From 7da66c24f0118e3d569d665d32db0432d9064cbf Mon Sep 17 00:00:00 2001 From: Svyatoslav Nikolsky Date: Wed, 22 Nov 2017 11:09:48 +0300 Subject: [PATCH] SecretStore: store joint_public in key_storage --- .../key_version_negotiation_session.rs | 1 + .../admin_sessions/share_add_session.rs | 11 ++++++++++- .../client_sessions/decryption_session.rs | 3 +++ .../client_sessions/generation_session.rs | 10 +++++++++- .../client_sessions/signing_session.rs | 2 ++ secret_store/src/key_server_cluster/message.rs | 2 ++ secret_store/src/key_storage.rs | 12 +++++++++++- 7 files changed, 38 insertions(+), 3 deletions(-) diff --git a/secret_store/src/key_server_cluster/admin_sessions/key_version_negotiation_session.rs b/secret_store/src/key_server_cluster/admin_sessions/key_version_negotiation_session.rs index f755ae089..f86275f3a 100644 --- a/secret_store/src/key_server_cluster/admin_sessions/key_version_negotiation_session.rs +++ b/secret_store/src/key_server_cluster/admin_sessions/key_version_negotiation_session.rs @@ -700,6 +700,7 @@ mod tests { nodes.values().nth(0).unwrap().insert(Default::default(), DocumentKeyShare { author: Default::default(), threshold: 1, + public: Default::default(), common_point: None, encrypted_point: None, versions: vec![DocumentKeyShareVersion { diff --git a/secret_store/src/key_server_cluster/admin_sessions/share_add_session.rs b/secret_store/src/key_server_cluster/admin_sessions/share_add_session.rs index a31df24c6..5fcc18a28 100644 --- a/secret_store/src/key_server_cluster/admin_sessions/share_add_session.rs +++ b/secret_store/src/key_server_cluster/admin_sessions/share_add_session.rs @@ -90,6 +90,8 @@ struct SessionData { pub key_share_threshold: Option, /// NewKeyShare: author. pub key_share_author: Option, + /// NewKeyShare: joint public. + pub key_share_joint_public: Option, /// NewKeyShare: Common (shared) encryption point. pub key_share_common_point: Option, /// NewKeyShare: Encrypted point. @@ -167,6 +169,7 @@ impl SessionImpl where T: SessionTransport { consensus_session: None, key_share_threshold: None, key_share_author: None, + key_share_joint_public: None, key_share_common_point: None, key_share_encrypted_point: None, id_numbers: None, @@ -435,7 +438,9 @@ impl SessionImpl where T: SessionTransport { } // we only expect this message once - if data.key_share_threshold.is_some() || data.key_share_author.is_some() || data.key_share_common_point.is_some() || data.key_share_encrypted_point.is_some() { + if data.key_share_threshold.is_some() || data.key_share_author.is_some() || + data.key_share_common_point.is_some() || data.key_share_encrypted_point.is_some() || + data.key_share_joint_public.is_some() { return Err(Error::InvalidStateForRequest); } @@ -452,6 +457,7 @@ impl SessionImpl where T: SessionTransport { data.state = SessionState::WaitingForKeysDissemination; data.key_share_threshold = Some(message.threshold); data.key_share_author = Some(message.author.clone().into()); + data.key_share_joint_public = Some(message.joint_public.clone().into()); data.key_share_common_point = message.common_point.clone().map(Into::into); data.key_share_encrypted_point = message.encrypted_point.clone().map(Into::into); @@ -624,6 +630,7 @@ impl SessionImpl where T: SessionTransport { session_nonce: core.nonce, threshold: old_key_share.threshold, author: old_key_share.author.clone().into(), + joint_public: old_key_share.public.clone().into(), common_point: old_key_share.common_point.clone().map(Into::into), encrypted_point: old_key_share.encrypted_point.clone().map(Into::into), id_numbers: old_key_version.id_numbers.iter().map(|(k, v)| (k.clone().into(), v.clone().into())).collect(), @@ -703,6 +710,8 @@ impl SessionImpl where T: SessionTransport { .expect("this is new node; on new nodes this field is filled before KRD; session is completed after KRD; qed"), threshold: data.key_share_threshold.clone() .expect("this is new node; on new nodes this field is filled before KRD; session is completed after KRD; qed"), + public: data.key_share_joint_public.clone() + .expect("this