feat: update Covercrypt version to support Policy V2 (#63)

* feat: update Covercrypt version to support Policy V2

* fix: integration bulk tests

* ci: bump js and java branches

---------

Co-authored-by: Manuthor <[email protected]>

.github/workflows/python_and_docker.yml

@@ -67,6 +67,7 @@ jobs:
     secrets: inherit
     with:
       kms-version: ${{ needs.build-and-push-image.outputs.image-tag }}
+      branch: develop
 
   cloudproof_js:
     needs:
@@ -86,7 +87,7 @@ jobs:
       - pyo3
     uses: Cosmian/reusable_workflows/.github/workflows/cloudproof_java_in_docker.yml@develop
     with:
-      branch: v6.0.0
+      branch: develop
       target: x86_64-unknown-linux-gnu
       extension: so
       destination: linux-x86-64
@@ -101,7 +102,7 @@ jobs:
       - pyo3
     uses: Cosmian/reusable_workflows/.github/workflows/cloudproof_python.yml@develop
     with:
-      branch: v4.1.0
+      branch: develop
       target: x86_64-unknown-linux-gnu
       kms-version: ${{ needs.build-and-push-image.outputs.image-tag }}
       copy_fresh_build: true

.github/workflows/python_tests.yml

@@ -7,6 +7,9 @@ on:
       kms-version:
         required: true
         type: string
+      branch:
+        required: true
+        type: string
 
 jobs:
   pyo3-test-linux:
@@ -24,19 +27,37 @@ jobs:
         run: |
           docker run --rm ghcr.io/cosmian/kms:${{ inputs.kms-version }} --help
 
+      - uses: actions/checkout@v3
+        with:
+          repository: Cosmian/cloudproof_python
+          ref: ${{ inputs.branch }}
+
+      - name: Install cloudproof python deps
+        env:
+          COVER_CRYPT_TAG: last_build
+          FINDEX_TAG: last_build
+        run: |
+          scripts/ci_install_pyo3_builds.sh
+
       - uses: actions/checkout@v3
 
       - uses: actions/download-artifact@v3
       - run: find .
 
-      - name: Test KMS python client on KMS server
+      - name: Install KMS python
         run: |
           # Check python code
           pip install kms_python_linux/*manylinux*.whl
           pip install -r crate/pyo3/python/requirements.txt
+
+      - name: Test KMS python client on KMS server
+        run: |
+          # Check python code
           mypy crate/pyo3/python/scripts/test_kms.py
           python3 crate/pyo3/python/scripts/test_kms.py
-          # Check that the lib version is the same as the server
+
+      - name: Check that the lib version is the same as the server
+        run: |
           cargo install cargo-get
           diff <(cargo get --entry crate/pyo3 package.version) <(cargo get --entry crate/server package.version) || (echo "Update the version in crate/pyo3/Cargo.toml"; exit
             1)

Cargo.toml

@@ -43,7 +43,7 @@ clap = { version = "4.4", default-features = false, features = [
   "derive",
   "cargo",
 ] }
-cloudproof = { version = "2.2.5", features = ["findex-redis"] }
+cloudproof = { version = "2.3.0", features = ["findex-redis"] }
 env_logger = "0.10"
 hex = "0.4"
 http = "0.2"

crate/cli/src/actions/cover_crypt/policy.rs

@@ -4,9 +4,7 @@ use std::{
 };
 
 use clap::{Parser, Subcommand};
-use cloudproof::reexport::cover_crypt::abe_policy::{
-    Attribute, EncryptionHint, Policy, PolicyAxis,
-};
+use cloudproof::reexport::cover_crypt::abe_policy::{DimensionBuilder, EncryptionHint, Policy};
 use cosmian_kmip::kmip::{
     kmip_objects::Object,
     ttlv::{deserializer::from_ttlv, TTLV},
@@ -29,7 +27,7 @@ pub struct PolicySpecifications(HashMap<String, Vec<String>>);
 impl PolicySpecifications {
     /// Create a `Policy` from `PolicySpecifications`
     pub fn to_policy(&self) -> Result<Policy, CliError> {
-        let mut policy = Policy::new(u32::MAX);
+        let mut policy = Policy::new();
         for (axis, attributes) in &self.0 {
             // Split the axis into axis name and hierarchy flag
             let (axis_name, hierarchical) = match axis.split_once("::") {
@@ -65,7 +63,7 @@ impl PolicySpecifications {
             }
 
             // Add the axis to the policy
-            policy.add_axis(PolicyAxis::new(
+            policy.add_dimension(DimensionBuilder::new(
                 axis_name,
                 attributes_properties,
                 hierarchical,
@@ -88,24 +86,25 @@ impl TryInto<Policy> for PolicySpecifications {
     }
 }
 
-impl TryFrom<&Policy> for PolicySpecifications {
+impl TryFrom<Policy> for PolicySpecifications {
     type Error = CliError;
 
