Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

secret-sharing: Zeroize sensitive data #5928

Merged
merged 21 commits into from
Nov 7, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
5e09b07
secret-sharing/src/poly/lagrange: Add debug assertions
peternose Nov 2, 2024
16d589a
secret-sharing/src/poly/lagrange: Update comments
peternose Nov 2, 2024
d5a9a7a
secret-sharing/src/poly/univariate: Fix vec capacity
peternose Nov 4, 2024
6696dd5
secret-sharing: Remove redundant GroupEncoding constraint
peternose Nov 4, 2024
454802d
secret-sharing/src/vss/matrix: Implement AddAssign for matrix
peternose Nov 4, 2024
ffde5b8
secret-sharing/src/churp/switch: Add bivariate shares using AddAssign
peternose Nov 4, 2024
a2f76b6
secret-sharing/src/churp/switch: Implement AddAssign for shares
peternose Nov 4, 2024
8b5ad48
secret-sharing/src/poly: Support zeroize
peternose Aug 30, 2024
d74f0f5
secret-sharing/src/churp/shareholder: Zeroize share on drop
peternose Nov 4, 2024
cf2fe43
secret-sharing/src/poly/lagrange: Zeroize product of li and yi
peternose Nov 5, 2024
be45e1b
secret-sharing/src/churp/switch: Flatten code when adding switch point
peternose Nov 5, 2024
3a03273
secret-sharing/src/poly: Add accessors for point coordinates
peternose Nov 5, 2024
8325ebd
secret-sharing/src/churp/switch: Store points instead of coordinates
peternose Nov 5, 2024
a717221
secret-sharing/src/churp/switch: Zeroize switch points on drop
peternose Nov 5, 2024
1cf9f7a
secret-sharing/src/churp/shareholder: Deref verifiable secret share
peternose Nov 5, 2024
0191ae3
ZeroizePolyFromLagrangie on error
peternose Nov 5, 2024
6c812b4
secret-sharing/src/churp/player: Zeroize intermediate values
peternose Nov 5, 2024
2e0805f
secret-sharing/src/kdc: Zeroize intermediate values
peternose Nov 5, 2024
ec0556b
secret-sharing/src/churp/dealer: Zeroize bivariate polynomial on drop
peternose Nov 5, 2024
d98b318
keymanager/src/churp: Zeroize sensitive data
peternose Nov 5, 2024
0d475b1
secret-sharing/src/poly: Restrict add/sub/mul assign std ops
peternose Nov 4, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Empty file added .changelog/5928.trivial.md
Empty file.
1 change: 1 addition & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

57 changes: 36 additions & 21 deletions keymanager/src/churp/handler.rs
Original file line number Diff line number Diff line change
Expand Up @@ -35,13 +35,14 @@ use oasis_core_runtime::{
use secret_sharing::{
churp::{
encode_shareholder, CommitteeChanged, CommitteeUnchanged, Dealer, DealingPhase, Handoff,
HandoffKind, Shareholder, VerifiableSecretShare,
HandoffKind, Shareholder, SwitchPoint, VerifiableSecretShare,
},
kdc::KeySharer,
poly::{scalar_from_bytes, scalar_to_bytes},
suites::{p384, Suite},
vss::VerificationMatrix,
};
use zeroize::Zeroize;

use crate::{
beacon::State as BeaconState,
Expand Down Expand Up @@ -105,15 +106,19 @@ const CHURP_CONTEXT_SEPARATOR: &[u8] = b" for churp ";
const ALLOWED_BLOCKS_BEHIND: u64 = 5;

/// Represents information about a dealer.
struct DealerInfo<G: Group + GroupEncoding> {
struct DealerInfo<G>
where
G: Group,
G::Scalar: Zeroize,
{
/// The epoch during which this dealer is active.
epoch: EpochTime,
/// The dealer associated with this information.
dealer: Arc<Dealer<G>>,
}

/// Represents information about a handoff.
struct HandoffInfo<G: Group + GroupEncoding> {
struct HandoffInfo<G: Group> {
/// The handoff epoch.
epoch: EpochTime,
/// The handoff associated with this information.
Expand Down Expand Up @@ -608,15 +613,16 @@ impl<S: Suite> Instance<S> {
// Fetch from the host node.
if node_id == self.node_id {
let shareholder = self.get_shareholder(status.handoff)?;
let point = shareholder.switch_point(&x);
let y = shareholder.switch_point(&x);
let point = SwitchPoint::new(x, y);

if handoff.needs_verification_matrix()? {
// Local verification matrix is trusted.
let vm = shareholder.verifiable_share().verification_matrix().clone();
handoff.set_verification_matrix(vm)?;
}

return handoff.add_share_reduction_switch_point(x, point);
return handoff.add_share_reduction_switch_point(point);
}

