Refactor CBD API #231
Refactor CBD API #231
Conversation
piotr-roslaniec
changed the title
piotr-roslaniec
requested review from
KPrasch,
theref,
derekpierre and
manumonti
src/characters/bob.ts
Outdated
| constructor(config: Configuration, secretKey: SecretKey) { | ||
| this.porter = new Porter(config.porterUri); | ||
| constructor(porterUri: string, secretKey: SecretKey) { | ||
| this.porter = new PorterClient(porterUri); |
There was a problem hiding this comment.
I don't think Bob should take a Porter uri either - just like Alice.
There was a problem hiding this comment.
✔️
What do you think about other characters like Decrypter and Encrypter? They are meant to be persisted and transferred so it may make sense to store porterUri instead of using it ad-hoc.
There was a problem hiding this comment.
Seems like not. Much like Bob/Alice they use a Porter and therefore should probably take a porterUri as a parameter to functions that perform network actions (eg. retrieve).
wdyt, since you are closer to the code than I am?
There was a problem hiding this comment.
I think it's going to add a little bit of bloat to method signatures, but it may be a good trade-off between ergonomics and clarity on what consists of a protocol object.
| import { Porter } from './porter'; | ||
|
|
||
| export type PreTDecDecrypterJSON = { | ||
| export type PreDecrypterJSON = { | ||
| porterUri: string; | ||
| policyEncryptingKeyBytes: Uint8Array; | ||
| encryptedTreasureMapBytes: Uint8Array; | ||
| publisherVerifyingKeyBytes: Uint8Array; | ||
| bobSecretKeyBytes: Uint8Array; |
There was a problem hiding this comment.
If this is no longer PreTDecDecrypter, and just PreDecrypter, then bob's secret keys should no longer be needed, right?
There was a problem hiding this comment.
How does the PreDecrypter decrypt without a secret key?
There was a problem hiding this comment.
For PRE-tDEC Bob's secret key bytes were publicly known anyway so I thought that's why they were passed in here i.e. the Universal Bob concept.
However, for just PRE, Bob's secret bytes should continue to be a secret to everyone except for Bob. So a few things stand out:
-
Should a
PREDecrypterbe handling Bob's secret bytes at all - that seems like a security hole. More philosophically, what is a "decrypter" in the context of PRE? For example, does a PRE decrypter return re-encrypted bytes (encrypted for Bob) that Bob can then decrypt himself instead? Basically it gets the data re-encrypted and is separated from decryption. It's kind of like the line between Porter and Bob or in Python the line betweenPRERetrievalClientandBob. In which case, it's not a "decrypter" per se. -
If
PREDecrypters are persistable they should not be persisting bob's secret bytes. Bob should maintain control of his own secret key, which brings me back to point 1) above.
I might need to go back and look at the existing code, maybe I'm just missing something - I think this is where the API becomes very tricky 😅
There was a problem hiding this comment.
I think I have more clarity now on where to go from there: It feels to me like PREDecrypter is no longer a satisfactory abstraction for decryption, and that job should be delegated to Bob. And in that case, maybe we should also revisit the shape and function of PreStrategy.
These items look like a big job, and I'd rather sketch a refactoring in a separate issue (#166), discuss it, and then fix it in another PR.
| @@ -66,18 +62,26 @@ export class CbdStrategy { | |||
|
|
|||
| export class DeployedCbdStrategy { | |||
| private constructor( | |||
| public readonly decrypter: CbdTDecDecrypter, | |||
| public readonly decrypter: ThresholdDecrypter, | |||
There was a problem hiding this comment.
Ignoring for now, but we need some kind of common naming scheme for the Strategy and its encrypter/decrypter.
DeployedCbdStrategy having a ThresholdDecrypter seems a bit disjointed/disconnected - we need to tie the strategy and encrypter/decrypter together through common naming somehow. I know this is a hot-button topic across the team, so no recommendations from my end for this PR, but something we could collectively discuss and address separately.
src/sdk/strategy/pre-strategy.ts
Outdated
|
|
||
| const porterUri = this.cohort.porterUri; | ||
| const alice = Alice.fromSecretKey(this.aliceSecretKey); | ||
| const bob = new Bob(porterUri, this.bobSecretKey); |
There was a problem hiding this comment.
Related to a previous comment - only Bob's public key should be needed for PRE, so secret key should not be needed.
There was a problem hiding this comment.
I think I'm missing something about this transition that we're going through, i.e. from PreTDecDecrypter to just PreDecrypter. For example, I thought that Bob needs a secret key to decrypt message kits at some point.
piotr-roslaniec
force-pushed
the
refactor-api#166
branch
from
58824c0
to
982c8f8
Compare
src/porter.ts
Outdated
| type Network = 'mainnet' | 'tapir' | 'oryx' | 'lynx'; | ||
|
|
||
| const PORTER_URIS: Record<Network, string> = { | ||
| // TODO: Make sure these are correct |
There was a problem hiding this comment.
What do you mean with this TODO? If the URLs are correct? Can we do this before merging this PR?
There was a problem hiding this comment.
I think these are correct, going to remove TODO
| @@ -163,14 +163,14 @@ describe('CbdTDecDecrypter', () => { | |||
| it('serializes to a plain object', async () => { | |||
There was a problem hiding this comment.
Should we change the name of this test component?
describe('CbdTDecDecrypter', () => {
to
describe('TresholdDecrypter', () => {
|
Bundled size for the package is listed below: build/module/types/ethers-contracts/factories: 82.03 KB |
Codecov Report
@@ Coverage Diff @@
## tdec-epic #231 +/- ##
=============================================
- Coverage 83.23% 82.88% -0.35%
=============================================
Files 37 36 -1
Lines 978 976 -2
Branches 123 109 -14
=============================================
- Hits 814 809 -5
- Misses 158 162 +4
+ Partials 6 5 -1
|
piotr-roslaniec
force-pushed
the
refactor-api#166
branch
from
274b73a
to
300696b
Compare
|
Bundled size for the package is listed below: build/module/types/ethers-contracts/factories: 82.03 KB |
Type of PR:
Required reviews:
What this does:
Configurationtype with a rawporterUridefaultConfigurationwithgetPorterUribased on NuCypher network and not achainIdPorterout ofcharactersand renames it intoPorterClientporterUriandweb3Providerfrom character constructors and moves them into verbsIssues fixed/closed:
Why it's needed:
Notes for reviewers: