Skip to content

Commit

Permalink
rename!: rename from_boolean_expression into parse
Browse files Browse the repository at this point in the history
  • Loading branch information
@tbrezot
tbrezot committed Jan 18, 2024
1 parent 890200a commit 70ea3d9
Show file tree
Hide file tree
Showing 6 changed files with 36 additions and 70 deletions.
26 changes: 10 additions & 16 deletions benches/benches.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,16 +118,13 @@ fn get_access_policies() -> (Vec<AccessPolicy>, Vec<AccessPolicy>) {
// Access policy with 1 partition
#[allow(unused_mut)]
let mut access_policies =
vec![
AccessPolicy::from_boolean_expression("Department::FIN && Security Level::Protected")
.unwrap(),
];
vec![AccessPolicy::parse("Department::FIN && Security Level::Protected").unwrap()];

#[cfg(feature = "full_bench")]
{
// Access policy with 2 partition
access_policies.push(
AccessPolicy::from_boolean_expression(
AccessPolicy::parse(
"(Department::FIN && Security Level::Protected) || (Department::HR && Security \
Level::Confidential)",
)
Expand All @@ -136,7 +133,7 @@ fn get_access_policies() -> (Vec<AccessPolicy>, Vec<AccessPolicy>) {

// Access policy with 3 partition
access_policies.push(
AccessPolicy::from_boolean_expression(
AccessPolicy::parse(
"(Department::FIN && Security Level::Protected) || ((Department::HR || \
Department::MKG) && Security Level::Confidential)",
)
Expand All @@ -145,7 +142,7 @@ fn get_access_policies() -> (Vec<AccessPolicy>, Vec<AccessPolicy>) {

// Access policy with 4 partition
access_policies.push(
AccessPolicy::from_boolean_expression(
AccessPolicy::parse(
"(Department::FIN && Security Level::Protected) || ((Department::HR || \
Department::MKG || Department::RD) && Security Level::Confidential)",
)
Expand All @@ -154,7 +151,7 @@ fn get_access_policies() -> (Vec<AccessPolicy>, Vec<AccessPolicy>) {

// Access policy with 5 partition
access_policies.push(
AccessPolicy::from_boolean_expression(
AccessPolicy::parse(
"(Department::FIN && Security Level::Protected) || ((Department::HR || \
Department::MKG || Department::RD) && Security Level::Confidential) || \
(Department::HR && Security Level::Top Secret)",
Expand All @@ -167,35 +164,32 @@ fn get_access_policies() -> (Vec<AccessPolicy>, Vec<AccessPolicy>) {
// policies is always "Department::FIN && Security Level::Protected" only.
#[allow(unused_mut)]
let mut user_access_policies =
vec![
AccessPolicy::from_boolean_expression("Department::FIN && Security Level::Protected")
.unwrap(),
];
vec![AccessPolicy::parse("Department::FIN && Security Level::Protected").unwrap()];

#[cfg(feature = "full_bench")]
{
user_access_policies.push(
AccessPolicy::from_boolean_expression(
AccessPolicy::parse(
"(Department::FIN && Department::MKG) && Security Level::Protected",
)
.unwrap(),
);
user_access_policies.push(
AccessPolicy::from_boolean_expression(
AccessPolicy::parse(
"(Department::FIN && Department::MKG && Department::HR) && Security \
Level::Protected",
)
.unwrap(),
);
user_access_policies.push(
AccessPolicy::from_boolean_expression(
AccessPolicy::parse(
"(Department::RD && Department::FIN && Department::MKG && Department::HR) && \
Security Level::Protected",
)
.unwrap(),
);
user_access_policies.push(
AccessPolicy::from_boolean_expression(
AccessPolicy::parse(
"(Department::RD && Department::FIN && Department::MKG && Department::HR && \
Department::CYBER) && Security Level::Protected",
)
Expand Down
3 changes: 1 addition & 2 deletions examples/runme.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,7 @@ fn main() {
// The user has a security clearance `Security Level::Top Secret`,
// and belongs to the finance department (`Department::FIN`).
let access_policy =
AccessPolicy::from_boolean_expression("Security Level::Top Secret && Department::FIN")
.unwrap();
AccessPolicy::parse("Security Level::Top Secret && Department::FIN").unwrap();
let mut usk = cover_crypt
.generate_user_secret_key(&msk, &access_policy, &policy)
.unwrap();
Expand Down
8 changes: 0 additions & 8 deletions src/abe_policy/access_policy.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,14 +52,6 @@ impl AccessPolicy {
})
}

/// Converts a boolean expression into `AccessPolicy`.
///
/// See [`parse`](AccessPolicy::parse).
#[deprecated(since="14.0.0", note="please use `AccessPolicy::parse` instead")]
pub fn from_boolean_expression(boolean_expression: &str) -> Result<Self, Error> {
Self::parse(boolean_expression)
}

