Skip to content

Commit

Permalink
wip: feat: refactor key structure
Browse files Browse the repository at this point in the history
  • Loading branch information
@tbrezot
tbrezot committed Jan 23, 2024
1 parent a872ce2 commit 1320757
Show file tree
Hide file tree
Showing 15 changed files with 931 additions and 520 deletions.
2 changes: 1 addition & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ full_bench = []
hybridized_bench = []

[dependencies]
cosmian_crypto_core = { version = "9.2.0", default-features = false, features = ["ser", "sha3", "aes", "curve25519"] }
cosmian_crypto_core = { path = "../crypto_core", default-features = false, features = ["ser", "sha3", "aes", "curve25519"] }
pqc_kyber = { version = "0.4", features = ["std", "hazmat"] }
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
Expand Down
2 changes: 1 addition & 1 deletion src/abe_policy/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ mod policy_versions;
pub use access_policy::AccessPolicy;
pub use attribute::{Attribute, AttributeStatus, Attributes, EncryptionHint};
pub use dimension::{AttributeParameters, Dimension, DimensionBuilder};
pub use partitions::Partition;
pub use partitions::Coordinate;
pub use policy_versions::{LegacyPolicy, PolicyV1, PolicyV2 as Policy};
use serde::{Deserialize, Serialize};

Expand Down
12 changes: 6 additions & 6 deletions src/abe_policy/partitions.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@ use crate::Error;
/// Partition associated to a subset. It corresponds to a combination
/// of attributes across all dimensions.
#[derive(Debug, Eq, PartialEq, PartialOrd, Ord, Clone, Hash)]
pub struct Partition(pub(crate) Vec<u8>);
pub struct Coordinate(Vec<u8>);

impl Partition {
impl Coordinate {
/// Creates a `Partition` from the given list of values.
pub fn from_attribute_ids(mut attribute_ids: Vec<u32>) -> Result<Self, Error> {
// guard against overflow of the 1024 bytes buffer below
Expand All @@ -34,21 +34,21 @@ impl Partition {
}
}

impl Deref for Partition {
impl Deref for Coordinate {
type Target = [u8];

fn deref(&self) -> &Self::Target {
&self.0
}
}

impl From<Vec<u8>> for Partition {
impl From<Vec<u8>> for Coordinate {
fn from(value: Vec<u8>) -> Self {
Self(value)
}
}

impl From<&[u8]> for Partition {
impl From<&[u8]> for Coordinate {
fn from(value: &[u8]) -> Self {
Self(value.to_vec())
}
Expand All @@ -63,7 +63,7 @@ mod tests {
#[test]
fn test_partitions() -> Result<(), Error> {
let mut values: Vec<u32> = vec![12, 0, u32::MAX, 1];
let partition = Partition::from_attribute_ids(values.clone())?;
let partition = Coordinate::from_attribute_ids(values.clone())?;
// values are sorted n Partition
values.sort_unstable();
let mut de = Deserializer::new(&partition);
Expand Down
34 changes: 17 additions & 17 deletions src/abe_policy/policy.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ use std::{
use serde_json::Value;

use super::{
AccessPolicy, Attribute, AttributeParameters, AttributeStatus, Dimension, DimensionBuilder,
EncryptionHint, LegacyPolicy, Partition, Policy, PolicyV1, PolicyVersion,
AccessPolicy, Attribute, AttributeParameters, AttributeStatus, Coordinate, Dimension,
DimensionBuilder, EncryptionHint, LegacyPolicy, Policy, PolicyV1, PolicyVersion,
};
use crate::Error;

Expand Down Expand Up @@ -177,12 +177,12 @@ impl Policy {
/// activation status.
pub fn generate_universal_coordinates(
&self,
) -> Result<HashMap<Partition, (EncryptionHint, AttributeStatus)>, Error> {
) -> Result<HashMap<Coordinate, (EncryptionHint, AttributeStatus)>, Error> {
let universe = self.dimensions.iter().collect::<Vec<_>>();
combine(universe.as_slice())
.into_iter()
.map(|(combination, is_hybridized, is_readonly)| {
Partition::from_attribute_ids(combination)
Coordinate::from_attribute_ids(combination)
.map(|coordinate| (coordinate, (is_hybridized, is_readonly)))
})
.collect()
Expand All @@ -200,7 +200,7 @@ impl Policy {
pub fn generate_semantic_space_coordinates(
&self,
ap: AccessPolicy,
) -> Result<HashSet<Partition>, Error> {
) -> Result<HashSet<Coordinate>, Error> {
let dnf = ap.to_dnf();
let mut coordinates = HashSet::new();
for conjunction in dnf {
Expand All @@ -216,7 +216,7 @@ impl Policy {
.collect::<Result<HashMap<_, _>, Error>>()?;
// TODO: Some coordinates may be computed twice (the lower dimensions).
for (ids, _, _) in combine(&semantic_space.iter().collect::<Vec<_>>()) {
coordinates.insert(Partition::from_attribute_ids(ids)?);
coordinates.insert(Coordinate::from_attribute_ids(ids)?);
}
}
Ok(coordinates)
Expand All @@ -232,11 +232,11 @@ impl Policy {
pub fn generate_point_coordinates(
&self,
ap: AccessPolicy,
) -> Result<HashSet<Partition>, Error> {
) -> Result<HashSet<Coordinate>, Error> {
let dnf = ap.to_dnf();
let mut coordinates = HashSet::with_capacity(dnf.len());
for conjunction in dnf {
let coo = Partition::from_attribute_ids(
let coo = Coordinate::from_attribute_ids(
conjunction
.into_iter()
.map(|attr| self.get_attribute(&attr).map(|params| params.id))
Expand Down Expand Up @@ -367,33 +367,33 @@ mod tests {
{
let mut coordinates = HashSet::new();

coordinates.insert(Partition::from_attribute_ids(vec![])?);
coordinates.insert(Coordinate::from_attribute_ids(vec![])?);

coordinates.insert(Partition::from_attribute_ids(vec![policy
coordinates.insert(Coordinate::from_attribute_ids(vec![policy
.get_attribute_id(&Attribute {
dimension: "Department".to_string(),
name: "HR".to_string(),
})?])?);

coordinates.insert(Partition::from_attribute_ids(vec![policy
coordinates.insert(Coordinate::from_attribute_ids(vec![policy
.get_attribute_id(&Attribute {
dimension: "Department".to_string(),
name: "FIN".to_string(),
})?])?);

coordinates.insert(Partition::from_attribute_ids(vec![policy
coordinates.insert(Coordinate::from_attribute_ids(vec![policy
.get_attribute_id(&Attribute {
dimension: "Security Level".to_string(),
name: "Protected".to_string(),
})?])?);

coordinates.insert(Partition::from_attribute_ids(vec![policy
coordinates.insert(Coordinate::from_attribute_ids(vec![policy
.get_attribute_id(&Attribute {
dimension: "Security Level".to_string(),
name: "Low Secret".to_string(),
})?])?);

coordinates.insert(Partition::from_attribute_ids(vec![
coordinates.insert(Coordinate::from_attribute_ids(vec![
policy.get_attribute_id(&Attribute {
dimension: "Department".to_string(),
name: "HR".to_string(),
Expand All @@ -404,7 +404,7 @@ mod tests {
})?,
])?);

coordinates.insert(Partition::from_attribute_ids(vec![
coordinates.insert(Coordinate::from_attribute_ids(vec![
policy.get_attribute_id(&Attribute {
dimension: "Department".to_string(),
name: "HR".to_string(),
Expand All @@ -415,7 +415,7 @@ mod tests {
})?,
])?);

coordinates.insert(Partition::from_attribute_ids(vec![
coordinates.insert(Coordinate::from_attribute_ids(vec![
policy.get_attribute_id(&Attribute {
dimension: "Department".to_string(),
name: "FIN".to_string(),
Expand All @@ -426,7 +426,7 @@ mod tests {
})?,
])?);

