Skip to content
This repository has been archived by the owner on Nov 6, 2020. It is now read-only.

SecretStore: remove session on master node #5545

Merged
merged 103 commits into from
May 12, 2017
Merged
Changes from 1 commit
Commits
Show all changes
103 commits
Select commit Hold shift + click to select a range
87bd9c8
ECDKG protocol prototype
svyatonik Feb 27, 2017
f7aec74
added test for enc/dec math
svyatonik Mar 2, 2017
cd41bd3
get rid of decryption_session
svyatonik Mar 2, 2017
f59aa21
added licenses
svyatonik Mar 2, 2017
577a8cf
Merge branch 'master' into secretstore_proto_draft
svyatonik Mar 2, 2017
5f00d0f
fix after merge
svyatonik Mar 2, 2017
7eca0d5
get rid of unused serde dependency
svyatonik Mar 2, 2017
1775e76
doc
svyatonik Mar 3, 2017
5421eb4
decryption session [without commutative enc]
svyatonik Mar 8, 2017
bbabdf7
failed_dec_session
svyatonik Mar 8, 2017
69995e9
fixed tests
svyatonik Mar 8, 2017
957f4a4
added commen
svyatonik Mar 8, 2017
4c1eb0e
added more decryption session tests
svyatonik Mar 9, 2017
81b737f
helper to localize an issue
svyatonik Mar 9, 2017
86f6657
more computations to localize error
svyatonik Mar 9, 2017
001da67
decryption_session::SessionParams
svyatonik Mar 9, 2017
4938d43
added tests for EC math to localize problem
svyatonik Mar 9, 2017
b75846c
secretstore network transport
svyatonik Mar 10, 2017
7803450
encryption_session_works_over_network
svyatonik Mar 15, 2017
9ccd281
network errors processing
svyatonik Mar 17, 2017
11d95bb
connecting to KeyServer
svyatonik Mar 20, 2017
9a8cdcd
licenses
svyatonik Mar 21, 2017
5572c45
Merge branch 'master' into secretstore_network
svyatonik Mar 21, 2017
88f28d0
get rid of debug println-s
svyatonik Mar 21, 2017
f4889b1
fixed secretstore args
svyatonik Mar 21, 2017
a57fc37
encryption results are stored in KS database
svyatonik Mar 21, 2017
05ec2ed
decryption protocol works over network
svyatonik Mar 21, 2017
0abb83d
enc/dec Session traits
svyatonik Mar 22, 2017
ddf0ab2
fixing warnings
svyatonik Mar 22, 2017
8fd3bd0
Merge branch 'master' into secretstore_network
svyatonik Mar 22, 2017
47d0b40
fix after merge
svyatonik Mar 22, 2017
6592215
on-chain ACL checker proto
svyatonik Mar 24, 2017
428aaf5
fixed compilation
svyatonik Mar 24, 2017
ef43fb8
fixed compilation
svyatonik Mar 24, 2017
688d44c
finally fixed <odd>-of-N-scheme
svyatonik Mar 24, 2017
06cf7a6
temporary commented test
svyatonik Mar 24, 2017
4dbddda
1-of-N works in math
svyatonik Mar 24, 2017
c71dfc2
scheme 1-of-N works
svyatonik Mar 24, 2017
36aa29e
Merge branch 'secretstore_network' into secretstore_aclstorage
svyatonik Mar 24, 2017
d1a8316
updated AclStorage with real contract ABI
svyatonik Mar 24, 2017
6f4dadd
remove unnecessary unsafety
rphmeier Mar 24, 2017
98e19f5
fixed grumbles
svyatonik Mar 27, 2017
b504776
Merge branch 'secretstore_network' into secretstore_aclstorage
svyatonik Mar 27, 2017
312c231
wakeup on access denied
svyatonik Mar 27, 2017
871ed2a
encrypt secretstore messages
svyatonik Mar 30, 2017
63aec44
'shadow' decryption
svyatonik Mar 30, 2017
93e8834
fix grumbles
svyatonik Mar 31, 2017
4573280
Merge branch 'master' into secretstore_network
svyatonik Mar 31, 2017
c4e465f
lost files
svyatonik Mar 31, 2017
e0d4fc4
secretstore cli-options
svyatonik Mar 31, 2017
38a4389
decryption seccion when ACL check failed on master
svyatonik Mar 31, 2017
e49055f
disallow regenerating key for existing document
svyatonik Mar 31, 2017
789e019
removed obsolete TODO
svyatonik Mar 31, 2017
df0fee5
Merge branch 'secretstore_network' into secretstore_todos
svyatonik Mar 31, 2017
c4274fd
fix after merge
