forked from anoma/ferveo
-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Ciphertext
bindings
#155
Merged
Merged
Changes from 9 commits
Commits
Show all changes
10 commits
Select commit
Hold shift + click to select a range
41e5be5
Refactor Ciphertext implementation. Fixes #144
cygnusv 396b1d2
Use symmetric ciphertext hash when creating/checking the auth_tag
cygnusv e662e17
Use AEAD payloads (message + AAD) as input to chacha20poly1305. Fix #146
cygnusv e51e6ec
Test for bad AAD input
cygnusv 0ec84b6
Bump MSRV to 1.67.0
cygnusv f427f0d
Remove unused & incorrect ciphertext length method
cygnusv 4337c3c
Clippy stuff
cygnusv 1800d3c
feat!: add ciphertext header to ciphertext api
piotr-roslaniec 191b81f
Update ferveo-python/ferveo/__init__.pyi
piotr-roslaniec c06217c
apply pr suggestions
piotr-roslaniec File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,7 +12,7 @@ use serde::{Deserialize, Serialize}; | |
use serde_with::serde_as; | ||
pub use tpke::api::{ | ||
prepare_combine_simple, share_combine_precomputed, share_combine_simple, | ||
Ciphertext, Fr, G1Affine, G1Prepared, SecretBox, E, | ||
Fr, G1Affine, G1Prepared, G2Affine, SecretBox, E, | ||
}; | ||
|
||
pub type PublicKey = ferveo_common::PublicKey<E>; | ||
|
@@ -55,7 +55,7 @@ pub fn encrypt( | |
) -> Result<Ciphertext> { | ||
let mut rng = rand::thread_rng(); | ||
let ciphertext = tpke::api::encrypt(message, aad, &pubkey.0, &mut rng)?; | ||
Ok(ciphertext) | ||
Ok(Ciphertext(ciphertext)) | ||
} | ||
|
||
pub fn decrypt_with_shared_secret( | ||
|
@@ -65,14 +65,31 @@ pub fn decrypt_with_shared_secret( | |
) -> Result<Vec<u8>> { | ||
let dkg_public_params = DkgPublicParameters::default(); | ||
tpke::api::decrypt_with_shared_secret( | ||
ciphertext, | ||
&ciphertext.0, | ||
aad, | ||
&shared_secret.0, | ||
&dkg_public_params.g1_inv, | ||
) | ||
.map_err(Error::from) | ||
} | ||
|
||
#[derive(Clone, Debug, PartialEq, Serialize, Deserialize, Eq)] | ||
pub struct Ciphertext(tpke::api::Ciphertext); | ||
|
||
impl Ciphertext { | ||
pub fn header(&self) -> Result<CiphertextHeader> { | ||
Ok(CiphertextHeader(self.0.header()?)) | ||
} | ||
|
||
pub fn payload(&self) -> Vec<u8> { | ||
self.0.payload() | ||
} | ||
} | ||
|
||
#[serde_as] | ||
#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)] | ||
pub struct CiphertextHeader(tpke::api::CiphertextHeader); | ||
|
||
/// The ferveo variant to use for the decryption share derivation. | ||
#[derive( | ||
PartialEq, Eq, Debug, Serialize, Deserialize, Copy, Clone, PartialOrd, | ||
|
@@ -286,7 +303,7 @@ impl AggregatedTranscript { | |
pub fn create_decryption_share_precomputed( | ||
&self, | ||
dkg: &Dkg, | ||
ciphertext: &Ciphertext, | ||
ciphertext_header: &CiphertextHeader, | ||
aad: &[u8], | ||
validator_keypair: &Keypair, | ||
) -> Result<DecryptionSharePrecomputed> { | ||
|
@@ -297,7 +314,7 @@ impl AggregatedTranscript { | |
.take(dkg.0.dkg_params.shares_num as usize) | ||
.collect(); | ||
self.0.make_decryption_share_simple_precomputed( | ||
ciphertext, | ||
&ciphertext_header.0, | ||
aad, | ||
&validator_keypair.decryption_key, | ||
dkg.0.me.share_index, | ||
|
@@ -309,12 +326,12 @@ impl AggregatedTranscript { | |
pub fn create_decryption_share_simple( | ||
&self, | ||
dkg: &Dkg, | ||
ciphertext: &Ciphertext, | ||
ciphertext_header: &CiphertextHeader, | ||
aad: &[u8], | ||
validator_keypair: &Keypair, | ||
) -> Result<DecryptionShareSimple> { | ||
let share = self.0.make_decryption_share_simple( | ||
ciphertext, | ||
&ciphertext_header.0, | ||
aad, | ||
&validator_keypair.decryption_key, | ||
dkg.0.me.share_index, | ||
|
@@ -458,14 +475,10 @@ mod test_ferveo_api { | |
// In the meantime, the client creates a ciphertext and decryption request | ||
let msg = "my-msg".as_bytes().to_vec(); | ||
let aad: &[u8] = "my-aad".as_bytes(); | ||
let rng = &mut thread_rng(); | ||
let ciphertext = tpke::api::encrypt( | ||
SecretBox::new(msg.clone()), | ||
aad, | ||
&dkg_public_key.0, | ||
rng, | ||
) | ||
.unwrap(); | ||
let _rng = &mut thread_rng(); | ||
let ciphertext = | ||
encrypt(SecretBox::new(msg.clone()), aad, &dkg_public_key) | ||
.unwrap(); | ||
|
||
// Having aggregated the transcripts, the validators can now create decryption shares | ||
let decryption_shares: Vec<_> = | ||
|
@@ -490,7 +503,7 @@ mod test_ferveo_api { | |
aggregate | ||
.create_decryption_share_precomputed( | ||
&dkg, | ||
&ciphertext, | ||
&ciphertext.header().unwrap(), | ||
aad, | ||
validator_keypair, | ||
) | ||
|
@@ -557,14 +570,9 @@ mod test_ferveo_api { | |
// In the meantime, the client creates a ciphertext and decryption request | ||
let msg = "my-msg".as_bytes().to_vec(); | ||
let aad: &[u8] = "my-aad".as_bytes(); | ||
let rng = &mut thread_rng(); | ||
let ciphertext = tpke::api::encrypt( | ||
SecretBox::new(msg.clone()), | ||
aad, | ||
&public_key.0, | ||
rng, | ||
) | ||
.unwrap(); | ||
let _rng = &mut thread_rng(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same as above. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It's an unused variable, removing it now. |
||
let ciphertext = | ||
encrypt(SecretBox::new(msg.clone()), aad, &public_key).unwrap(); | ||
|
||
// Having aggregated the transcripts, the validators can now create decryption shares | ||
let decryption_shares: Vec<_> = | ||
|
@@ -587,7 +595,7 @@ mod test_ferveo_api { | |
aggregate | ||
.create_decryption_share_simple( | ||
&dkg, | ||
&ciphertext, | ||
&ciphertext.header().unwrap(), | ||
aad, | ||
validator_keypair, | ||
) | ||
|
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this handled by L56?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's an unused variable, removing it now.