coordinates.insert(Partition::from_attribute_ids(vec![
coordinates.insert(Coordinate::from_attribute_ids(vec![
policy.get_attribute_id(&Attribute {
dimension: "Department".to_string(),
name: "FIN".to_string(),
Expand Down
18 changes: 9 additions & 9 deletions src/core/api.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ use super::primitives::prune;
use crate::{
abe_policy::{AccessPolicy, Policy},
core::{
primitives::{decaps, encaps, keygen, refresh, rekey, setup, update},
Encapsulation, MasterPublicKey, MasterSecretKey, UserSecretKey, SYM_KEY_LENGTH,
primitives::{decaps, encaps, keygen, refresh, rekey, setup, update_coordinate_keypairs},
Encapsulation, MasterPublicKey, MasterSecretKey, UserSecretKey, SEED_LENGTH,
},
Error,
};
Expand Down Expand Up @@ -67,7 +67,7 @@ impl Covercrypt {
msk: &mut MasterSecretKey,
mpk: &mut MasterPublicKey,
) -> Result<(), Error> {
update(
update_coordinate_keypairs(
&mut *self.rng.lock().expect("Mutex lock failed!"),
msk,
mpk,
Expand Down Expand Up @@ -171,7 +171,7 @@ impl Covercrypt {
policy: &Policy,
pk: &MasterPublicKey,
access_policy: AccessPolicy,
) -> Result<(SymmetricKey<SYM_KEY_LENGTH>, Encapsulation), Error> {
) -> Result<(SymmetricKey<SEED_LENGTH>, Encapsulation), Error> {
encaps(
&mut *self.rng.lock().expect("Mutex lock failed!"),
pk,
Expand All @@ -189,7 +189,7 @@ impl Covercrypt {
&self,
usk: &UserSecretKey,
encapsulation: &Encapsulation,
) -> Result<SymmetricKey<SYM_KEY_LENGTH>, Error> {
) -> Result<SymmetricKey<SEED_LENGTH>, Error> {
decaps(usk, encapsulation)
}

Expand All @@ -202,7 +202,7 @@ impl Covercrypt {
/// - `ad` : optional associated data
pub fn encrypt(
&self,
symmetric_key: &SymmetricKey<SYM_KEY_LENGTH>,
symmetric_key: &SymmetricKey<SEED_LENGTH>,
plaintext: &[u8],
ad: Option<&[u8]>,
) -> Result<Vec<u8>, Error> {
Expand All @@ -225,7 +225,7 @@ impl Covercrypt {
/// - `ad` : associated data
pub fn decrypt(
&self,
symmetric_key: &SymmetricKey<SYM_KEY_LENGTH>,
symmetric_key: &SymmetricKey<SEED_LENGTH>,
ciphertext: &[u8],
ad: Option<&[u8]>,
) -> Result<Vec<u8>, Error> {
Expand Down Expand Up @@ -274,7 +274,7 @@ impl EncryptedHeader {
encryption_policy: &AccessPolicy,
metadata: Option<&[u8]>,
authentication_data: Option<&[u8]>,
) -> Result<(SymmetricKey<SYM_KEY_LENGTH>, Self), Error> {
) -> Result<(SymmetricKey<SEED_LENGTH>, Self), Error> {
let (symmetric_key, encapsulation) =
cover_crypt.encaps(policy, public_key, encryption_policy.clone())?;

Expand Down Expand Up @@ -323,6 +323,6 @@ impl EncryptedHeader {
/// - `metadata` : additional data symmetrically encrypted in a header
#[derive(Debug, PartialEq, Eq)]
pub struct CleartextHeader {
pub symmetric_key: SymmetricKey<SYM_KEY_LENGTH>,
pub symmetric_key: SymmetricKey<SEED_LENGTH>,
pub metadata: Option<Vec<u8>>,
}
Loading

0 comments on commit 1320757

Please sign in to comment.