-    fn try_from(policy: &Policy) -> Result<Self, Self::Error> {
-        let mut result: HashMap<String, Vec<String>> = HashMap::new();
-        for (axis_name, params) in &policy.axes {
-            let axis_full_name =
-                axis_name.clone() + if params.is_hierarchical { "::+" } else { "" };
-            let mut attributes = Vec::with_capacity(params.attribute_names.len());
-            for att in &params.attribute_names {
-                let name = att.clone()
-                    + match policy.attribute_hybridization_hint(&Attribute::new(axis_name, att))? {
+    fn try_from(policy: Policy) -> Result<Self, Self::Error> {
+        let mut result: HashMap<String, Vec<String>> =
+            HashMap::with_capacity(policy.dimensions.len());
+        for (dim_name, dimension) in policy.dimensions {
+            let dim_full_name = dim_name + if dimension.order.is_some() { "::+" } else { "" };
+            let attributes = dimension
+                .attributes_properties()
+                .into_iter()
+                .map(|(name, enc_hint)| {
+                    name + match enc_hint {
                         EncryptionHint::Hybridized => "::+",
                         EncryptionHint::Classic => "",
-                    };
-                attributes.push(name);
-            }
-            result.insert(axis_full_name, attributes);
+                    }
+                })
+                .collect();
+            result.insert(dim_full_name, attributes);
         }
         Ok(Self(result))
     }
@@ -275,7 +274,7 @@ impl SpecsAction {
             kms_rest_client,
         )
         .await?;
-        let specs = PolicySpecifications::try_from(&policy)?;
+        let specs = PolicySpecifications::try_from(policy)?;
         // save the policy to the specifications file
         write_json_object_to_file(&specs, &self.policy_specs_file)
     }
@@ -358,7 +357,7 @@ impl ViewAction {
         let json = if self.detailed {
             serde_json::to_string_pretty(&policy)?
         } else {
-            let specs = PolicySpecifications::try_from(&policy)?;
+            let specs = PolicySpecifications::try_from(policy)?;
             serde_json::to_string_pretty(&specs)?
         };
         println!("{json}");
@@ -436,15 +435,22 @@ mod tests {
 
         let policy_json: PolicySpecifications = serde_json::from_str(json).unwrap();
         let policy = policy_json.to_policy()?;
-        assert_eq!(policy.axes.len(), 2);
-        assert!(policy.axes.get("Security Level").unwrap().is_hierarchical);
-        assert!(!policy.axes.get("Department").unwrap().is_hierarchical);
+        assert_eq!(policy.dimensions.len(), 2);
+        assert!(
+            policy
+                .dimensions
+                .get("Security Level")
+                .unwrap()
+                .order
+                .is_some()
+        );
+        assert!(policy.dimensions.get("Department").unwrap().order.is_none());
         assert_eq!(
             policy
-                .axes
+                .dimensions
                 .get("Security Level")
                 .unwrap()
-                .attribute_names
+                .attributes
                 .len(),
             3
         );

crate/cli/src/actions/cover_crypt/rotate_attributes.rs

@@ -1,7 +1,9 @@
 use clap::Parser;
 use cloudproof::reexport::cover_crypt::abe_policy::Attribute;
 use cosmian_kms_client::KmsRestClient;
-use cosmian_kms_utils::crypto::cover_crypt::kmip_requests::build_rekey_keypair_request;
+use cosmian_kms_utils::crypto::cover_crypt::{
+    attributes::EditPolicyAction, kmip_requests::build_rekey_keypair_request,
+};
 
 use crate::{
     cli_bail,
@@ -55,7 +57,8 @@ impl RotateAttributesAction {
         };
 
         // Create the kmip query
-        let rotate_query = build_rekey_keypair_request(&id, ats)?;
+        let rotate_query =
+            build_rekey_keypair_request(&id, EditPolicyAction::RotateAttributes(ats))?;
 
         // Query the KMS with your kmip data
         let rotate_response = kms_rest_client

crate/kmip/src/kmip/kmip_messages.rs

@@ -152,6 +152,7 @@ pub struct MessageBatchItem {
 }
 
 impl MessageBatchItem {
+    #[must_use]
     pub fn new(request: Operation) -> Self {
         Self {
             operation: request.operation_enum(),
@@ -473,6 +474,7 @@ pub struct MessageResponseBatchItem {
 }
 
 impl MessageResponseBatchItem {
+    #[must_use]
     pub fn new(result_status: ResultStatusEnumeration) -> Self {
         Self {
             result_status,
@@ -486,6 +488,7 @@ impl MessageResponseBatchItem {
         }
     }
 
+    #[must_use]
     pub fn new_with_response(result_status: ResultStatusEnumeration, response: Operation) -> Self {
         Self {
             result_status,

crate/kmip/src/kmip/kmip_operations.rs

@@ -134,6 +134,7 @@ pub enum Operation {
 }
 
 impl Operation {
+    #[must_use]
     pub fn direction(&self) -> Direction {
         match self {
             Operation::Import(_)
@@ -166,6 +167,7 @@ impl Operation {
         }
     }
 
+    #[must_use]
     pub fn operation_enum(&self) -> OperationEnumeration {
         match self {
             Operation::Import(_) | Operation::ImportResponse(_) => OperationEnumeration::Import,
@@ -197,6 +199,7 @@ impl Operation {
     ///
     /// The check is enforced only if a upper version than the default one
     /// is detected when receiving an operation.
+    #[must_use]
     pub fn protocol_version(&self) -> ProtocolVersion {
         ProtocolVersion::default()
     }

crate/kmip/src/kmip/ttlv/mod.rs

@@ -457,14 +457,15 @@ impl<'de> Deserialize<'de> for TTLV {
 ///
 /// This conversion is done manually, as `num-bigint-dig`
 /// doesn't provide such conversion.
+#[must_use]
 pub fn to_u32_digits(big_int: &BigUint) -> Vec<u32> {
     big_int
         .to_bytes_be()
         .chunks(4)
         .map(|group_of_4_bytes| {
             group_of_4_bytes
                 .iter()
-                .fold(0, |acc, byte| (acc << 8) + (*byte as u32))
+                .fold(0, |acc, byte| (acc << 8) + u32::from(*byte))
         })
         .collect::<Vec<_>>()
 }