?
The following will cause panic:
let human = String::from("(B and C)");
let _human_val: PolicyValue = parse(&human, PolicyLanguage::HumanPolicy).expect("unsuccessful parse");
The CLI tools do not work anymore for BSW and AC17 C/KP-ABE.
Apparently, the added schemes cause this.
The problem: https://github.com/Fraunhofer-AISEC/rabe/blob/master/src/main.rs#L1228
This line fails with:
0: std::sys::unix::backtrace::tracing::imp::unwind_backtrace
at src/libstd/sys/unix/backtrace/tracing/gcc_s.rs:39
1: std::sys_common::backtrace::_print
at src/libstd/sys_common/backtrace.rs:71
2: std::panicking::default_hook::{{closure}}
at src/libstd/sys_common/backtrace.rs:59
at src/libstd/panicking.rs:197
3: std::panicking::default_hook
at src/libstd/panicking.rs:211
4: std::panicking::rust_panic_with_hook
at src/libstd/panicking.rs:474
5: std::panicking::continue_panic_fmt
at src/libstd/panicking.rs:381
6: std::panicking::begin_panic_fmt
at src/libstd/panicking.rs:336
7: rabe::main::read_file
at src/main.rs:1574
8: rabe::main::run_encrypt
at src/main.rs:1228
9: rabe::main::run
at src/main.rs:406
10: rabe::main
at src/main.rs:393
11: std::rt::lang_start::{{closure}}
at /rustc/a53f9df32fbb0b5f4382caaad8f1a46f36ea887c/src/libstd/rt.rs:64
12: std::panicking::try::do_call
at src/libstd/rt.rs:49
at src/libstd/panicking.rs:293
13: __rust_maybe_catch_panic
at src/libpanic_unwind/lib.rs:85
14: std::rt::lang_start_internal
at src/libstd/panicking.rs:272
at src/libstd/panic.rs:394
at src/libstd/rt.rs:48
15: std::rt::lang_start
at /rustc/a53f9df32fbb0b5f4382caaad8f1a46f36ea887c/src/libstd/rt.rs:64
16: main
17: __libc_start_main
18: _start
Reason:
https://github.com/Fraunhofer-AISEC/rabe/blob/master/src/main.rs#L329
The wrong variable is assigned.
Hi,
in order to create msk and pk of an AC17 KP-ABE scheme, I used all as you say but it is not working. it says "--scheme: command not found".
where should I use this command? in my rabe path "ubuntu:~/rabe" ?
I think the problem is path, I did what you said in "compile and test" and it is work and I have no problem with it.
also I have another issue, how can I calculate time of run based on number of attributes? where can I change the number?
I hope you help me in this, I used so many ways but none works and I can't change number of attributes.
thanks
Hi. My name is Humberto.
I am studying about ABE, and I get rabe-console to test it.
But i don't take success in file encrypt e decryption. For example:
Start with:
$ rabe --s AC17CP setup
$ rabe --s AC17CP keygen --a 'A B'
In the encryption example 1:
rabe --s AC17CP encrypt pk.key 'B' teste.doc
It finish at error:
error: The following required arguments were not provided:
USAGE:
rabe encrypt [ARGS]
And other example, 2:
rabe encrypt pk.key "B" ./teste.doc
error: The following required arguments were not provided:
USAGE:
rabe --s encrypt [ARGS]
How to encrypt the teste.doc, and after decrypt it?
Would you add a full use scenario in the Rabe Console README file?
Thank you for attention.
use crate::error::RabeError;
#[cfg(feature = "borsh")]
use borsh::{BorshSerialize, BorshDeserialize};
#[cfg(not(feature = "borsh"))]
use serde::{Serialize, Deserialize};
Hi, I'm writing a C-FFI binding for this project, but i think some function signature is not reasonable enough.
pub fn keygen(
_pk: &KpAbePublicKey,
_msk: &KpAbeMasterKey,
_policy: &String,
_language: PolicyLanguage,
) -> Result<KpAbeSecretKey, RabeError>
the parameter _policy in this function is &String, but this function only need a immutable reference, i recommend use &str
.
Similarly, in this function:
pub fn encrypt(
_gk: &Aw11GlobalKey,
_pks: &Vec<Aw11PublicKey>,
_policy: &String,
_language: PolicyLanguage,
_plaintext: &[u8],
) -> Result<Aw11Ciphertext, RabeError>
the type of _pks should be &[Aw11PublicKey]
instead of &Vec<Aw11PublicKey>
String
from a *const c_char
by let s = String::from_raw_parts(policy as *mut u8,len, len)
during FFI calling.But, because this String
not really own its memory, so we need a std::mem::forget(s)
to make sure not free the memory passed by FFI calling.&str
, i can construct a slice from pointer directly and no need to care about memory.&Vec<Aw11PublicKey>
, i need to use Vec::from_raw_parts
and not free the memory.let policy = "xxxxx"
, i also need to construct a String
and pass it to function. But if the parameter is &str, i can pass policy
directly.String
had impl trait Deref<str>
, pass a &String
to a &str
is ok.&Vec<T>
instead of &[T]
has the same problem. Such as &Vec<String>
, all of these are FFI unfriendly and may cause unnecessary overhead under certain circumstances.Hi
I've built the project using cargo build --release
.
Now I see librabe.so
file. It contains these symbols (using nm
command):
0000000000004008 b completed.8061
w __cxa_finalize@@GLIBC_2.2.5
0000000000001040 t deregister_tm_clones
00000000000010b0 t __do_global_dtors_aux
0000000000003dd0 d __do_global_dtors_aux_fini_array_entry
0000000000004000 d __dso_handle
0000000000003dd8 d _DYNAMIC
0000000000001114 t _fini
00000000000010f0 t frame_dummy
0000000000003dc8 d __frame_dummy_init_array_entry
0000000000002094 r __FRAME_END__
0000000000003fc8 d _GLOBAL_OFFSET_TABLE_
w __gmon_start__
0000000000002000 r __GNU_EH_FRAME_HDR
0000000000001000 t _init
w _ITM_deregisterTMCloneTable
w _ITM_registerTMCloneTable
0000000000001070 t register_tm_clones
0000000000004008 d __TMC_END__
0000000000001100 t _ZN3std3sys4unix4args3imp15ARGV_INIT_ARRAY12init_wrapper17h9817c52b4f788959E
0000000000003dc0 d _ZN3std3sys4unix4args3imp15ARGV_INIT_ARRAY17hf93f535c4855ea1bE
0000000000004010 b _ZN3std3sys4unix4args3imp4ARGC17h4850cf38500183b7E.0
0000000000004018 b _ZN3std3sys4unix4args3imp4ARGV17hd52966b69df71d64E.0
I don't see any encrypt
or decrypt
function. Did I have a mistake in building the project? or is there another way to see the exports of this shared object (so) file.
finally I want to use this project in python language.
The following policy with duplicated attribute "B" would caused decryption in BSW scheme to fail:
let policy = String::from(r#"{"name": "or", "children": [{"name": "and", "children": [{"name": "A"}, {"name": "B"}]}, {"name": "and", "children": [{"name": "C"}, {"name": "B"}]}]}"#);
I've tested with the Python implementation by the original BSW authors and duplicated attributes are supported. Their paper also mentioned duplicated attributes are supported.
Please help to resolve this.
I've been using this library for part of my Ph.D. research. it has proven very useful so far, but I was wondering about the AES cipher used underneath.
I've seen that rabe calls aes
from aes-0.7.0.
This crate only offers AES or AES-CTR. Seemed weird to me, and I have checked the newest version of aes
crate and developers comment how:
This crate implements only the low-level block cipher function, and is intended for use for implementing higher-level constructions only. It is NOT intended for direct use in applications.
So now I'm wondering what mode of AES does Rabe use. Or whether at some point in the code you build AES-CBC or AES-GCM.
In case Rabe is using pure AES, since this is not recommended, are you planning on implementing AEADs?
BTW thanks for all the hard work ๐
Almost got cffi working, just missing 1 little thing, I guess...
from cffi import FFI
ffi = FFI()
ffi.cdef("""
struct CpAbeCiphertext;
struct CpAbeContext;
struct CpAbeSecretKey;
struct CpAbeContext* rabe_bsw_context_create();
void rabe_bsw_context_destroy(struct CpAbeContext* ctx);
struct CpAbeSecretKey* rabe_bsw_keygen(const struct CpAbeContext* ctx, const char* attributes);
void rabe_bsw_keygen_destroy(void* sk);
int32_t rabe_bsw_encrypt(const void* pk, char* policy, char* pt, int32_t pt_len, char** ct, int32_t *ct_len);
int32_t rabe_bsw_decrypt(const struct CpAbeSecretKey* sk, const char* ct, uint32_t ct_len, char** pt_buf, uint32_t *pt_len);
""")
C = ffi.dlopen("librabe.so")
ctx = C.rabe_bsw_context_create()
print(ctx)
sk = C.rabe_bsw_keygen(ctx, b"[ \"test1\", \"test2\", \"test3\" ]")
print(sk)
pt = b"testing123"
ct = ffi.new("char **")
ct_len = ???
output = C.rabe_bsw_encrypt(ctx, b"{\"OR\": [{\"ATT\": \"A\"}, {\"ATT\": \"B\"}]}", pt, len(pt), ct, ct_len)
print(output)
How should I define ct_len
?
Hello,
The YCT14 scheme was broken in [1] and a 'fixed' version was again broken in [2].
We have demonstrated how the attack can be implemented in practice in https://www.blackhat.com/eu-21/briefings/schedule/index.html#practical-attacks-against-attribute-based-encryption-25058.
[1] https://ieeexplore.ieee.org/document/8651482
[2] https://ieeexplore.ieee.org/document/9291064
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.