svyatonik Mar 31, 2017
5b110cb
switched to tokio_io
svyatonik Mar 31, 2017
9e4440f
Merge branch 'master' into secretstore_aclstorage
svyatonik Apr 3, 2017
2c1f9ef
fix after merge
svyatonik Apr 3, 2017
be46816
Merge branch 'secretstore_aclstorage' into secretstore_todos
svyatonik Apr 3, 2017
b91b525
fix after merge
svyatonik Apr 3, 2017
2aa5bcf
fix after merge
svyatonik Apr 3, 2017
7f431ed
Merge branch 'secretstore_aclstorage' into secretstore_todos
svyatonik Apr 3, 2017
85c6ad9
fix after merge
svyatonik Apr 3, 2017
c3aeb4b
fix after merge
svyatonik Apr 3, 2017
01ccbb0
fixed test
svyatonik Apr 3, 2017
1b684c2
Merge branch 'master' into secretstore_todos
svyatonik Apr 4, 2017
ff0944e
fix after merge
svyatonik Apr 4, 2017
8e57e64
encryption session errors are now fatal
svyatonik Apr 4, 2017
c8f3ffd
session timeouts
svyatonik Apr 4, 2017
ac3a5a5
autorestart decryption session
svyatonik Apr 6, 2017
2ad29af
remove sessions on completion
svyatonik Apr 6, 2017
70fd30c
exclude disconnected nodes from decryption session
svyatonik Apr 6, 2017
c93852d
Merge branch 'master' into secretstore_sessionerr
svyatonik Apr 6, 2017
b908bf0
test for enc/dec session over network with 1 node
svyatonik Apr 7, 2017
117eef4
remove debug printlns
svyatonik Apr 7, 2017
7f4abbe
fixed 1-of-1 scheme
svyatonik Apr 7, 2017
67cb915
drop for KeyServerHttpListener
svyatonik Apr 7, 2017
eed15eb
Use standard encryption and decryption (as in RPC)
ngotchac Apr 7, 2017
cca2d59
Merge branch 'master' into secretstore_sessionerr
svyatonik Apr 10, 2017
b0e203a
added some tests
svyatonik Apr 10, 2017
6493f67
Merge commit 'eed15eb951cb0c8a03a267a161c654a6e9cfae65' into secretst…
svyatonik Apr 11, 2017
8e2e600
moved DEFAULT_MAC to ethcrypto
svyatonik Apr 11, 2017
e23fcaa
rpc_secretstore_encrypt_and_decrypt
svyatonik Apr 13, 2017
65b84ba
serialization with "0x" prefix (RPC compatibility)
svyatonik Apr 14, 2017
8c331c2
secretstore RPC API
svyatonik Apr 14, 2017
2ad34db
Merge branch 'master' into secretstore_rpcs
svyatonik Apr 14, 2017
b3f19f7
fix after merge
svyatonik Apr 14, 2017
2a8017e
fixed typo
svyatonik Apr 14, 2017
4087dc5
secretstore_shadowDecrypt RPC
svyatonik Apr 14, 2017
cfb0523
enable secretstore RPCs by default
svyatonik Apr 14, 2017
13d493e
fixed test
svyatonik Apr 14, 2017
7a77d81
SecStore RPCs available without SecStore feature
svyatonik Apr 17, 2017
181ed14
fixed grumbles
svyatonik Apr 17, 2017
858c3a5
Merge branch 'master' into secretstore_rpcs
svyatonik Apr 28, 2017
f41bb48
lost files
svyatonik Apr 28, 2017
5887c83
added password argument to Parity RPCs
svyatonik May 2, 2017
211199d
update docs
May 3, 2017
805040b
remove enc/dec session on master node
svyatonik May 3, 2017
2e1cf63
Merge branch 'master' into secretstore_rpcs
svyatonik May 4, 2017
b9f6210
lost file
svyatonik May 4, 2017
f7eb6e5
Merge branch 'secretstore_rpcs' into secretstore_mastersessionremoval
svyatonik May 5, 2017
b191475
Merge branch 'master' into secretstore_mastersessionremoval
svyatonik May 10, 2017
52a95fc
pass weak instead of arc
svyatonik May 10, 2017
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
SecStore RPCs available without SecStore feature
svyatonik committed Apr 17, 2017
commit 7a77d8162a7c8690305a051b440425621335f535
3 changes: 1 addition & 2 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
@@ -94,7 +94,7 @@ evm-debug = ["ethcore/evm-debug"]
evm-debug-tests = ["ethcore/evm-debug-tests"]
slow-blocks = ["ethcore/slow-blocks"]
final = ["ethcore-util/final"]
secretstore = ["ethcore-secretstore", "parity-rpc/secretstore"]
secretstore = ["ethcore-secretstore"]

