New re-encryption metadata format (#259)

nucypher/network/server.py

@@ -325,20 +325,17 @@ def make_rest_app(
 
         cfrag_byte_stream = b""
 
-        # This is Bob's signature of Alice's verifying key as ETH address.
-        alice_address_signature = bytes(work_order.alice_address_signature)
+        for item in work_order.items:
+            # Ursula signs on top of Bob's signature of the work item.
+            # Now both are committed to the same work item.  See #259.
+            reencryption_metadata = bytes(stamp(bytes(item.signature)))
 
-        for capsule, capsule_signature in zip(work_order.capsules, work_order.capsule_signatures):
-            # This is the capsule signed by Bob
-            capsule_signature = bytes(capsule_signature)
-            # Ursula signs on top of it. Now both are committed to the same capsule.
-            # She signs Alice's address too.
-            ursula_signature = stamp(capsule_signature + alice_address_signature)
+            capsule = item.capsule
             capsule.set_correctness_keys(verifying=alices_verifying_key)
-            cfrag = pre.reencrypt(kfrag, capsule, metadata=bytes(ursula_signature))
+            cfrag = pre.reencrypt(kfrag, capsule, metadata=reencryption_metadata)
             log.info(f"Re-encrypting for {capsule}, made {cfrag}.")
-            signature = stamp(bytes(cfrag) + bytes(capsule))
-            cfrag_byte_stream += VariableLengthBytestring(cfrag) + signature
+            reencryption_signature = stamp(bytes(item.signature) + bytes(cfrag))
+            cfrag_byte_stream += VariableLengthBytestring(cfrag) + reencryption_signature
 
         # TODO: Put this in Ursula's datastore
         work_order_tracker.append(work_order)

nucypher/policy/models.py

@@ -665,21 +665,18 @@ class WorkOrder:
             raise ValueError("Ursula gave back the wrong number of cfrags.  "
                              "She's up to something.")
 
-        alice_address_signature = bytes(self.alice_address_signature)
         ursula_verifying_key = self.ursula.stamp.as_umbral_pubkey()
 
-        for counter, capsule in enumerate(self.capsules):
-            cfrag, signature = cfrags_and_signatures[counter]
-
-            # Validate CFrag metadata
-            capsule_signature = bytes(self.capsule_signatures[counter])
-            metadata_input = capsule_signature + alice_address_signature
+        for item, (cfrag, reencryption_signature) in zip(self.items, cfrags_and_signatures):
+            # Validate re-encryption metadata
+            metadata_input = bytes(item.signature)
             metadata_as_signature = Signature.from_bytes(cfrag.proof.metadata)
             if not metadata_as_signature.verify(metadata_input, ursula_verifying_key):
                 raise InvalidSignature("Invalid metadata for {}.".format(cfrag))
 
-            # Validate work order response signatures
-            if signature.verify(bytes(cfrag) + bytes(capsule), ursula_verifying_key):
+            # Validate re-encryption signatures
+            if reencryption_signature.verify(bytes(item.signature) + bytes(cfrag),
+                                             ursula_verifying_key):
                 good_cfrags.append(cfrag)
             else:
                 raise InvalidSignature("{} is not properly signed by Ursula.".format(cfrag))