Update nucypher-core to incorporate latest changes from ferveo regard…

…ing use/exposure of key encapsulation i.e. use of CiphertextHader, and rework of Ciphertext.

nucypher-core-python/nucypher_core/__init__.pyi

@@ -12,9 +12,10 @@ from .umbral import (
 
 from .ferveo import (
     Ciphertext,
+    CiphertextHeader,
     DkgPublicKey,
     FerveoPublicKey,
-    FerveoVariant
+    FerveoVariant,
 )
 
 
@@ -455,12 +456,10 @@ class AccessControlPolicy:
 @final
 class ThresholdMessageKit:
 
-    def __init__(self, header: Ciphertext, payload: bytes, acp: AccessControlPolicy):
+    def __init__(self, ciphertext: Ciphertext, acp: AccessControlPolicy):
         ...
 
-    header: Ciphertext
-
-    payload: bytes
+    ciphertext: Ciphertext
 
     acp: AccessControlPolicy
 
@@ -475,7 +474,7 @@ class ThresholdMessageKit:
 @final
 class ThresholdDecryptionRequest:
 
-    def __init__(self, ritual_id: int, variant: FerveoVariant, ciphertext: Ciphertext, acp: AccessControlPolicy, context: Optional[Context]):
+    def __init__(self, ritual_id: int, variant: FerveoVariant, ciphertext_header: CiphertextHeader, acp: AccessControlPolicy, context: Optional[Context]):
         ...
 
     ritual_id: int
@@ -486,7 +485,7 @@ class ThresholdDecryptionRequest:
 
     variant: FerveoVariant
 
-    ciphertext: Ciphertext
+    ciphertext_header: CiphertextHeader
 
     def encrypt(self, shared_secret: SessionSharedSecret,
                 requester_public_key: SessionStaticKey) -> EncryptedThresholdDecryptionRequest:

nucypher-core-python/nucypher_core/ferveo.py

@@ -35,3 +35,4 @@
 ValidatorsNotSorted = _ferveo.ValidatorsNotSorted
 ValidatorPublicKeyMismatch = _ferveo.ValidatorPublicKeyMismatch
 SerializationError = _ferveo.SerializationError
+CiphertextHeader = _ferveo.CiphertextHeader

nucypher-core-python/nucypher_core/ferveo.pyi

@@ -119,6 +119,9 @@ class Dkg:
 
 @final
 class Ciphertext:
+    header: CiphertextHeader
+    payload: bytes
+
     @staticmethod
     def from_bytes(data: bytes) -> Ciphertext:
         ...
@@ -127,6 +130,16 @@ class Ciphertext:
         ...
 
 
+@final
+class CiphertextHeader:
+    @staticmethod
+    def from_bytes(data: bytes) -> CiphertextHeader:
+        ...
+
+    def __bytes__(self) -> bytes:
+        ...
+
+
 @final
 class DecryptionShareSimple:
     @staticmethod
@@ -159,7 +172,7 @@ class AggregatedTranscript:
     def create_decryption_share_simple(
             self,
             dkg: Dkg,
-            ciphertext: Ciphertext,
+            ciphertext_header: CiphertextHeader,
             aad: bytes,
             validator_keypair: Keypair
     ) -> DecryptionShareSimple:
@@ -168,7 +181,7 @@ class AggregatedTranscript:
     def create_decryption_share_precomputed(
             self,
             dkg: Dkg,
-            ciphertext: Ciphertext,
+            ciphertext_header: CiphertextHeader,
             aad: bytes,
             validator_keypair: Keypair
     ) -> DecryptionSharePrecomputed:

nucypher-core-python/src/lib.rs

@@ -6,7 +6,9 @@
 extern crate alloc;
 
