Bindings python (#65)

* new python interfaces based on objects rather than functions covering a broader range of functionalities
Cosmian · Nov 23, 2022 · f69116c · f69116c
1 parent 9baca54
commit f69116c
Show file tree

Hide file tree

Showing 17 changed files with 950 additions and 577 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -158,6 +158,19 @@ benchmarks:
     - cargo bench --features full_bench,hybrid
   when: manual
 
+build_python:
+  stage: build
+  image:
+    name: ghcr.io/pyo3/maturin
+    # remove the image custom entrypoint because it is not supported by gitlab runners
+    entrypoint: ['']
+  script:
+    - maturin build --release --features python
+  artifacts:
+    paths:
+      - target/wheels/*.whl
+    expire_in: 3 mos
+
 test_cloudproof_java:
   image: openjdk:8
   stage: test
@@ -173,12 +186,8 @@ test_cloudproof_java:
 test_python:
   stage: test
   script:
-    - maturin build --release --features python
-    - bash src/interfaces/pyo3/tests/test.sh
-  artifacts:
-    paths:
-      - target/wheels/*.whl
-    expire_in: 3 mos
+    - pip install --force-reinstall target/wheels/cover_crypt*.whl
+    - python3 src/interfaces/pyo3/tests/test_cover_crypt.py
 
 test_cloudproof_js:
   image: node:18
@@ -242,3 +251,21 @@ cargo_publish:
     - rm -rf ${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-bin.zip cosmian_${CI_PROJECT_NAME}_${CI_COMMIT_TAG}.zip jniLibs target
     - cargo publish --token $CRATES_IO
     - rm -rf /tmp/${CI_PROJECT_NAME}
+
+python_publish:
+  stage: publish
+  rules:
+    - if: $CI_COMMIT_TAG =~ /^v\d+.\d+.\d+$/
+  script:
+    - pip install twine
+    - twine upload -u "${PYPI_USERNAME}" -p "${PYPI_PASSWORD}" target/wheels/cover_crypt-${CI_COMMIT_TAG}*.whl
+
+# Finally, run benchmarks at once
+benchmarks:
+  stage: publish
+  rules:
+    - if: $CI_COMMIT_TAG =~ /^v\d+.\d+.\d+$/
+  before_script:
+    - apt update && apt install -y gnuplot
+  script:
+    - cargo bench --all-features
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,7 @@ All notable changes to this project will be documented in this file.
 ### Changed
 
 - improve serialization
+- new python interfaces based on objects rather than functions covering a broader range of functionalities
 
 ### Fixed
 

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -12,32 +12,32 @@ repository = "https://github.com/Cosmian/cover_crypt"
 description = "Key Policy attribute encryption based on subset cover"
 
 [lib]
-name = "cosmian_cover_crypt"
 crate-type = ["rlib", "cdylib", "staticlib"]
+name = "cosmian_cover_crypt"
 # The cdylib is only interesting if the `--features ffi` flag is set on build
 # This does not seem to be actionable conditionally https://github.com/rust-lang/cargo/issues/4881
 
 [[bench]]
-name = "benches"
 harness = false
+name = "benches"
 
 [profile.bench]
 debug = true
 
 [features]
 ffi = ["lazy_static"]
-wasm_bindgen = ["js-sys", "wasm-bindgen"]
-python = ["pyo3"]
 full_bench = []
+python = ["pyo3"]
+wasm_bindgen = ["js-sys", "wasm-bindgen"]
 
 [dependencies]
 abe_policy = "1.0"
-cosmian_crypto_core = { git = "https://github.com/Cosmian/crypto_core", branch = "develop"}
+cosmian_crypto_core = "5.0.0"
 hex = "0.4"
 js-sys = { version = "0.3", optional = true }
 lazy_static = { version = "1.4", optional = true }
 leb128 = "0.2"
-pyo3 = { version = "0.16.3", features = ["extension-module"], optional = true }
+pyo3 = { version = "0.17.3", features = ["extension-module", "abi3", "abi3-py37"], optional = true }
 rand_core = { version = "0.6", features = ["getrandom"] }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
@@ -48,4 +48,4 @@ zeroize = "1.5"
 
 [dev-dependencies]
 criterion = { version = "0.4", features = ["html_reports"], default_features = false }
-wasm-bindgen-test = { version = "0.3" }
+wasm-bindgen-test = "0.3"
diff --git a/README.md b/README.md
@@ -1,14 +1,14 @@
 # CoverCrypt &emsp; [![Build Status]][actions] [![Latest Version]][crates.io]
 
