From 12e06c7be2321397e0d9bc7ea3cae30d491d74af Mon Sep 17 00:00:00 2001 From: phochard Date: Tue, 22 Oct 2024 18:31:54 +0200 Subject: [PATCH] implement read for policy --- src/abe_policy/policy.rs | 8 ++++++++ src/core/api.rs | 12 +++--------- src/core/mod.rs | 4 ++-- src/core/primitives.rs | 13 ++++++------- src/core/serialization.rs | 4 ++-- src/test_utils/non_regression.rs | 2 +- 6 files changed, 22 insertions(+), 21 deletions(-) diff --git a/src/abe_policy/policy.rs b/src/abe_policy/policy.rs index e453ec09..ef4dee1d 100644 --- a/src/abe_policy/policy.rs +++ b/src/abe_policy/policy.rs @@ -2,6 +2,7 @@ use std::{ collections::{HashMap, HashSet}, fmt::Display, vec, + io::Read, }; use super::{ @@ -16,6 +17,13 @@ impl Display for Policy { } } +impl Read for Policy { + fn read(&mut self, buf: &mut [u8]) -> Result { + self.read(buf); + Ok(0) + } +} + impl Default for Policy { fn default() -> Self { Self { diff --git a/src/core/api.rs b/src/core/api.rs index 0d3b5ed4..aa3c6c87 100644 --- a/src/core/api.rs +++ b/src/core/api.rs @@ -58,12 +58,10 @@ impl Covercrypt { /// When a partition exists on the master keys, but not in the new policy, /// it is removed from the master keys. /// - /// - `policy` : Policy to use to generate the keys /// - `msk` : master secret key /// - `mpk` : master public key pub fn update_master_keys( &self, - policy: &Policy, msk: &mut MasterSecretKey, mpk: &mut MasterPublicKey, ) -> Result<(), Error> { @@ -71,20 +69,18 @@ impl Covercrypt { &mut *self.rng.lock().expect("Mutex lock failed!"), msk, mpk, - policy.generate_all_partitions()?, + msk.policy.generate_all_partitions()?, ) } /// Generate new keys associated to the given access policy in the master /// keys. User keys will need to be refreshed after this step. /// - `access_policy` : describe the keys to renew - /// - `policy` : global policy /// - `msk` : master secret key /// - `mpk` : master public key pub fn rekey_master_keys( &self, access_policy: &AccessPolicy, - policy: &Policy, msk: &mut MasterSecretKey, mpk: &mut MasterPublicKey, ) -> Result<(), Error> { @@ -92,24 +88,22 @@ impl Covercrypt { &mut *self.rng.lock().expect("Mutex lock failed!"), msk, mpk, - policy.access_policy_to_partitions(access_policy, false)?, + mpk.policy.access_policy_to_partitions(access_policy, false)?, ) } /// Removes old keys associated to the given master keys from the master /// keys. This will permanently remove access to old ciphers. /// - `access_policy` : describe the keys to prune - /// - `policy` : global policy /// - `msk` : master secret key pub fn prune_master_secret_key( &self, access_policy: &AccessPolicy, - policy: &Policy, msk: &mut MasterSecretKey, ) -> Result<(), Error> { prune( msk, - &policy.access_policy_to_partitions(access_policy, false)?, + &msk.policy.access_policy_to_partitions(access_policy, false)?, ) } diff --git a/src/core/mod.rs b/src/core/mod.rs index 163b2f2d..a2770959 100644 --- a/src/core/mod.rs +++ b/src/core/mod.rs @@ -70,7 +70,7 @@ pub struct MasterPublicKey { g1: R25519PublicKey, g2: R25519PublicKey, pub(crate) subkeys: HashMap, - pub policy: Policy + policy: Policy, } pub(super) type SecretSubkey = (Option, R25519PrivateKey); @@ -82,7 +82,7 @@ pub struct MasterSecretKey { s2: R25519PrivateKey, pub(crate) subkeys: RevisionMap, kmac_key: Option>, - pub policy: Policy + policy: Policy, } #[derive(Debug, PartialEq, Eq)] diff --git a/src/core/primitives.rs b/src/core/primitives.rs index f136ed13..8f0a5b05 100644 --- a/src/core/primitives.rs +++ b/src/core/primitives.rs @@ -8,8 +8,8 @@ use std::{ use cosmian_crypto_core::{ kdf256, reexport::rand_core::CryptoRngCore, FixedSizeCBytes, R25519CurvePoint, - R25519PrivateKey, R25519PublicKey, RandomFixedSizeCBytes, SymmetricKey, -}; + R25519PrivateKey, R25519PublicKey, RandomFixedSizeCBytes, SymmetricKey, + }; use pqc_kyber::{ indcpa::{indcpa_dec, indcpa_enc, indcpa_keypair}, KYBER_INDCPA_BYTES, KYBER_INDCPA_PUBLICKEYBYTES, KYBER_INDCPA_SECRETKEYBYTES, KYBER_SYMBYTES, @@ -23,9 +23,8 @@ use super::{ }; use crate::{ abe_policy::{ - AttributeStatus, - AttributeStatus::{DecryptOnly, EncryptDecrypt}, - EncryptionHint, Partition, Policy + AttributeStatus::{self, DecryptOnly, EncryptDecrypt}, + EncryptionHint, Partition, Policy, PolicyVersion, }, core::{Encapsulation, KeyEncapsulation, MasterPublicKey, MasterSecretKey, UserSecretKey}, data_struct::{RevisionMap, RevisionVec}, @@ -194,13 +193,13 @@ pub fn setup( s2, subkeys: sub_sk, kmac_key, - policy: policy.clone() + policy, }, MasterPublicKey { g1, g2, subkeys: sub_pk, - policy + policy, }, ) } diff --git a/src/core/serialization.rs b/src/core/serialization.rs index fa30b020..5e836bea 100644 --- a/src/core/serialization.rs +++ b/src/core/serialization.rs @@ -88,7 +88,7 @@ impl Serializable for MasterPublicKey { let g2 = R25519PublicKey::try_from_bytes(de.read_array::<{ R25519PublicKey::LENGTH }>()?)?; let n_partitions = ::try_from(de.read_leb128_u64()?)?; let mut subkeys = HashMap::with_capacity(n_partitions); - let mut policy = Policy::new(); + let policy = Policy::read(de)?; for _ in 0..n_partitions { let partition = Partition::from(de.read_vec()?); let pk_i = deserialize_option!(de, KyberPublicKey(de.read_array()?)); @@ -149,7 +149,7 @@ impl Serializable for MasterSecretKey { let n_partitions = ::try_from(de.read_leb128_u64()?)?; let mut subkeys = RevisionMap::with_capacity(n_partitions); - let mut policy = Policy::new(); + let policy = Policy::Read(de)?; for _ in 0..n_partitions { let partition = Partition::from(de.read_vec()?); let n_keys = ::try_from(de.read_leb128_u64()?)?; diff --git a/src/test_utils/non_regression.rs b/src/test_utils/non_regression.rs index 9bf3478e..07fb5885 100644 --- a/src/test_utils/non_regression.rs +++ b/src/test_utils/non_regression.rs @@ -169,7 +169,7 @@ impl NonRegressionTestVector { let reg_vectors = Self { public_key: transcoder.encode(mpk.serialize()?), master_secret_key: transcoder.encode(msk.serialize()?), - policy: transcoder.encode(>::try_from(&msk.policy).unwrap()), + policy: master_secret_key.policy, // // Create user decryption keys top_secret_mkg_fin_key: UserSecretKeyTestVector::new(