From 673ac965919911f9e3489fd4d665c6f07772c99e Mon Sep 17 00:00:00 2001 From: Hugo Rosenkranz-Costa Date: Fri, 13 Oct 2023 11:05:17 +0200 Subject: [PATCH] fix: replace User subkeys HashSet by Vec to preserve keys order --- Cargo.toml | 3 +-- src/core/mod.rs | 3 +-- src/core/primitives.rs | 11 ++++------- src/core/serialization.rs | 7 ++----- src/test_utils/mod.rs | 5 +++-- 5 files changed, 11 insertions(+), 18 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index e9a8484a..46100cb2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "cosmian_cover_crypt" -version = "12.0.3" +version = "13.0.0" authors = [ "Théophile Brezot ", "Bruno Grieder ", @@ -30,7 +30,6 @@ hybridized_bench = [] [dependencies] base64 = { version = "0.21.0", optional = true } cosmian_crypto_core = { version = "9.2.0", default-features = false, features = ["ser", "sha3", "aes", "curve25519"] } -itertools = "0.11" pqc_kyber = { version = "0.4", features = ["std", "hazmat"] } serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" diff --git a/src/core/mod.rs b/src/core/mod.rs index e040cb2c..ca78942f 100644 --- a/src/core/mod.rs +++ b/src/core/mod.rs @@ -76,14 +76,13 @@ pub struct MasterSecretKey { s2: R25519PrivateKey, pub subkeys: HashMap, kmac_key: Option>, - history: Option>, } #[derive(Debug, PartialEq, Eq)] pub struct UserSecretKey { a: R25519PrivateKey, b: R25519PrivateKey, - pub subkeys: HashSet, + pub subkeys: Vec, kmac: Option, } diff --git a/src/core/primitives.rs b/src/core/primitives.rs index 9d53329a..96c84e57 100644 --- a/src/core/primitives.rs +++ b/src/core/primitives.rs @@ -7,7 +7,6 @@ use cosmian_crypto_core::{ kdf256, reexport::rand_core::CryptoRngCore, FixedSizeCBytes, R25519PrivateKey, R25519PublicKey, RandomFixedSizeCBytes, SymmetricKey, }; -use itertools::Itertools; use pqc_kyber::{ indcpa::{indcpa_dec, indcpa_enc, indcpa_keypair}, KYBER_INDCPA_BYTES, KYBER_INDCPA_PUBLICKEYBYTES, KYBER_INDCPA_SECRETKEYBYTES, KYBER_SYMBYTES, @@ -42,9 +41,8 @@ fn compute_user_key_kmac(msk: &MasterSecretKey, usk: &UserSecretKey) -> Option None, }; - let history = None; - Ok(Self { s, s1, s2, subkeys, kmac_key, - history, }) } } @@ -197,7 +194,7 @@ impl Serializable for UserSecretKey { let a = R25519PrivateKey::try_from_bytes(de.read_array::<{ R25519PrivateKey::LENGTH }>()?)?; let b = R25519PrivateKey::try_from_bytes(de.read_array::<{ R25519PrivateKey::LENGTH }>()?)?; let n_partitions = ::try_from(de.read_leb128_u64()?)?; - let mut subkeys = HashSet::with_capacity(n_partitions); + let mut subkeys = Vec::with_capacity(n_partitions); for _ in 0..n_partitions { let is_hybridized = de.read_leb128_u64()?; let sk_i = if is_hybridized == 1 { @@ -206,7 +203,7 @@ impl Serializable for UserSecretKey { None }; let x_i = de.read_array::<{ R25519PrivateKey::LENGTH }>()?; - subkeys.insert((sk_i, R25519PrivateKey::try_from_bytes(x_i)?)); + subkeys.push((sk_i, R25519PrivateKey::try_from_bytes(x_i)?)); } let kmac = de.read_array::<{ KMAC_LENGTH }>().ok(); diff --git a/src/test_utils/mod.rs b/src/test_utils/mod.rs index aa48bf22..33eb5a00 100644 --- a/src/test_utils/mod.rs +++ b/src/test_utils/mod.rs @@ -142,7 +142,7 @@ mod tests { // try to modify the user key and refresh let part = Partition::from(vec![1, 6]); - usk.subkeys.insert(msk.subkeys.get(&part).unwrap().clone()); + usk.subkeys.push(msk.subkeys.get(&part).unwrap().clone()); assert!(cover_crypt .refresh_user_secret_key(&mut usk, &decryption_policy, &msk, &policy, false) .is_err()); @@ -264,7 +264,8 @@ mod tests { let new_decryption_policy = AccessPolicy::from_boolean_expression("Security Level::Top Secret && Department::HR")?; - // refreshing the user key will remove access to removed partitions even if we keep old rotations + // refreshing the user key will remove access to removed partitions even if we + // keep old rotations cover_crypt.refresh_user_secret_key( &mut top_secret_fin_usk, &new_decryption_policy,