chore: update vetkd_public_key permission

zensh · zensh · commit 9adb1a419215 · 2025-06-11T11:00:46.000+08:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -14,7 +14,7 @@ strip = true
 opt-level = 's'
 
 [workspace.package]
-version = "0.8.7"
+version = "0.8.8"
 edition = "2021"
 repository = "https://github.com/ldclabs/ic-cose"
 keywords = ["config", "cbor", "canister", "icp", "encryption"]
diff --git a/src/ic_cose/examples/vetkeys.rs b/src/ic_cose/examples/vetkeys.rs
@@ -39,17 +39,17 @@ async fn main() {
         version: 1,
     };
 
-    let (vk, dkp) = cli.vetkey(&path).await.unwrap();
+    let (vk, dpk) = cli.vetkey(&path).await.unwrap();
     println!("VetKey: {:?}", hex::encode(vk.signature_bytes()));
     // VetKey: "8a4554dec6eeb1ab95574005c477ed5a8dadb0acb5d4c7c911771a16d974bcd61db63bd2a89eeb174fc96b58ca9d5eca"
-    println!("Derived Public Key: {:?}", hex::encode(dkp.serialize()));
+    println!("Derived Public Key: {:?}", hex::encode(dpk.serialize()));
     // Derived Public Key: "81b09cdf3a525448978fd72532e19b9fbc8ec7d025af4b5fa2c1f85ef007fdb8946be1ccc288c623acf1bf1fa43cac5f1098012a4f91663eaa73894487c94b4b335af8a224e9e30ca136bad8bfdc2b7fc16f0424f66e88553713852ea04b27a8"
 
     let ibe_seed: [u8; 32] = rand_bytes();
     let ibe_seed = IbeSeed::from_bytes(&ibe_seed).unwrap();
     let ibe_id = IbeIdentity::from_bytes(&path.key);
     let msg = b"Hello, LDC Labs!";
-    let ciphertext = IbeCiphertext::encrypt(&dkp, &ibe_id, msg, &ibe_seed);
+    let ciphertext = IbeCiphertext::encrypt(&dpk, &ibe_id, msg, &ibe_seed);
     let data = ciphertext.serialize();
     println!("Ciphertext: {:?}", hex::encode(&data));
 
diff --git a/src/ic_cose_canister/src/api_cose.rs b/src/ic_cose_canister/src/api_cose.rs
@@ -130,15 +130,18 @@ async fn vetkd_public_key(path: SettingPath) -> Result<ByteBuf, String> {
     path.validate()?;
 
     let caller = ic_cdk::api::msg_caller();
-    let spk = store::SettingPathKey::from_path(path, caller);
-    if !store::ns::has_kek_permission(&caller, &spk) {
-        Err(format!(
-            "vetkd_public_key: {} has no permission for {}",
-            caller.to_text(),
-            spk
-        ))?;
-    }
+    store::ns::with(&path.ns, |ns| {
+        if !ns.can_read_namespace(&caller) {
+            return Err(format!(
+                "vetkd_public_key: {} has no permission for {}",
+                caller.to_text(),
+                path.ns
+            ))?;
+        }
+        Ok(())
+    })?;
 
+    let spk = store::SettingPathKey::from_path(path, caller);
     let pk = store::ns::inner_vetkd_public_key(&spk).await?;
     Ok(ByteBuf::from(pk))
 }