 use alloc::collections::{BTreeMap, BTreeSet};
-use ferveo::bindings_python::{Ciphertext, DkgPublicKey, FerveoPublicKey, FerveoVariant};
+use ferveo::bindings_python::{
+    Ciphertext, CiphertextHeader, DkgPublicKey, FerveoPublicKey, FerveoVariant,
+};
 use pyo3::class::basic::CompareOp;
 use pyo3::exceptions::{PyTypeError, PyValueError};
 use pyo3::prelude::*;
@@ -808,24 +810,15 @@ pub struct ThresholdMessageKit {
 #[pymethods]
 impl ThresholdMessageKit {
     #[new]
-    pub fn new(header: &Ciphertext, payload: &[u8], acp: &AccessControlPolicy) -> Self {
+    pub fn new(ciphertext: &Ciphertext, acp: &AccessControlPolicy) -> Self {
         Self {
-            backend: nucypher_core::ThresholdMessageKit::new(
-                header.as_ref(),
-                payload,
-                acp.as_ref(),
-            ),
+            backend: nucypher_core::ThresholdMessageKit::new(ciphertext.as_ref(), acp.as_ref()),
         }
     }
 
     #[getter]
-    pub fn header(&self) -> Ciphertext {
-        self.backend.header.clone().into()
-    }
-
-    #[getter]
-    pub fn payload(&self) -> &[u8] {
-        self.backend.payload.as_ref()
+    pub fn ciphertext(&self) -> Ciphertext {
+        self.backend.ciphertext.clone().into()
     }
 
     #[getter]
@@ -859,14 +852,14 @@ impl ThresholdDecryptionRequest {
     pub fn new(
         ritual_id: u32,
         variant: FerveoVariant,
-        ciphertext: &Ciphertext,
+        ciphertext_header: &CiphertextHeader,
         acp: &AccessControlPolicy,
         context: Option<&Context>,
     ) -> PyResult<Self> {
         Ok(Self {
             backend: nucypher_core::ThresholdDecryptionRequest::new(
                 ritual_id,
-                ciphertext.as_ref(),
+                ciphertext_header.as_ref(),
                 acp.as_ref(),
                 context.map(|context| context.backend.clone()).as_ref(),
                 variant.into(),
@@ -893,8 +886,8 @@ impl ThresholdDecryptionRequest {
     }
 
     #[getter]
-    pub fn ciphertext(&self) -> Ciphertext {
-        self.backend.ciphertext.clone().into()
+    pub fn ciphertext_header(&self) -> CiphertextHeader {
+        self.backend.ciphertext_header.clone().into()
     }
 
     #[getter]

nucypher-core-wasm/src/lib.rs

@@ -12,7 +12,7 @@ use alloc::{
 };
 use core::fmt;
 
-use ferveo::bindings_wasm::{Ciphertext, DkgPublicKey, FerveoVariant};
+use ferveo::bindings_wasm::{Ciphertext, CiphertextHeader, DkgPublicKey, FerveoVariant};
 use js_sys::Error;
 use umbral_pre::bindings_wasm::{
     Capsule, PublicKey, RecoverableSignature, SecretKey, Signer, VerifiedCapsuleFrag,
@@ -714,22 +714,16 @@ generate_equals!(ThresholdMessageKit);
 #[wasm_bindgen]
 impl ThresholdMessageKit {
     #[wasm_bindgen(constructor)]
-    pub fn new(header: &Ciphertext, payload: &[u8], acp: &AccessControlPolicy) -> Self {
+    pub fn new(ciphertext: &Ciphertext, acp: &AccessControlPolicy) -> Self {
         Self(nucypher_core::ThresholdMessageKit::new(
-            header.as_ref(),
-            payload,
+            ciphertext.as_ref(),
             acp.as_ref(),
         ))
     }
 
     #[wasm_bindgen(getter)]
-    pub fn header(&self) -> Ciphertext {
-        self.0.header.clone().into()
-    }
-
-    #[wasm_bindgen(getter)]
-    pub fn payload(&self) -> Box<[u8]> {
-        self.0.payload.clone()
+    pub fn ciphertext(&self) -> Ciphertext {
+        self.0.ciphertext.clone().into()
     }
 
     #[wasm_bindgen(getter)]
@@ -760,15 +754,15 @@ impl ThresholdDecryptionRequest {
     pub fn new(
         ritual_id: u32,
         variant: &FerveoVariant,
-        ciphertext: &Ciphertext,
+        ciphertext_header: &CiphertextHeader,
         acp: &AccessControlPolicy,
         context: &OptionContext,
     ) -> Result<ThresholdDecryptionRequest, Error> {
         let typed_context = try_from_js_option::<Context>(context)?;
 
