Use latest AuthenticatedData/AccessControlPolicy updated types for encryption.

Finally remove python core shim.
2023-08-21 21:54:47 -04:00 · 2023-08-21 21:54:47 -04:00 · 6dfb7e3201
parent 131c04200f
commit 6dfb7e3201
3 changed files with 16 additions and 57 deletions
--- a/nucypher/characters/lawful.py
+++ b/nucypher/characters/lawful.py
@ -32,7 +32,9 @@ from eth_typing.evm import ChecksumAddress
 from eth_utils import to_checksum_address
 from nucypher_core import (
    HRAC,
+    AccessControlPolicy,
    Address,
+    AuthenticatedData,
    Conditions,
    Context,
    EncryptedKeyFrag,
@ -56,6 +58,7 @@ from nucypher_core.ferveo import (
    combine_decryption_shares_precomputed,
    combine_decryption_shares_simple,
    decrypt_with_shared_secret,
+    encrypt,
 )
 from nucypher_core.umbral import (
    PublicKey,
@ -89,7 +92,6 @@ from nucypher.characters.banners import (
 )
 from nucypher.characters.base import Character, Learner
 from nucypher.config.storages import NodeStorage
-from nucypher.core import encrypt_data
 from nucypher.crypto.keypairs import HostingKeypair
 from nucypher.crypto.powers import (
    DecryptingPower,
@ -101,6 +103,7 @@ from nucypher.crypto.powers import (
    TLSHostingPower,
    TransactingPower,
 )
+from nucypher.crypto.utils import keccak_digest
 from nucypher.network import trackers
 from nucypher.network.decryption import ThresholdDecryptionClient
 from nucypher.network.exceptions import NodeSeemsToBeDown
@ -1484,14 +1487,19 @@ class Enrico:
        def signer(data: bytes) -> bytes:
            return self.signing_power.keypair.sign(data).to_be_bytes()

-        message_kit = encrypt_data(
-            plaintext=plaintext,
-            conditions=access_conditions,
-            dkg_public_key=self.policy_pubkey,
-            signer=signer,
+        auth_data = AuthenticatedData(
+            public_key=self.policy_pubkey, conditions=access_conditions
        )

-        return message_kit
+        ciphertext = encrypt(plaintext, auth_data.aad(), self.policy_pubkey)
+
+        header_hash = keccak_digest(bytes(ciphertext.header))
+        authorization = signer(header_hash)
+
+        return ThresholdMessageKit(
+            ciphertext=ciphertext,
+            acp=AccessControlPolicy(auth_data=auth_data, authorization=authorization),
+        )

    @classmethod
    def from_alice(cls, alice: Alice, label: bytes):
--- a/nucypher/core.py
+++ b/nucypher/core.py
@ -1,49 +0,0 @@
-from typing import Callable
-
-from nucypher_core import AccessControlPolicy, Conditions, ThresholdMessageKit
-from nucypher_core.ferveo import (
-    DkgPublicKey,
-    encrypt,
-)
-
-from nucypher.crypto.utils import keccak_digest
-
-
-def _validate_aad_compatibility(tmk_aad: bytes, acp_aad: bytes):
-    if tmk_aad != acp_aad:
-        raise ValueError("Incompatible ThresholdMessageKit and AccessControlPolicy")
-
-
-# TODO should this move to `nucypher-core` - what about signing (python-side)
-def encrypt_data(
-    plaintext: bytes,
-    conditions: Conditions,
-    dkg_public_key: DkgPublicKey,
-    signer: Callable[[bytes], bytes],
-) -> ThresholdMessageKit:
-    aad = bytes(dkg_public_key) + str(conditions).encode()
-    ciphertext = encrypt(plaintext, aad, dkg_public_key)
-
-    header_hash = keccak_digest(bytes(ciphertext.header))
-    authorization = signer(header_hash)
-
-    acp = AccessControlPolicy(
-        public_key=dkg_public_key,
-        conditions=conditions,
-        authorization=authorization,
-    )
-
-    # we need to link the ThresholdMessageKit to a specific version of the ACP
-    # because the ACP.aad() function should return the same value as the aad used
-    # for encryption. Since the ACP version can change independently of
-    # ThresholdMessageKit this check is needed for code maintenance and ensuring
-    # compatibility - unless we find a better way to link TMK and ACP.
-    #
-    # TODO: perhaps this can be improved. You could have ACP be an inner class of TMK,
-    #  but not sure how that plays out with rust and python bindings... OR ...?
-    _validate_aad_compatibility(aad, acp.aad())
-
-    return ThresholdMessageKit(
-        ciphertext=ciphertext,
-        acp=acp,
-    )
--- a/requirements.txt
+++ b/requirements.txt
@ -55,7 +55,7 @@ msgpack==1.0.5
 msgpack-python==0.5.6
 multidict==5.2.0 ; python_version >= '3.6'
 mypy-extensions==0.4.4 ; python_version >= '2.7'
-nucypher-core @ git+https://github.com/derekpierre/nucypher-core.git@a5cfd82094560b975a70e896c52dcca7debb1ef7#subdirectory=nucypher-core-python
+nucypher-core @ git+https://github.com/derekpierre/nucypher-core.git@71312cf78a4940974dc9c903cb723090983520ef#subdirectory=nucypher-core-python
 packaging==23.1 ; python_version >= '3.7'
 parsimonious==0.9.0
 pendulum==3.0.0a1 ; python_version >= '3.7' and python_version < '4.0'