🔧 Lock cryptography version (#235)

* 🔧 Lock cryptography version

* 🔧Lock black package version

This is due to build fails

* ✅ Auto Correct with Black v20

Author: keithrfung

Pipfile

@@ -5,7 +5,7 @@ verify_ssl = true
 
 [dev-packages]
 atomicwrites = "*"
-black = "*"
+black = "20.8b1"
 coverage = "*"
 docutils = "*"
 hypothesis = ">=5.15.1"
@@ -24,7 +24,7 @@ typish = '*'
 numpy = '>=1.18.2'
 jsons = '>=1.1.2'
 psutil = '>=5.7.2'
-cryptography = "*"
+cryptography = ">=3.2"
 
 [requires]
 python_version = "3.8"

Pipfile.lock

@@ -158,13 +158,13 @@ class CiphertextBallotSelection(
     After construction, the `crypto_hash` field is populated automatically in the `__post_init__` cycle
 
     A consumer of this object has the option to discard the `nonce` and/or discard the `proof`,
-    or keep both values.  
-    
+    or keep both values.
+
     By discarding the `nonce`, the encrypted representation and `proof`
     can only be regenerated if the nonce was derived from the ballot's master nonce.  If the nonce
     used for this selection is truly random, and it is discarded, then the proofs cannot be regenerated.
 
-    By keeping the `nonce`, or deriving the selection nonce from the ballot nonce, an external system can 
+    By keeping the `nonce`, or deriving the selection nonce from the ballot nonce, an external system can
     regenerate the proofs on demand.  This is useful for storage or memory constrained systems.
 
     By keeping the `proof` the nonce is not required fotor verify the encrypted selection.
@@ -202,9 +202,9 @@ def is_valid_encryption(
         Given an encrypted BallotSelection, validates the encryption state against a specific seed hash and public key.
         Calling this function expects that the object is in a well-formed encrypted state
         with the elgamal encrypted `message` field populated along with the DisjunctiveChaumPedersenProof `proof` populated.
-        the ElementModQ `description_hash` and the ElementModQ `crypto_hash` are also checked. 
+        the ElementModQ `description_hash` and the ElementModQ `crypto_hash` are also checked.
 
-        :param seed_hash: the hash of the SelectionDescription, or 
+        :param seed_hash: the hash of the SelectionDescription, or
                           whatever `ElementModQ` was used to populate the `description_hash` field.
         :param elgamal_public_key: The election public key
         """
@@ -310,10 +310,10 @@ class PlaintextBallotContest(ElectionObjectBase):
     this class can be either a partial or a complete representation of a contest dataset.  Specifically,
     a partial representation must include at a minimum the "affirmative" selections of a contest.
     A complete representation of a ballot must include both affirmative and negative selections of
-    the contest, AND the placeholder selections necessary to satisfy the ConstantChaumPedersen proof 
+    the contest, AND the placeholder selections necessary to satisfy the ConstantChaumPedersen proof
     in the CiphertextBallotContest.
 
-    Typically partial contests are passed into Electionguard for memory constrained systems, 
+    Typically partial contests are passed into Electionguard for memory constrained systems,
     while complete contests are passed into ElectionGuard when running encryption on an existing dataset.
     """
 
@@ -385,12 +385,12 @@ class CiphertextBallotContest(ElectionObjectBase, CryptoHashCheckable):
 
     CiphertextBallotContest can only be a complete representation of a contest dataset.  While
     PlaintextBallotContest supports a partial representation, a CiphertextBallotContest includes all data
-    necessary for a verifier to verify the contest.  Specifically, it includes both explicit affirmative 
+    necessary for a verifier to verify the contest.  Specifically, it includes both explicit affirmative
     and negative selections of the contest, as well as the placeholder selections that satisfy
     the ConstantChaumPedersen proof.
 