/// Parses the given string into an access policy.
///
/// # Abstract grammar
Expand Down
12 changes: 4 additions & 8 deletions src/abe_policy/policy.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -348,8 +348,8 @@ mod tests {

let ap = "(Department::HR || Department::FIN) && Security Level::Low Secret";

let semantic_space_coordinates = policy
.generate_semantic_space_coordinates(AccessPolicy::from_boolean_expression(ap)?)?;
let semantic_space_coordinates =
policy.generate_semantic_space_coordinates(AccessPolicy::parse(ap)?)?;

// Check the number of coordinates is correct.
assert_eq!(semantic_space_coordinates.len(), (2 + 1) * (2 + 1));
Expand Down Expand Up @@ -446,9 +446,7 @@ mod tests {

assert_eq!(
policy
.generate_semantic_space_coordinates(AccessPolicy::from_boolean_expression(
ap
)?)?
.generate_semantic_space_coordinates(AccessPolicy::parse(ap)?)?
.len(),
// remove (2 + 1) not to count "Security Level::Protected" -> "Security Level::Low Secret" twice
2 * (1 + 1) * (2 + 1) - (2 + 1)
Expand All @@ -458,9 +456,7 @@ mod tests {
|| (Department::MKG && Security Level::Medium Secret)";
assert_eq!(
policy
.generate_semantic_space_coordinates(AccessPolicy::from_boolean_expression(
ap
)?)?
.generate_semantic_space_coordinates(AccessPolicy::parse(ap)?)?
.len(),
// remove (2 + 1) not to count "Security Level::Protected" -> "Security Level::Low Secret" twice
(1 + 1) * (2 + 1) + (1 + 1) * (3 + 1) - (2 + 1)
Expand Down
49 changes: 19 additions & 30 deletions src/test_utils/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,9 +149,7 @@ mod tests {
let cover_crypt = Covercrypt::default();
let (mut msk, mut mpk) = cover_crypt.generate_master_keys(&policy)?;

let ap = AccessPolicy::from_boolean_expression(
"Department::MKG && Security Level::High Secret",
)?;
let ap = AccessPolicy::parse("Department::MKG && Security Level::High Secret")?;
let mut usk = cover_crypt.generate_user_secret_key(&msk, &ap, &policy)?;
let original_usk = UserSecretKey::deserialize(usk.serialize()?.as_slice())?;

Expand Down Expand Up @@ -205,8 +203,7 @@ mod tests {

//
// User secret key
let decryption_policy =
AccessPolicy::from_boolean_expression("Security Level::Low Secret")?;
let decryption_policy = AccessPolicy::parse("Security Level::Low Secret")?;
let mut low_secret_usk =
cover_crypt.generate_user_secret_key(&msk, &decryption_policy, &policy)?;

Expand All @@ -227,9 +224,8 @@ mod tests {

//
// Encrypt
let secret_sales_ap = AccessPolicy::from_boolean_expression(
"Security Level::Low Secret && Department::Sales",
)?;
let secret_sales_ap =
AccessPolicy::parse("Security Level::Low Secret && Department::Sales")?;
let (_, encrypted_header) =
EncryptedHeader::generate(&cover_crypt, &policy, &mpk, &secret_sales_ap, None, None)?;

Expand Down Expand Up @@ -263,16 +259,15 @@ mod tests {

//
// New user secret key
let decryption_policy = AccessPolicy::from_boolean_expression(
let decryption_policy = AccessPolicy::parse(
"Security Level::Top Secret && (Department::FIN || Department::HR)",
)?;
let mut top_secret_fin_usk =
cover_crypt.generate_user_secret_key(&msk, &decryption_policy, &policy)?;

//
// Encrypt
let top_secret_ap =
AccessPolicy::from_boolean_expression("Security Level::Top Secret && Department::FIN")?;
let top_secret_ap = AccessPolicy::parse("Security Level::Top Secret && Department::FIN")?;
let (_, encrypted_header) =
EncryptedHeader::generate(&cover_crypt, &policy, &mpk, &top_secret_ap, None, None)?;

Expand All @@ -296,7 +291,7 @@ mod tests {

// refresh the user key and preserve access to old partitions
let _new_decryption_policy =
AccessPolicy::from_boolean_expression("Security Level::Top Secret && Department::HR")?;
AccessPolicy::parse("Security Level::Top Secret && Department::HR")?;

// refreshing the user key will remove access to removed partitions even if we
// keep old rotations
Expand All @@ -320,16 +315,15 @@ mod tests {

//
// New user secret key
let decryption_policy = AccessPolicy::from_boolean_expression(
let decryption_policy = AccessPolicy::parse(
"Security Level::Top Secret && (Department::FIN || Department::HR)",
)?;
let mut top_secret_fin_usk =
cover_crypt.generate_user_secret_key(&msk, &decryption_policy, &policy)?;

