Nucypher
/
nucypher
mirror of https://github.com/nucypher/nucypher.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Removal of auxilliary revocation usage.

v7.3.x^2
Kieran 2024-05-02 07:41:53 +02:00 committed by derekpierre
parent b848282a03
commit c529d71b35
No known key found for this signature in database
5 changed files with 2 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
nucypher/characters/lawful.py
View File

@ -10,8 +10,6 @@ from typing import (
NamedTuple,
Optional,
Sequence,
Set,
Tuple,
Union,
)
@ -65,7 +63,6 @@ from nucypher_core.umbral import (
reencrypt,
)
from twisted.internet import reactor
from web3.types import TxReceipt
import nucypher
from nucypher.acumen.nicknames import Nickname
@ -373,58 +370,6 @@ class Alice(Character, actors.PolicyAuthor):
policy_pubkey = alice_delegating_power.get_pubkey_from_label(label)
return policy_pubkey
def revoke(
self, policy: Policy, onchain: bool = True, offchain: bool = True
) -> Tuple[TxReceipt, Dict[ChecksumAddress, Tuple["actors.Revocation", Exception]]]:
if not (offchain or onchain):
raise ValueError("offchain or onchain must be True to issue revocation")
receipt, failed = dict(), dict()
if onchain:
pass
# TODO: Decouple onchain revocation from SubscriptionManager or deprecate.
# receipt = self.policy_agent.revoke_policy(policy_id=bytes(policy.hrac),
# transacting_power=self._crypto_power.power_ups(TransactingPower))
if offchain:
"""
Parses the treasure map and revokes onchain arrangements in it.
If any nodes cannot be revoked, then the node_id is added to a
dict as a key, and the revocation and Ursula's response is added as
a value.
"""
try:
# Wait for a revocation threshold of nodes to be known ((n - m) + 1)
revocation_threshold = (policy.shares - policy.threshold) + 1
self.block_until_specific_nodes_are_known(
policy.revocation_kit.revokable_addresses,
allow_missing=(policy.shares - revocation_threshold),
)
except self.NotEnoughTeachers:
raise # TODO NRN
for node_id in policy.revocation_kit.revokable_addresses:
ursula = self.known_nodes[node_id]
revocation = policy.revocation_kit[node_id]
try:
response = self.network_middleware.request_revocation(
ursula, revocation
)
except self.network_middleware.NotFound:
failed[node_id] = (revocation, self.network_middleware.NotFound)
except self.network_middleware.UnexpectedResponse:
failed[node_id] = (
revocation,
self.network_middleware.UnexpectedResponse,
)
else:
if response.status_code != 200:
message = f"Failed to revocation for node {node_id} with status code {response.status_code}"
raise self.ActorError(message)
return receipt, failed
def decrypt_message_kit(self, label: bytes, message_kit: MessageKit) -> List[bytes]:
"""
Decrypt this Alice's own encrypted data.
@ -857,9 +802,6 @@ class Ursula(Teacher, Character, Operator):
TLSHostingPower
).keypair.certificate
# Only *YOU* can prevent forest fires
self.revoked_policies: Set[bytes] = set()
self.log.info(self.banner.format(self.nickname))
else:

9
nucypher/network/middleware.py
View File

@ -223,15 +223,6 @@ class RestMiddleware:
def __init__(self, eth_endpoint: str, registry=None):
self.client = self._client_class(registry=registry, eth_endpoint=eth_endpoint)
def request_revocation(self, ursula, revocation):
# TODO: Implement offchain revocation #2787
response = self.client.post(
node_or_sprout=ursula,
path="revoke",
data=bytes(revocation),
)
return response
def reencrypt(
self,
ursula: "characters.lawful.Ursula",

5
nucypher/network/retrieval.py
View File

@ -213,11 +213,10 @@ class PRERetrievalClient(ThresholdAccessControlClient):
self.log.info(message)
raise RuntimeError(message) from e
except middleware.NotFound as e:
# This Ursula claims not to have a matching KFrag. Maybe this has been revoked?
# This Ursula claims not to have a matching KFrag.
# TODO: What's the thing to do here?
# Do we want to track these Ursulas in some way in case they're lying? #567
message = (f"Ursula ({ursula}) claims not to not know of the policy {reencryption_request.hrac}. "
f"Has access been revoked?")
message = f"Ursula ({ursula}) claims not to not know of the policy {reencryption_request.hrac}."
self.log.warn(message)
raise RuntimeError(message) from e
except middleware.UnexpectedResponse:

5
nucypher/network/server.py
View File

@ -214,11 +214,6 @@ def _make_rest_app(this_node, log: Logger) -> Flask:
bob = Bob.from_public_keys(verifying_key=reenc_request.bob_verifying_key)
log.info(f"Reencryption request from {bob} for policy {hrac}")
# TODO: Can this be integrated into reencryption conditions?
# Stateful revocation by HRAC storage below
if hrac in this_node.revoked_policies:
return Response(response=f"Policy with {hrac} has been revoked.", status=HTTPStatus.UNAUTHORIZED)
# Alice or Publisher
publisher_verifying_key = reenc_request.publisher_verifying_key

33
tests/integration/characters/test_grant_and_revoke.py
View File

@ -74,36 +74,3 @@ def test_alice_can_decrypt(alice, bob):
)
assert [plaintext] == decrypted_data
@pytest.mark.skip("Needs rework post-TMcKF") # TODO: Implement offchain revocation.
@pytest.mark.usefixtures("bursulas")
def test_revocation(alice, bob):
threshold, shares = 2, 3
policy_end_datetime = maya.now() + datetime.timedelta(days=5)
label = b"revocation test"
policy = alice.grant(
bob, label, threshold=threshold, shares=shares, expiration=policy_end_datetime
)
for node_id, encrypted_kfrag in policy.treasure_map:
assert policy.revocation_kit[node_id]
# Test revocation kit's signatures
for revocation in policy.revocation_kit:
assert revocation.verify_signature(alice.stamp.as_umbral_pubkey())
# Test Revocation deserialization
revocation = policy.revocation_kit[node_id]
revocation_bytes = bytes(revocation)
deserialized_revocation = RevocationOrder.from_bytes(revocation_bytes)
assert deserialized_revocation == revocation
# Attempt to revoke the new policy
receipt, failed_revocations = alice.revoke(policy)
assert len(failed_revocations) == 0
# Try to revoke the already revoked policy
receipt, already_revoked = alice.revoke(policy)
assert len(already_revoked) == 3