     Similar to `CiphertextBallotSelection` the consuming application can choose to discard or keep both
-    the `nonce` and the `proof` in some circumstances.  For deterministic nonce's derived from the 
+    the `nonce` and the `proof` in some circumstances.  For deterministic nonce's derived from the
     master nonce, both values can be regenerated.  If the `nonce` for this contest is completely random,
     then it is required in order to regenerate the proof.
     """
@@ -468,8 +468,8 @@ def is_valid_encryption(
         by verifying the accumulated sum of selections match the proof.
         Calling this function expects that the object is in a well-formed encrypted state
         with the `ballot_selections` populated with valid encrypted ballot selections,
-        the ElementModQ `description_hash`, the ElementModQ `crypto_hash`, and the ConstantChaumPedersenProof all populated. 
-        Specifically, the seed hash in this context is the hash of the ContestDescription, 
+        the ElementModQ `description_hash`, the ElementModQ `crypto_hash`, and the ConstantChaumPedersenProof all populated.
+        Specifically, the seed hash in this context is the hash of the ContestDescription,
         or whatever `ElementModQ` was used to populate the `description_hash` field.
         """
         if seed_hash != self.description_hash:
@@ -737,7 +737,7 @@ def is_valid_encryption(
         Calling this function expects that the object is in a well-formed encrypted state
         with the `contests` populated with valid encrypted ballot selections,
         and the ElementModQ `description_hash` also populated.
-        Specifically, the seed hash in this context is the hash of the Election Manifest, 
+        Specifically, the seed hash in this context is the hash of the Election Manifest,
         or whatever `ElementModQ` was used to populate the `description_hash` field.
         """
 

src/electionguard/ballot.py

@@ -139,7 +139,7 @@ def is_valid(
 @dataclass(frozen=True)
 class ChaumPedersenProof(Proof):
     """
-    Representation of a generic Chaum-Pedersen Zero Knowledge proof 
+    Representation of a generic Chaum-Pedersen Zero Knowledge proof
     """
 
     pad: ElementModP
@@ -170,9 +170,9 @@ def is_valid(
         - The given values 𝑎𝑖 and 𝑏𝑖 are both in the set Z𝑞^𝑟
         - The challenge value 𝑐 satisfies 𝑐 = 𝐻(𝑄, (𝐴, 𝐵), (𝑎 , 𝑏 ), 𝑀 ).
         - that the equations 𝑔^𝑣𝑖 = 𝑎𝑖𝐾^𝑐𝑖 mod 𝑝 and 𝐴^𝑣𝑖 = 𝑏𝑖𝑀𝑖^𝑐𝑖 mod 𝑝 are satisfied.
-        
+
         :param message: The ciphertext message
-        :param k: The public key corresponding to the private key used to encrypt 
+        :param k: The public key corresponding to the private key used to encrypt
                   (e.g. the Guardian public election key)
         :param m: The value being checked for validity
         :param q: The extended base hash of the election
@@ -380,7 +380,7 @@ def make_disjunctive_chaum_pedersen(
     :param message: An ElGamal ciphertext
     :param r: The nonce used creating the ElGamal ciphertext
     :param k: The ElGamal public key for the election
-    :param q: A value used when generating the challenge, 
+    :param q: A value used when generating the challenge,
                         usually the election extended base hash (𝑄')
     :param seed: Used to generate other random values here
     :param plaintext: Zero or one
@@ -408,7 +408,7 @@ def make_disjunctive_chaum_pedersen_zero(
     :param message: An ElGamal ciphertext
     :param r: The nonce used creating the ElGamal ciphertext
     :param k: The ElGamal public key for the election
-    :param q: A value used when generating the challenge, 
+    :param q: A value used when generating the challenge,
                         usually the election extended base hash (𝑄')
     :param seed: Used to generate other random values here
     """
@@ -443,7 +443,7 @@ def make_disjunctive_chaum_pedersen_one(
     :param message: An ElGamal ciphertext
     :param r: The nonce used creating the ElGamal ciphertext
     :param k: The ElGamal public key for the election
-    :param q: A value used when generating the challenge, 
+    :param q: A value used when generating the challenge,
                         usually the election extended base hash (𝑄')
     :param seed: Used to generate other random values here
     """
@@ -480,7 +480,7 @@ def make_chaum_pedersen(
     :param s: The nonce or secret used to derive the value
     :param m: The value we are trying to prove
     :param seed: Used to generate other random values here
-    :param hash_header: A value used when generating the challenge, 
+    :param hash_header: A value used when generating the challenge,
                         usually the election extended base hash (𝑄')
     """
     (alpha, beta) = message