[[bin]]
path = "parity/main.rs"
4 changes: 1 addition & 3 deletions rpc/Cargo.toml
Original file line number Diff line number Diff line change
@@ -21,6 +21,7 @@ transient-hashmap = "0.4"
cid = "0.2.1"
multihash = "0.5"
rust-crypto = "0.2.36"
rand = "0.3"

jsonrpc-core = { git = "https://github.com/paritytech/jsonrpc.git", branch = "parity-1.7" }
jsonrpc-http-server = { git = "https://github.com/paritytech/jsonrpc.git", branch = "parity-1.7" }
@@ -50,8 +51,5 @@ stats = { path = "../util/stats" }

clippy = { version = "0.0.103", optional = true}

ethcore-secretstore = { path = "../secret_store", optional = true }

[features]
dev = ["clippy", "ethcore/dev", "ethcore-util/dev", "ethsync/dev"]
secretstore = ["ethcore-secretstore"]
4 changes: 1 addition & 3 deletions rpc/src/lib.rs
Original file line number Diff line number Diff line change
@@ -30,6 +30,7 @@ extern crate transient_hashmap;
extern crate cid;
extern crate multihash;
extern crate crypto as rust_crypto;
extern crate rand;

extern crate jsonrpc_core;
extern crate jsonrpc_http_server as http;
@@ -66,9 +67,6 @@ extern crate ethjson;
#[cfg(test)]
extern crate ethcore_devtools as devtools;

#[cfg(feature="secretstore")]
extern crate ethcore_secretstore;

pub extern crate jsonrpc_ws_server as ws;

mod metadata;
9 changes: 0 additions & 9 deletions rpc/src/v1/helpers/errors.rs
Original file line number Diff line number Diff line change
@@ -209,15 +209,6 @@ pub fn dapps_disabled() -> Error {
}
}