is new node; on new nodes this field is filled before KRD; session is completed after KRD; qed"), common_point: data.key_share_common_point.clone(), encrypted_point: data.key_share_encrypted_point.clone(), versions: Vec::new(), diff --git a/secret_store/src/key_server_cluster/client_sessions/decryption_session.rs b/secret_store/src/key_server_cluster/client_sessions/decryption_session.rs index 61055612a..58ae20661 100644 --- a/secret_store/src/key_server_cluster/client_sessions/decryption_session.rs +++ b/secret_store/src/key_server_cluster/client_sessions/decryption_session.rs @@ -685,6 +685,7 @@ mod tests { let encrypted_datas: Vec<_> = (0..5).map(|i| DocumentKeyShare { author: Public::default(), threshold: 3, + public: Default::default(), common_point: Some(common_point.clone()), encrypted_point: Some(encrypted_point.clone()), versions: vec![DocumentKeyShareVersion { @@ -756,6 +757,7 @@ mod tests { key_share: Some(DocumentKeyShare { author: Public::default(), threshold: 0, + public: Default::default(), common_point: Some(Random.generate().unwrap().public().clone()), encrypted_point: Some(Random.generate().unwrap().public().clone()), versions: vec![DocumentKeyShareVersion { @@ -809,6 +811,7 @@ mod tests { key_share: Some(DocumentKeyShare { author: Public::default(), threshold: 2, + public: Default::default(), common_point: Some(Random.generate().unwrap().public().clone()), encrypted_point: Some(Random.generate().unwrap().public().clone()), versions: vec![DocumentKeyShareVersion { diff --git a/secret_store/src/key_server_cluster/client_sessions/generation_session.rs b/secret_store/src/key_server_cluster/client_sessions/generation_session.rs index 01f82815c..84c1b43e5 100644 --- a/secret_store/src/key_server_cluster/client_sessions/generation_session.rs +++ b/secret_store/src/key_server_cluster/client_sessions/generation_session.rs @@ -517,10 +517,17 @@ impl SessionImpl { return Err(Error::InvalidMessage); } + // calculate joint public key + let joint_public = { + let public_shares = data.nodes.values().map(|n| n.public_share.as_ref().expect("keys received on KD phase; KG phase follows KD phase; qed")); + math::compute_joint_public(public_shares)? + }; + // save encrypted data to key storage let encrypted_data = DocumentKeyShare { author: data.author.as_ref().expect("author is filled in initialization phase; KG phase follows initialization phase; qed").clone(), threshold: data.threshold.expect("threshold is filled in initialization phase; KG phase follows initialization phase; qed"), + public: joint_public, common_point: None, encrypted_point: None, versions: vec![DocumentKeyShareVersion::new( @@ -677,7 +684,7 @@ impl SessionImpl { fn complete_generation(&self) -> Result<(), Error> { let mut data = self.data.lock(); - // else - calculate joint public key + // calculate joint public key let joint_public = { let public_shares = data.nodes.values().map(|n| n.public_share.as_ref().expect("keys received on KD phase; KG phase follows KD phase; qed")); math::compute_joint_public(public_shares)? @@ -687,6 +694,7 @@ impl SessionImpl { let encrypted_data = DocumentKeyShare { author: data.author.as_ref().expect("author is filled in initialization phase; KG phase follows initialization phase; qed").clone(), threshold: data.threshold.expect("threshold is filled in initialization phase; KG phase follows initialization phase; qed"), + public: joint_public.clone(), common_point: None, encrypted_point: None, versions: vec![DocumentKeyShareVersion::new( diff --git a/secret_store/src/key_server_cluster/client_sessions/signing_session.rs b/secret_store/src/key_server_cluster/client_sessions/signing_session.rs index 542b3454c..a0895ceb0 100644 --- a/secret_store/src/key_server_cluster/client_sessions/signing_session.rs +++ b/secret_store/src/key_server_cluster/client_sessions/signing_session.rs @@ -978,6 +978,7 @@ mod tests { key_share: Some(DocumentKeyShare { author: Public::default(), threshold: 0, + public: Default::default(), common_point: Some(Random.generate().unwrap().public().clone()), encrypted_point: Some(Random.generate().unwrap().public().clone()), versions: vec![DocumentKeyShareVersion { @@ -1031,6 +1032,7 @@ mod tests { key_share: Some(DocumentKeyShare { author: Public::default(), threshold: 2, + public: Default::default(), common_point: Some(Random.generate().unwrap().public().clone()), encrypted_point: Some(Random.generate().unwrap().public().clone()), versions: vec![DocumentKeyShareVersion { diff --git a/secret_store/src/key_server_cluster/message.rs b/secret_store/src/key_server_cluster/message.rs index 357786725..b8cd98643 100644 --- a/secret_store/src/key_server_cluster/message.rs +++ b/secret_store/src/key_server_cluster/message.rs @@ -773,6 +773,8 @@ pub struct KeyShareCommon { pub threshold: usize, /// Author of key share entry. pub author: SerializablePublic, + /// Joint public. + pub joint_public: SerializablePublic, /// Common (shared) encryption point. pub common_point: Option, /// Encrypted point. diff --git a/secret_store/src/key_storage.rs b/secret_store/src/key_storage.rs index fec58de2b..3b1e0e6f2 100644 --- a/secret_store/src/key_storage.rs +++ b/secret_store/src/key_storage.rs @@ -40,6 +40,8 @@ pub struct DocumentKeyShare { pub author: Public, /// Decryption threshold (at least threshold + 1 nodes are required to decrypt data). pub threshold: usize, + /// Server public key. + pub public: Public, /// Common (shared) encryption point. pub common_point: Option, /// Encrypted point. @@ -122,10 +124,12 @@ struct SerializableDocumentKeyShareV1 { /// V2 of encrypted key share, as it is stored by key storage on the single key server. #[derive(Serialize, Deserialize)] struct SerializableDocumentKeyShareV2 { - /// Authore of the entry. + /// Author of the entry. pub author: SerializablePublic, /// Decryption threshold (at least threshold + 1 nodes are required to decrypt data). pub threshold: usize, + /// Server public. + pub public: SerializablePublic, /// Common (shared) encryption point. pub common_point: Option, /// Encrypted point. @@ -174,6 +178,7 @@ fn upgrade_db(db: Database) -> Result { // in v0 there have been only simultaneous GenEnc sessions. author: Public::default().into(), // added in v1 threshold: v0_key.threshold, + public: Public::default().into(), // addded in v2 common_point: Some(v0_key.common_point), encrypted_point: Some(v0_key.encrypted_point), versions: vec![CurrentSerializableDocumentKeyVersion { @@ -196,6 +201,7 @@ fn upgrade_db(db: Database) -> Result { let current_key = CurrentSerializableDocumentKeyShare { author: v1_key.author, // added in v1 threshold: v1_key.threshold, + public: Public::default().into(), // addded in v2 common_point: v1_key.common_point, encrypted_point: v1_key.encrypted_point, versions: vec![CurrentSerializableDocumentKeyVersion { @@ -329,6 +335,7 @@ impl From for SerializableDocumentKeyShareV2 { SerializableDocumentKeyShareV2 { author: key.author.into(), threshold: key.threshold, + public: key.public.into(), common_point: key.common_point.map(Into::into), encrypted_point: key.encrypted_point.map(Into::into), versions: key.versions.into_iter().map(Into::into).collect(), @@ -351,6 +358,7 @@ impl From for DocumentKeyShare { DocumentKeyShare { author: key.author.into(), threshold: key.threshold, + public: key.public.into(), common_point: key.common_point.map(Into::into), encrypted_point: key.encrypted_point.map(Into::into), versions: key.versions.into_iter() @@ -442,6 +450,7 @@ pub mod tests { let value1 = DocumentKeyShare { author: Public::default(), threshold: 100, + public: Public::default(), common_point: Some(Random.generate().unwrap().public().clone()), encrypted_point: Some(Random.generate().unwrap().public().clone()), versions: vec![DocumentKeyShareVersion { @@ -456,6 +465,7 @@ pub mod tests { let value2 = DocumentKeyShare { author: Public::default(), threshold: 200, + public: Public::default(), common_point: Some(Random.generate().unwrap().public().clone()), encrypted_point: Some(Random.generate().unwrap().public().clone()), versions: vec![DocumentKeyShareVersion {