//
// Encrypt
let top_secret_ap =
AccessPolicy::from_boolean_expression("Security Level::Top Secret && Department::FIN")?;
let top_secret_ap = AccessPolicy::parse("Security Level::Top Secret && Department::FIN")?;
let (_, encrypted_header) =
EncryptedHeader::generate(&cover_crypt, &policy, &mpk, &top_secret_ap, None, None)?;

Expand All @@ -350,8 +344,7 @@ mod tests {
.is_ok());

// Can not encrypt using deactivated attribute
let top_secret_ap =
AccessPolicy::from_boolean_expression("Security Level::Top Secret && Department::FIN")?;
let top_secret_ap = AccessPolicy::parse("Security Level::Top Secret && Department::FIN")?;

assert!(
EncryptedHeader::generate(&cover_crypt, &policy, &mpk, &top_secret_ap, None, None)
Expand Down Expand Up @@ -388,14 +381,13 @@ mod tests {
//
// New user secret key
let decryption_policy =
AccessPolicy::from_boolean_expression("Security Level::Top Secret && Department::FIN")?;
AccessPolicy::parse("Security Level::Top Secret && Department::FIN")?;
let mut top_secret_fin_usk =
cover_crypt.generate_user_secret_key(&msk, &decryption_policy, &policy)?;

//
// Encrypt
let top_secret_ap =
AccessPolicy::from_boolean_expression("Security Level::Top Secret && Department::FIN")?;
let top_secret_ap = AccessPolicy::parse("Security Level::Top Secret && Department::FIN")?;
let (_, encrypted_header) =
EncryptedHeader::generate(&cover_crypt, &policy, &mpk, &top_secret_ap, None, None)?;

Expand All @@ -410,9 +402,8 @@ mod tests {
.is_ok());

// refresh the user key and preserve access to old partitions
let _new_decryption_policy = AccessPolicy::from_boolean_expression(
"Security Level::Top Secret && Department::Finance",
)?;
let _new_decryption_policy =
AccessPolicy::parse("Security Level::Top Secret && Department::Finance")?;
cover_crypt.refresh_user_secret_key(&mut top_secret_fin_usk, &msk, false)?;
assert!(encrypted_header
.decrypt(&cover_crypt, &top_secret_fin_usk, None)
Expand All @@ -424,7 +415,7 @@ mod tests {
#[test]
fn encrypt_decrypt_sym_key() -> Result<(), Error> {
let policy = policy()?;
let access_policy = AccessPolicy::from_boolean_expression(
let access_policy = AccessPolicy::parse(
"(Department::MKG || Department::FIN) && Security Level::Top Secret",
)
.unwrap();
Expand All @@ -433,7 +424,7 @@ mod tests {
let (sym_key, encrypted_key) = cover_crypt.encaps(
&policy,
&mpk,
AccessPolicy::from_boolean_expression("Department::MKG && Security Level::Top Secret")?,
AccessPolicy::parse("Department::MKG && Security Level::Top Secret")?,
)?;
let usk = cover_crypt.generate_user_secret_key(&msk, &access_policy, &policy)?;
let recovered_key = cover_crypt.decaps(&usk, &encrypted_key)?;
Expand All @@ -456,7 +447,7 @@ mod tests {
// New user secret key
let _user_key = cover_crypt.generate_user_secret_key(
&msk,
&AccessPolicy::from_boolean_expression("Security Level::Top Secret")?,
&AccessPolicy::parse("Security Level::Top Secret")?,
&policy,
)?;

Expand All @@ -468,7 +459,7 @@ mod tests {
//
// Declare policy
let policy = policy()?;
let top_secret_ap = AccessPolicy::from_boolean_expression("Security Level::Top Secret")?;
let top_secret_ap = AccessPolicy::parse("Security Level::Top Secret")?;

//
// Setup Covercrypt
Expand All @@ -479,9 +470,7 @@ mod tests {
// New user secret key
let mut top_secret_fin_usk = cover_crypt.generate_user_secret_key(
&msk,
&AccessPolicy::from_boolean_expression(
"Security Level::Top Secret && Department::FIN",
)?,
&AccessPolicy::parse("Security Level::Top Secret && Department::FIN")?,
&policy,
)?;

Expand Down
8 changes: 2 additions & 6 deletions src/test_utils/non_regression.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ impl EncryptionTestVector {
&cover_crypt,
policy,
mpk,
&AccessPolicy::from_boolean_expression(encryption_policy)?,
&AccessPolicy::parse(encryption_policy)?,
header_metadata,
authentication_data,
)?;
Expand Down Expand Up @@ -122,11 +122,7 @@ impl UserSecretKeyTestVector {
Ok(Self {
key: transcoder.encode(
Covercrypt::default()
.generate_user_secret_key(
msk,
&AccessPolicy::from_boolean_expression(access_policy)?,
policy,
)?
.generate_user_secret_key(msk, &AccessPolicy::parse(access_policy)?, policy)?
.serialize()?,
),
access_policy: access_policy.to_string(),
Expand Down

0 comments on commit 70ea3d9

Please sign in to comment.