#[cfg(not(feature="secretstore"))]
pub fn secretstore_disabled() -> Error {
Error {
code: ErrorCode::ServerError(codes::UNSUPPORTED_REQUEST),
message: "Parity is built without secret store support. This API is not available.".into(),
data: None,
}
}

pub fn network_disabled() -> Error {
Error {
code: ErrorCode::ServerError(codes::UNSUPPORTED_REQUEST),
1 change: 1 addition & 0 deletions rpc/src/v1/helpers/mod.rs
Original file line number Diff line number Diff line change
@@ -25,6 +25,7 @@ pub mod light_fetch;
pub mod informant;
pub mod oneshot;
pub mod ipfs;
pub mod secretstore;

mod network_settings;
mod poll_manager;
Original file line number Diff line number Diff line change
@@ -16,11 +16,11 @@

use std::iter::repeat;
use rand::{Rng, OsRng};
use ethkey::{Public, Secret};
use ethcrypto;
use ethkey::{Public, Secret, math};
use crypto;
use util::Bytes;
use types::all::Error;
use key_server_cluster::decrypt_with_shadow_coefficients;
use jsonrpc_core::Error;
use v1::helpers::errors;

/// Encrypt document with distributely generated key.
pub fn encrypt_document(key: Bytes, document: Bytes) -> Result<Bytes, Error> {
@@ -31,7 +31,7 @@ pub fn encrypt_document(key: Bytes, document: Bytes) -> Result<Bytes, Error> {
let iv = initialization_vector();
let mut encrypted_document = Vec::with_capacity(document.len() + iv.len());
encrypted_document.extend(repeat(0).take(document.len()));
ethcrypto::aes::encrypt(&key, &iv, &document, &mut encrypted_document);
crypto::aes::encrypt(&key, &iv, &document, &mut encrypted_document);
encrypted_document.extend_from_slice(&iv);

Ok(encrypted_document)
@@ -42,7 +42,7 @@ pub fn decrypt_document(key: Bytes, mut encrypted_document: Bytes) -> Result<Byt
// initialization vector takes 16 bytes
let encrypted_document_len = encrypted_document.len();
if encrypted_document_len < 16 {
return Err(Error::Serde("invalid encrypted data".into()));
return Err(errors::invalid_params("encrypted_document", "invalid encrypted data"));
}

// make document key
@@ -52,7 +52,7 @@ pub fn decrypt_document(key: Bytes, mut encrypted_document: Bytes) -> Result<Byt
let iv = encrypted_document.split_off(encrypted_document_len - 16);
let mut document = Vec::with_capacity(encrypted_document_len - 16);
document.extend(repeat(0).take(encrypted_document_len - 16));
ethcrypto::aes::decrypt(&key, &iv, &encrypted_document, &mut document);
crypto::aes::decrypt(&key, &iv, &encrypted_document, &mut document);

Ok(document)
}
@@ -65,7 +65,7 @@ pub fn decrypt_document_with_shadow(decrypted_secret: Public, common_point: Publ
fn into_document_key(key: Bytes) -> Result<Bytes, Error> {
// key is a previously distributely generated Public
if key.len() != 64 {
return Err(Error::Serde("invalid public key length".into()));
return Err(errors::invalid_params("key", "invalid public key length"));
}

// use x coordinate of distributely generated point as encryption key
@@ -79,6 +79,20 @@ fn initialization_vector() -> [u8; 16] {
result
}

fn decrypt_with_shadow_coefficients(mut decrypted_shadow: Public, mut common_shadow_point: Public, shadow_coefficients: Vec<Secret>) -> Result<Public, Error> {
let mut shadow_coefficients_sum = shadow_coefficients[0].clone();
for shadow_coefficient in shadow_coefficients.iter().skip(1) {
shadow_coefficients_sum.add(shadow_coefficient)
.map_err(errors::encryption_error)?;
}

math::public_mul_secret(&mut common_shadow_point, &shadow_coefficients_sum)
.map_err(errors::encryption_error)?;
math::public_add(&mut decrypted_shadow, &common_shadow_point)
.map_err(errors::encryption_error)?;
Ok(decrypted_shadow)
}