         Ok(Self(nucypher_core::ThresholdDecryptionRequest::new(
             ritual_id,
-            ciphertext.as_ref(),
+            ciphertext_header.as_ref(),
             acp.as_ref(),
             typed_context.as_ref().map(|context| &context.0),
             variant.clone().into(),
@@ -785,9 +779,9 @@ impl ThresholdDecryptionRequest {
         self.0.variant.into()
     }
 
-    #[wasm_bindgen(getter)]
-    pub fn ciphertext(&self) -> Ciphertext {
-        self.0.ciphertext.clone().into()
+    #[wasm_bindgen(getter, js_name = ciphertextHeader)]
+    pub fn ciphertext_header(&self) -> CiphertextHeader {
+        self.0.ciphertext_header.clone().into()
     }
 
     #[wasm_bindgen(getter)]

nucypher-core-wasm/tests/wasm.rs

@@ -1,5 +1,3 @@
-use nucypher_core_wasm::*;
-
 use ferveo::bindings_wasm::{ferveo_encrypt, DkgPublicKey, FerveoVariant, Keypair};
 use umbral_pre::bindings_wasm::{
     generate_kfrags, reencrypt, Capsule, RecoverableSignature, SecretKey, Signer,
@@ -9,6 +7,8 @@ use wasm_bindgen::prelude::*;
 use wasm_bindgen::JsCast;
 use wasm_bindgen_test::*;
 
+use nucypher_core_wasm::*;
+
 //
 // Test utilities
 //
@@ -699,9 +699,6 @@ fn threshold_decryption_request() {
     let context: JsValue = Some(Context::new("{'user': 'context'}")).into();
 
     let dkg_pk = DkgPublicKey::random();
-    let message = "my-message".as_bytes();
-    let ciphertext = ferveo_encrypt(message, conditions.as_bytes(), &dkg_pk).unwrap();
-
     let authorization = b"we_dont_need_no_stinking_badges";
     let acp = AccessControlPolicy::new(
         &dkg_pk,
@@ -710,10 +707,14 @@ fn threshold_decryption_request() {
     )
     .unwrap();
 
+    let message = "my-message".as_bytes();
+    let ciphertext = ferveo_encrypt(message, &acp.aad(), &dkg_pk).unwrap();
+    let ciphertext_header = ciphertext.header().unwrap();
+
     let request = ThresholdDecryptionRequest::new(
         ritual_id,
         &FerveoVariant::simple(),
-        &ciphertext,
+        &ciphertext_header,
         &acp,
         &context.unchecked_into::<OptionContext>(),
     )
@@ -842,9 +843,6 @@ fn threshold_message_kit() {
     let conditions_js: JsValue = Some(Conditions::new(conditions)).into();
 
     let dkg_pk = DkgPublicKey::random();
-    let symmetric_key = "The Tyranny of Merit".as_bytes();
-    let header = ferveo_encrypt(symmetric_key, conditions.as_bytes(), &dkg_pk).unwrap();
-
     let authorization = b"we_dont_need_no_stinking_badges";
 
     let acp = AccessControlPolicy::new(
@@ -854,17 +852,14 @@ fn threshold_message_kit() {
     )
     .unwrap();
 
-    let payload = b"data_encapsulation";
+    let data = "The Tyranny of Merit".as_bytes();
+    let ciphertext = ferveo_encrypt(data, &acp.aad(), &dkg_pk).unwrap();
 
-    let tmk = ThresholdMessageKit::new(&header, payload, &acp);
+    let tmk = ThresholdMessageKit::new(&ciphertext, &acp);
 
     // mimic serialization/deserialization over the wire
     let serialized_tmk = tmk.to_bytes();
     let deserialized_tmk = ThresholdMessageKit::from_bytes(&serialized_tmk).unwrap();
-    assert_eq!(
-        payload.to_vec().into_boxed_slice(),
-        deserialized_tmk.payload()
-    );
-    assert_eq!(header, deserialized_tmk.header());
+    assert_eq!(ciphertext, deserialized_tmk.ciphertext());
     assert_eq!(acp, deserialized_tmk.acp());
 }