src/electionguard/chaum_pedersen.py

@@ -20,7 +20,7 @@ class DataStore(Generic[_T, _U], Iterable):
     """
     A lightweight convenience wrapper around a dictionary for data storage.
     This implementation defines the common interface used to access stored
-    state elements.  
+    state elements.
     """
 
     _store: Dict[_T, _U]

src/electionguard/data_store.py

@@ -267,7 +267,10 @@ def compute_decryption_share_for_ballot(
             selections[decryption.object_id] = decryption
 
         contests[contest.object_id] = CiphertextDecryptionContest(
-            contest.object_id, guardian.object_id, contest.description_hash, selections,
+            contest.object_id,
+            guardian.object_id,
+            contest.description_hash,
+            selections,
         )
     return BallotDecryptionShare(
         guardian.object_id,
@@ -472,7 +475,8 @@ def compute_lagrange_coefficients_for_guardian(
         if g.owner_id != guardian_keys.owner_id
     ]
     return compute_lagrange_coefficient(
-        guardian_keys.sequence_order, *other_guardian_orders,
+        guardian_keys.sequence_order,
+        *other_guardian_orders,
     )
 
 
@@ -578,7 +582,10 @@ def reconstruct_decryption_contests(
         }
 
         selections: Dict[SELECTION_ID, CiphertextDecryptionSelection] = {}
-        for (selection_id, tally_selection,) in tally_contest.tally_selections.items():
+        for (
+            selection_id,
+            tally_selection,
+        ) in tally_contest.tally_selections.items():
 
             # collect all of the shares generated for each selection
             compensated_selection_shares: Dict[
@@ -604,7 +611,10 @@ def reconstruct_decryption_contests(
                 compensated_selection_shares,
             )
         contests[contest_id] = CiphertextDecryptionContest(
-            contest_id, missing_guardian_id, tally_contest.description_hash, selections,
+            contest_id,
+            missing_guardian_id,
+            tally_contest.description_hash,
+            selections,
         )
 
     return contests
@@ -706,5 +716,8 @@ def reconstruct_decryption_ballot(
             selections,
         )
     return BallotDecryptionShare(
-        missing_guardian_id, public_key.key, ballot.object_id, contests,
+        missing_guardian_id,
+        public_key.key,
+        ballot.object_id,
+        contests,
     )

src/electionguard/decryption.py

@@ -35,7 +35,7 @@
 @dataclass
 class DecryptionMediator:
     """
-    The Decryption Mediator composes partial decryptions from each Guardian 
+    The Decryption Mediator composes partial decryptions from each Guardian
     to form a decrypted representation of an election tally
     """
 
@@ -81,7 +81,7 @@ class DecryptionMediator:
 
     def announce(self, guardian: Guardian) -> Optional[TallyDecryptionShare]:
         """
-        Announce that a Guardian is present and participating in the decryption.  
+        Announce that a Guardian is present and participating in the decryption.
         A Decryption Share will be generated for the Guardian
 
         :param guardian: The guardian who will participate in the decryption.
@@ -208,7 +208,7 @@ def get_plaintext_tally(
         self, recompute: bool = False, decrypt: AuxiliaryDecrypt = rsa_decrypt
     ) -> Optional[PlaintextTally]:
         """
-        Get the plaintext tally for the election by composing each Guardian's 
+        Get the plaintext tally for the election by composing each Guardian's
         decrypted representation of each selection into a decrypted representation
 
         :param recompute: Specify if the function should recompute the result, even if one already exists.