#[cfg(test)]
mod tests {
use util::Bytes;
@@ -99,11 +113,12 @@ mod tests {

#[test]
fn encrypt_and_shadow_decrypt_document() {
let document: Bytes = vec![0xd, 0xe, 0xa, 0xd, 0xb, 0xe, 0xe, 0xf];
let encrypted_document = vec![0x2d, 0xde, 0xc1, 0xf9, 0x62, 0x29, 0xef, 0xa2, 0x91, 0x69, 0x88, 0xd8, 0xb2, 0xa8, 0x2a, 0x47, 0xef, 0x36, 0xf7, 0x1c];
let document: Bytes = "deadbeef".from_hex().unwrap();
let encrypted_document = "2ddec1f96229efa2916988d8b2a82a47ef36f71c".from_hex().unwrap();
let decrypted_secret = "843645726384530ffb0c52f175278143b5a93959af7864460f5a4fec9afd1450cfb8aef63dec90657f43f55b13e0a73c7524d4e9a13c051b4e5f1e53f39ecd91".parse().unwrap();
let common_point = "07230e34ebfe41337d3ed53b186b3861751f2401ee74b988bba55694e2a6f60c757677e194be2e53c3523cc8548694e636e6acb35c4e8fdc5e29d28679b9b2f3".parse().unwrap();
let shadows = vec!["46f542416216f66a7d7881f5a283d2a1ab7a87b381cbc5f29d0b093c7c89ee31".parse().unwrap()];
let decrypted_document = decrypt_document_with_shadow(decrypted_secret, common_point, shadows, encrypted_document).unwrap();
assert_eq!(decrypted_document, document);
}
}
51 changes: 4 additions & 47 deletions rpc/src/v1/impls/secretstore.rs
Original file line number Diff line number Diff line change
@@ -25,6 +25,7 @@ use ethcore::account_provider::AccountProvider;
use jsonrpc_core::Error;
use v1::helpers::errors;
use v1::helpers::accounts::unwrap_provider;
use v1::helpers::secretstore::{encrypt_document, decrypt_document, decrypt_document_with_shadow};
use v1::traits::SecretStore;
use v1::types::{H160, H512, Bytes};

@@ -63,12 +64,12 @@ impl SecretStoreClient {

impl SecretStore for SecretStoreClient {
fn encrypt(&self, address: H160, key: Bytes, data: Bytes) -> Result<Bytes, Error> {
encryption::encrypt_document(self.decrypt_key(address, key)?, data.0)
encrypt_document(self.decrypt_key(address, key)?, data.0)
.map(Into::into)
}

fn decrypt(&self, address: H160, key: Bytes, data: Bytes) -> Result<Bytes, Error> {
encryption::decrypt_document(self.decrypt_key(address, key)?, data.0)
decrypt_document(self.decrypt_key(address, key)?, data.0)
.map(Into::into)
}

@@ -78,51 +79,7 @@ impl SecretStore for SecretStoreClient {
shadows.push(self.decrypt_secret(address.clone(), decrypt_shadow)?);
}

encryption::decrypt_document_with_shadow(decrypted_secret.into(), common_point.into(), shadows, data.0)
decrypt_document_with_shadow(decrypted_secret.into(), common_point.into(), shadows, data.0)
.map(Into::into)
}
}

#[cfg(not(feature="secretstore"))]
mod encryption {
use ethkey::{Secret, Public};
use jsonrpc_core::Error;
use util::Bytes;
use v1::helpers::errors;

pub fn encrypt_document(_key: Vec<u8>, _document: Bytes) -> Result<Bytes, Error> {
Err(errors::secretstore_disabled())
}

pub fn decrypt_document(_key: Vec<u8>, _document: Bytes) -> Result<Bytes, Error> {
Err(errors::secretstore_disabled())
}

pub fn decrypt_document_with_shadow(_decrypted_secret: Public, _common_point: Public, _shadows: Vec<Secret>, _document: Bytes) -> Result<Bytes, Error> {
Err(errors::secretstore_disabled())
}
}