-
-Implementation of the [CoverCrypt](bib/CoverCrypt.pdf) algorithm which allows creating ciphertexts for a set of attributes and issuing user keys with access policies over these attributes.
-
-
-[Build Status]: https://img.shields.io/github/workflow/status/Cosmian/cosmian_cover_crypt/CI%20checks/main
+[build status]: https://img.shields.io/github/workflow/status/Cosmian/cosmian_cover_crypt/CI%20checks/main
 [actions]: https://github.com/Cosmian/cosmian_cover_crypt/actions?query=branch%3Amain
-[Latest Version]: https://img.shields.io/crates/v/cosmian_cover_crypt.svg
+[latest version]: https://img.shields.io/crates/v/cosmian_cover_crypt.svg
 [crates.io]: https://crates.io/crates/cosmian_cover_crypt
 
+Implementation of the [CoverCrypt](bib/CoverCrypt.pdf) algorithm which allows
+creating ciphertexts for a set of attributes and issuing user keys with access
+policies over these attributes.
+
 <!-- toc -->
 
   * [Getting started](#getting-started)
@@ -28,7 +28,7 @@ Implementation of the [CoverCrypt](bib/CoverCrypt.pdf) algorithm which allows cr
 The following code sample introduces the CoverCrypt functionalities. It can be
 run from `examples/runme.rs` using `cargo run --example runme`.
 
-``` rust
+```rust
 use abe_policy::{AccessPolicy, Attribute, Policy, PolicyAxis};
 use cosmian_cover_crypt::{
     interfaces::statics::{CoverCryptX25519Aes256, EncryptedHeader},
@@ -127,56 +127,61 @@ assert!(encrypted_header.decrypt(&cover_crypt, &usk, None).is_err());
 # Building and testing
 
 To build the core only, run:
-``` bash
+
+```bash
 cargo build --release
 ```
 
 To build the FFI interface:
-``` bash
+
+```bash
 cargo build --release --features interfaces
 ```
 
 To build everything (including the FFI):
-``` bash
+
+```bash
 cargo build --release --all-features
 ```
 
 The latter will build a shared library. On Linux, one can verify that the FFI
 symbols are present using:
-``` bash
+
+```bash
 objdump -T  target/release/libcosmian_cover_crypt.so
 ```
 
 The code contains numerous tests that you can run using:
-``` bash
+
+```bash
 cargo test --release --all-features
 ```
 
 Benchmarks can be run using (one can pass any feature flag):
-``` bash
+
+```bash
 cargo bench
 ```
 
 ### Building the library for a different glibc
 
 Go to the [build](build/glibc-2.17/) directory for an example on how to build for GLIBC 2.17
 
-### Building for Pyo3
+### Build and tests for Pyo3
 
 ```bash
-maturin develop --cargo-extra-args="--release --features python
+./src/interfaces/pyo3/tests/test.sh
 ```
 
-
 ## Features and Benchmarks
 
-
 In CoverCrypt, messages are encrypted using a symmetric scheme. The right
 management is performed by a novel asymmetric scheme which is used to
 encapsulate a symmetric key. This encapsulation is stored in an object called
 encrypted header, along with the symmetric ciphertext.
 
 This design brings several advantages:
+
 - the central authority has a unique key to protect (the master secret key);
 - encapsulation can be performed without the need to store any sensitive
   information (public cryptography);
@@ -189,13 +194,15 @@ i7-10750H CPU @ 3.20GHz.
 
 Asymmetric keys must be generated beforehand. This is the role of a central
 authority, which is in charge of:
+
 - generating and updating the master keys according to the right policy;
 - generate and update user secret keys.
 
 The CoverCrypt APIs exposes everything that is needed:
-- `CoverCrypt::setup`   : generate master keys
-- `CoverCrypt::join`    : create a user secret key for the given rights
-- `CoverCrypt::update`  : update the master keys for the given policy
+
+- `CoverCrypt::setup` : generate master keys
+- `CoverCrypt::join` : create a user secret key for the given rights
+- `CoverCrypt::update` : update the master keys for the given policy
 - `CoverCrypt::refresh` : refresh a user secret key from the master secret key
 
 The key generations may be long if the policy contains many rights or if there

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,10 +1,14 @@
 [build-system]
-requires = ["maturin>=0.12,<0.13"]
+requires = ["maturin>=0.13,<0.14"]
 build-backend = "maturin"
 
+[tool.maturin]
+# https://github.com/pypa/manylinux#manylinux
+compatibility = "manylinux_2_17"
+
 [project]
 name = "cover_crypt"
-requires-python = ">=3.6"
+requires-python = ">=3.7"
 classifiers = [
   "Programming Language :: Rust",
   "Programming Language :: Python :: Implementation :: CPython",

diff --git a/src/error.rs b/src/error.rs
@@ -30,7 +30,7 @@ pub enum Error {
     #[error("could not decode number of attributes in encrypted message")]
     DecodingAttributeNumber,
     #[error(
-        "Unable to decrypt the header size. User decryption key has not the right policy to \
+        "Unable to decrypt the header. User decryption key has not the right policy to \
          decrypt this input."
     )]
     InsufficientAccessPolicy,