src/electionguard/decryption_mediator.py

@@ -106,9 +106,9 @@ def is_valid(
         extended_base_hash: ElementModQ,
     ) -> bool:
         """
-        Verify that this CiphertextDecryptionSelection is valid for a 
+        Verify that this CiphertextDecryptionSelection is valid for a
         specific ElGamal key pair, public key, and election context.
-        
+
         :param message: the `ElGamalCiphertext` to compare
         :param election_public_key: the `ElementModP Election Public Key for the Guardian
         :param extended_base_hash: The `ElementModQ` election extended base hash.
@@ -127,17 +127,26 @@ def is_valid(
             return False
 
         if self.proof is not None and not self.proof.is_valid(
-            message, election_public_key, self.share, extended_base_hash,
+            message,
+            election_public_key,
+            self.share,
+            extended_base_hash,
         ):
             log_warning(
                 f"CiphertextDecryptionSelection is_valid failed for guardian: {self.guardian_id} selection: {self.object_id} with invalid proof"
             )
             return False
 
         if self.recovered_parts is not None:
-            for (compensating_guardian_id, part,) in self.recovered_parts.items():
+            for (
+                compensating_guardian_id,
+                part,
+            ) in self.recovered_parts.items():
                 if not part.proof.is_valid(
-                    message, part.recovery_key, part.share, extended_base_hash,
+                    message,
+                    part.recovery_key,
+                    part.share,
+                    extended_base_hash,
                 ):
 
                     log_warning(
@@ -179,7 +188,10 @@ def create_ciphertext_decryption_selection(
     else:
         log_warning(f"decryption share cannot assign {proof_or_recovery}")
         return CiphertextDecryptionSelection(
-            object_id, guardian_id, description_hash, share,
+            object_id,
+            guardian_id,
+            description_hash,
+            share,
         )
 
 
@@ -262,7 +274,7 @@ class BallotDecryptionShare:
 @dataclass
 class CompensatedBallotDecryptionShare:
     """
-    A Compensated Partial Decryption Share generated by 
+    A Compensated Partial Decryption Share generated by
     an available guardian on behalf of a missing guardian
     """
 
@@ -322,7 +334,7 @@ class TallyDecryptionShare:
 @dataclass
 class CompensatedTallyDecryptionShare:
     """
-    A Compensated Partial Decryption Share generated by 
+    A Compensated Partial Decryption Share generated by
     an available guardian on behalf of a missing guardian
     """
 
@@ -353,7 +365,8 @@ class CompensatedTallyDecryptionShare:
 
 
 def get_tally_shares_for_selection(
-    selection_id: str, shares: Dict[GUARDIAN_ID, TallyDecryptionShare],
+    selection_id: str,
+    shares: Dict[GUARDIAN_ID, TallyDecryptionShare],
 ) -> Dict[GUARDIAN_ID, Tuple[ELECTION_PUBLIC_KEY, CiphertextDecryptionSelection]]:
     """
     Get all of the cast shares for a specific selection
@@ -371,7 +384,9 @@ def get_tally_shares_for_selection(
 
 
 def get_spoiled_shares_for_selection(
-    ballot_id: str, selection_id: str, shares: Dict[GUARDIAN_ID, TallyDecryptionShare],
+    ballot_id: str,
+    selection_id: str,
+    shares: Dict[GUARDIAN_ID, TallyDecryptionShare],
 ) -> Dict[GUARDIAN_ID, Tuple[ELECTION_PUBLIC_KEY, CiphertextDecryptionSelection]]:
     """
     Get the spoiled shares for a given selection
@@ -393,7 +408,8 @@ def get_spoiled_shares_for_selection(
 
 
 def get_ballot_shares_for_selection(
-    selection_id: str, shares: Dict[GUARDIAN_ID, BallotDecryptionShare],
+    selection_id: str,
+    shares: Dict[GUARDIAN_ID, BallotDecryptionShare],
 ) -> Dict[GUARDIAN_ID, Tuple[ELECTION_PUBLIC_KEY, CiphertextDecryptionSelection]]:
     """
     Get the ballot shares for a given selection, in the context of a specific ballot