#[cfg(feature="secretstore")]
mod encryption {
use ethkey::{Secret, Public};
use jsonrpc_core::Error;
use ethcore_secretstore;
use util::Bytes;
use v1::helpers::errors;

pub fn encrypt_document(key: Vec<u8>, document: Bytes) -> Result<Bytes, Error> {
ethcore_secretstore::encrypt_document(key, document)
.map_err(|e| errors::encryption_error(e))
}

pub fn decrypt_document(key: Vec<u8>, document: Bytes) -> Result<Bytes, Error> {
ethcore_secretstore::decrypt_document(key, document)
.map_err(|e| errors::encryption_error(e))
}

pub fn decrypt_document_with_shadow(decrypted_secret: Public, common_point: Public, shadows: Vec<Secret>, document: Bytes) -> Result<Bytes, Error> {
ethcore_secretstore::decrypt_document_with_shadow(decrypted_secret, common_point, shadows, document)
.map_err(|e| errors::encryption_error(e))
}
}
1 change: 0 additions & 1 deletion rpc/src/v1/tests/mocked/mod.rs
Original file line number Diff line number Diff line change
@@ -25,7 +25,6 @@ mod parity_accounts;
mod parity_set;
mod personal;
mod rpc;
#[cfg(feature="secretstore")]
mod secretstore;
mod signer;
mod signing;
1 change: 0 additions & 1 deletion secret_store/Cargo.toml
Original file line number Diff line number Diff line change
@@ -14,7 +14,6 @@ byteorder = "1.0"
log = "0.3"
parking_lot = "0.4"
hyper = { version = "0.10", default-features = false }
rand = "0.3"
serde = "0.9"
serde_json = "0.9"
serde_derive = "0.9"
1 change: 1 addition & 0 deletions secret_store/src/key_server_cluster/math.rs
Original file line number Diff line number Diff line change
@@ -274,6 +274,7 @@ pub fn make_common_shadow_point(threshold: usize, mut common_point: Public) -> R
}
}

#[cfg(test)]
/// Decrypt shadow-encrypted secret.
pub fn decrypt_with_shadow_coefficients(mut decrypted_shadow: Public, mut common_shadow_point: Public, shadow_coefficients: Vec<Secret>) -> Result<Public, Error> {
let mut shadow_coefficients_sum = shadow_coefficients[0].clone();
1 change: 0 additions & 1 deletion secret_store/src/key_server_cluster/mod.rs
Original file line number Diff line number Diff line change
@@ -27,7 +27,6 @@ pub use super::serialization::{SerializableSignature, SerializableH256, Serializ
pub use self::cluster::{ClusterCore, ClusterConfiguration, ClusterClient};
pub use self::encryption_session::Session as EncryptionSession;
pub use self::decryption_session::Session as DecryptionSession;
pub use self::math::decrypt_with_shadow_coefficients;

#[cfg(test)]
pub use super::key_storage::tests::DummyKeyStorage;
3 changes: 0 additions & 3 deletions secret_store/src/lib.rs
Original file line number Diff line number Diff line change
@@ -22,7 +22,6 @@ extern crate futures;
extern crate futures_cpupool;
extern crate hyper;
extern crate parking_lot;
extern crate rand;
extern crate rustc_serialize;
extern crate serde;
extern crate serde_json;
@@ -57,12 +56,10 @@ mod http_listener;
mod key_server;
mod key_storage;
mod serialization;
mod encryption;

use std::sync::Arc;
use ethcore::client::Client;

pub use encryption::{encrypt_document, decrypt_document, decrypt_document_with_shadow};
pub use types::all::{DocumentAddress, DocumentKey, DocumentEncryptedKey, RequestSignature, Public,
Error, NodeAddress, ServiceConfiguration, ClusterConfiguration};
pub use traits::{KeyServer};