// Fetch from the remote node.
Expand All @@ -638,15 +644,18 @@ impl<S: Suite> Instance<S> {
handoff.set_verification_matrix(vm)?;
}

let point = block_on(client.churp_share_reduction_point(
let mut bytes = block_on(client.churp_share_reduction_point(
self.churp_id,
status.next_handoff,
self.node_id,
vec![node_id],
))?;
let point = scalar_from_bytes(&point).ok_or(Error::PointDecodingFailed)?;
let maybe_y = scalar_from_bytes(&bytes);
bytes.zeroize();
let y = maybe_y.ok_or(Error::PointDecodingFailed)?;
let point = SwitchPoint::new(x, y);

handoff.add_share_reduction_switch_point(x, point)
handoff.add_share_reduction_switch_point(point)
}

/// Tries to fetch switch point for share reduction from the given node.
Expand All @@ -666,21 +675,25 @@ impl<S: Suite> Instance<S> {
// Fetch from the host node.
if node_id == self.node_id {
let shareholder = handoff.get_reduced_shareholder()?;
let point = shareholder.switch_point(&x);
let y = shareholder.switch_point(&x);
let point = SwitchPoint::new(x, y);

return handoff.add_full_share_distribution_switch_point(x, point);
return handoff.add_full_share_distribution_switch_point(point);
}

// Fetch from the remote node.
let point = block_on(client.churp_share_distribution_point(
let mut bytes = block_on(client.churp_share_distribution_point(
self.churp_id,
status.next_handoff,
self.node_id,
vec![node_id],
))?;
let point = scalar_from_bytes(&point).ok_or(Error::PointDecodingFailed)?;
let maybe_y = scalar_from_bytes(&bytes);
bytes.zeroize();
let y = maybe_y.ok_or(Error::PointDecodingFailed)?;
let point = SwitchPoint::new(x, y);

handoff.add_full_share_distribution_switch_point(x, point)
handoff.add_full_share_distribution_switch_point(point)
}

/// Tries to fetch proactive bivariate share from the given node.
Expand Down Expand Up @@ -728,7 +741,7 @@ impl<S: Suite> Instance<S> {
return Err(Error::InvalidVerificationMatrixChecksum.into());
}

let verifiable_share: VerifiableSecretShare<S::Group> = share.try_into()?;
let verifiable_share: VerifiableSecretShare<S::Group> = (&share).try_into()?;

handoff.add_bivariate_share(&x, verifiable_share)
}
Expand Down Expand Up @@ -778,7 +791,7 @@ impl<S: Suite> Instance<S> {
.load_next_secret_share(self.churp_id, epoch)
.or_else(|err| ignore_error(err, Error::InvalidSecretShare))?; // Ignore previous shares.

// // Back up the secret share, if it is valid.
// Back up the secret share, if it is valid.
if let Some(share) = share.as_ref() {
self.storage
.store_secret_share(share, self.churp_id, epoch)?;
Expand Down Expand Up @@ -813,7 +826,7 @@ impl<S: Suite> Instance<S> {

// Verify that the host hasn't changed.
let me = encode_shareholder::<S>(&self.node_id.0, &self.shareholder_dst)?;
if share.secret_share().coordinate_x() != &me {
if share.x() != &me {
return Err(Error::InvalidHost.into());
}

Expand Down Expand Up @@ -1237,10 +1250,11 @@ impl<S: Suite> Handler for Instance<S> {

let x = encode_shareholder::<S>(&node_id.0, &self.shareholder_dst)?;
let shareholder = self.get_shareholder(status.handoff)?;
let point = shareholder.switch_point(&x);
let point = scalar_to_bytes(&point);
let mut y = shareholder.switch_point(&x);
let bytes = scalar_to_bytes(&y);
y.zeroize();

Ok(point)
Ok(bytes)
}

fn share_distribution_switch_point(
Expand Down Expand Up @@ -1269,8 +1283,9 @@ impl<S: Suite> Handler for Instance<S> {
let x = encode_shareholder::<S>(&node_id.0, &self.shareholder_dst)?;
let handoff = self.get_handoff(status.next_handoff)?;
let shareholder = handoff.get_reduced_shareholder()?;
let point = shareholder.switch_point(&x);
let point = scalar_to_bytes(&point);
let mut y = shareholder.switch_point(&x);
let point = scalar_to_bytes(&y);
y.zeroize();

Ok(point)
}
Expand Down
Loading
Loading