AccessControlPolicy (ACP) and ThresholdMessageKit#3194
AccessControlPolicy (ACP) and ThresholdMessageKit#3194KPrasch merged 24 commits intonucypher:developmentfrom
Conversation
Codecov Report
@@ Coverage Diff @@
## development #3194 +/- ##
============================================
Coverage 78.59% 78.60%
============================================
Files 112 112
Lines 11616 11624 +8
============================================
+ Hits 9130 9137 +7
- Misses 2486 2487 +1
Flags with carried forward coverage won't be shown. Click here to find out more.
|
derekpierre
force-pushed
the
acp
branch
2 times, most recently
from
b8aec5e to
dfbacd7
Compare
nucypher/characters/lawful.py
Outdated
| return message_kit | ||
|
|
||
| def encrypt_for_dkg(self, plaintext: bytes, conditions: Lingo) -> Ciphertext: | ||
| def encrypt_for_dkg(self, plaintext: bytes, conditions: Lingo) -> DkgMessageKit: |
There was a problem hiding this comment.
I also want to take a pause here to build on my above comment and revisit the discussion about keeping the developer/user-facing abstraction Ciphertext. Perhaps we don't need a new name here, just a new format?
derekpierre
changed the title
|
Is the progress of this issue blocked by anything? AFAIK |
Resolving nucypher/ferveo#154 / nucypher/ferveo#155 would help. Once those are nailed down then the ideas from that can be incorporated here to see what |
derekpierre
requested review from
KPrasch,
cygnusv,
jMyles,
manumonti,
piotr-roslaniec and
theref
…t and conditions.
… ThresholdDecryptionRequest, to check whether the data is encrypted by an authorized party. Stub method added to CoordinatorAgent for now.
…encrypted data was produced by an authorized party.
…eo - fake it for now by using the same ciphertext for both. ThresholdMessageKit includes both ciphertexts, but the ThresholdDecryptionRequest only requires the kem_ciphertext.
…ovides kem/dem functionality.
… - the AAD can be controlled by versioning but the TMK dictates the AAD and so must be linked somehow with the ACP.aad() function. For now this is done via a compatibility check function.
…ling in Python space and not `nucypher-core`.
…ions in ferveo#155.
…w that they are available via associated nucypher-core PR.
… key encapsulation so that only encrypted symmetric key and associated data (CiphertextHeader) are included in ThresholdDecryptionRequest.
…cryption. Finally remove python core shim.
Add TODO for actually calling contract to determine allow logic authorization.
…edData is returned as part of encryption.
…hat Ciphertext is not needlessly copied between python layer and Rust later. Allow ciphertext header to be directly obtained without needing to first get the Ciphertext. Move decryption of ferveo encrypted data into a method on ThresholdMessageKit so that the Ciphertext data can be used directly in Rust layer, and not pulled into python to then pass it back into the Rust layer for decryption.
|
rebased @ 2fc713b |
3 participants
Type of PR:
Required reviews:
What this does:
Issues fixed/closed:
Related to:
Closes:
Depends on:
Why it's needed:
Notes for reviewers: