implement read for policy

src/abe_policy/policy.rs

@@ -2,6 +2,7 @@ use std::{
     collections::{HashMap, HashSet},
     fmt::Display,
     vec,
+    io::Read,
 };
 
 use super::{
@@ -16,6 +17,13 @@ impl Display for Policy {
     }
 }
 
+impl Read for Policy {
+    fn read(&mut self, buf: &mut [u8]) -> Result<usize, std::io::Error> {
+        self.read(buf);
+        Ok(0)
+    }
+}
+
 impl Default for Policy {
     fn default() -> Self {
         Self {

src/core/api.rs

@@ -58,58 +58,52 @@ impl Covercrypt {
     /// When a partition exists on the master keys, but not in the new policy,
     /// it is removed from the master keys.
     ///
-    ///  - `policy` : Policy to use to generate the keys
     ///  - `msk`    : master secret key
     ///  - `mpk`    : master public key
     pub fn update_master_keys(
         &self,
-        policy: &Policy,
         msk: &mut MasterSecretKey,
         mpk: &mut MasterPublicKey,
     ) -> Result<(), Error> {
         update(
             &mut *self.rng.lock().expect("Mutex lock failed!"),
             msk,
             mpk,
-            policy.generate_all_partitions()?,
+            msk.policy.generate_all_partitions()?,
         )
     }
 
     /// Generate new keys associated to the given access policy in the master
     /// keys. User keys will need to be refreshed after this step.
     ///  - `access_policy`  : describe the keys to renew
-    ///  - `policy`         : global policy
     ///  - `msk`            : master secret key
     ///  - `mpk`            : master public key
     pub fn rekey_master_keys(
         &self,
         access_policy: &AccessPolicy,
-        policy: &Policy,
         msk: &mut MasterSecretKey,
         mpk: &mut MasterPublicKey,
     ) -> Result<(), Error> {
         rekey(
             &mut *self.rng.lock().expect("Mutex lock failed!"),
             msk,
             mpk,
-            policy.access_policy_to_partitions(access_policy, false)?,
+            mpk.policy.access_policy_to_partitions(access_policy, false)?,
         )
     }
 
     /// Removes old keys associated to the given master keys from the master
     /// keys. This will permanently remove access to old ciphers.
     ///  - `access_policy`  : describe the keys to prune
-    ///  - `policy`         : global policy
     ///  - `msk`            : master secret key
     pub fn prune_master_secret_key(
         &self,
         access_policy: &AccessPolicy,
-        policy: &Policy,
         msk: &mut MasterSecretKey,
     ) -> Result<(), Error> {
         prune(
             msk,
-            &policy.access_policy_to_partitions(access_policy, false)?,
+            &msk.policy.access_policy_to_partitions(access_policy, false)?,
         )
     }
 

src/core/mod.rs

@@ -70,7 +70,7 @@ pub struct MasterPublicKey {
     g1: R25519PublicKey,
     g2: R25519PublicKey,
     pub(crate) subkeys: HashMap<Partition, PublicSubkey>,
-    pub policy: Policy
+    policy: Policy,
 }
 
 pub(super) type SecretSubkey = (Option<KyberSecretKey>, R25519PrivateKey);
@@ -82,7 +82,7 @@ pub struct  MasterSecretKey {
     s2: R25519PrivateKey,
     pub(crate) subkeys: RevisionMap<Partition, SecretSubkey>,
     kmac_key: Option<SymmetricKey<KMAC_KEY_LENGTH>>,
-    pub policy: Policy
+    policy: Policy,
 }
 
 #[derive(Debug, PartialEq, Eq)]

src/core/primitives.rs

@@ -8,8 +8,8 @@ use std::{
 
 use cosmian_crypto_core::{
     kdf256, reexport::rand_core::CryptoRngCore, FixedSizeCBytes, R25519CurvePoint,
-    R25519PrivateKey, R25519PublicKey, RandomFixedSizeCBytes, SymmetricKey,
-};
+    R25519PrivateKey, R25519PublicKey, RandomFixedSizeCBytes, SymmetricKey, 
+    };
 use pqc_kyber::{
     indcpa::{indcpa_dec, indcpa_enc, indcpa_keypair},
     KYBER_INDCPA_BYTES, KYBER_INDCPA_PUBLICKEYBYTES, KYBER_INDCPA_SECRETKEYBYTES, KYBER_SYMBYTES,
@@ -23,9 +23,8 @@ use super::{
 };
 use crate::{
     abe_policy::{
-        AttributeStatus,
-        AttributeStatus::{DecryptOnly, EncryptDecrypt},
-        EncryptionHint, Partition, Policy
+        AttributeStatus::{self, DecryptOnly, EncryptDecrypt},
+        EncryptionHint, Partition, Policy, PolicyVersion,
     },
     core::{Encapsulation, KeyEncapsulation, MasterPublicKey, MasterSecretKey, UserSecretKey},
     data_struct::{RevisionMap, RevisionVec},
@@ -194,13 +193,13 @@ pub fn setup(
             s2,
             subkeys: sub_sk,
             kmac_key,
-            policy: policy.clone()
+            policy,
         },
         MasterPublicKey {
             g1,
             g2,
             subkeys: sub_pk,
-            policy
+            policy,
         },
     )
 }

src/core/serialization.rs

@@ -88,7 +88,7 @@ impl Serializable for MasterPublicKey {
         let g2 = R25519PublicKey::try_from_bytes(de.read_array::<{ R25519PublicKey::LENGTH }>()?)?;
         let n_partitions = <usize>::try_from(de.read_leb128_u64()?)?;
         let mut subkeys = HashMap::with_capacity(n_partitions);
-        let mut policy = Policy::new();
+        let policy = Policy::read(de)?;
         for _ in 0..n_partitions {
             let partition = Partition::from(de.read_vec()?);
             let pk_i = deserialize_option!(de, KyberPublicKey(de.read_array()?));
@@ -149,7 +149,7 @@ impl Serializable for MasterSecretKey {
 
         let n_partitions = <usize>::try_from(de.read_leb128_u64()?)?;
         let mut subkeys = RevisionMap::with_capacity(n_partitions);
-        let mut policy = Policy::new();
+        let policy = Policy::Read(de)?;
         for _ in 0..n_partitions {
             let partition = Partition::from(de.read_vec()?);
             let n_keys = <usize>::try_from(de.read_leb128_u64()?)?;

src/test_utils/non_regression.rs

@@ -169,7 +169,7 @@ impl NonRegressionTestVector {
         let reg_vectors = Self {
             public_key: transcoder.encode(mpk.serialize()?),
             master_secret_key: transcoder.encode(msk.serialize()?),
-            policy: transcoder.encode(<Vec<u8>>::try_from(&msk.policy).unwrap()),
+            policy: master_secret_key.policy,
             //
             // Create user decryption keys
             top_secret_mkg_fin_key: UserSecretKeyTestVector::new(