Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Snapshot migration v3age 2.0 #474

Merged
merged 66 commits into from
May 24, 2023
Merged

Snapshot migration v3age 2.0 #474

merged 66 commits into from
May 24, 2023

Conversation

semenov-vladyslav
Copy link

Description of change

This PR fixes a number of issues in stronghold including insecure snapshot encryption format is replaced with password-based age-encryption.org/v1 format, secrets leaked into stack/heap memory are now zeroized after use.

Links to any relevant issues

Be sure to reference any related issues by adding fixes issue #.

Type of change

  • Bug fix (a non-breaking change which fixes an issue)
  • Enhancement (a non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

How the change has been tested

Tests now take longer due to secure password-based key derivation which should take approx 1 second on a modern computer. To alleviate it in tests set work_factor parameter to 1 in snapshot encryption routines.

Change checklist

Add an x to the boxes that are relevant to your changes, and delete any items that are not.

  • I have followed the contribution guidelines for this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

semenov-vladyslav and others added 30 commits May 4, 2023 12:03
@semenov-vladyslav
snapshot migration: v2->v3 (age)
3e0a9d5
@semenov-vladyslav
cargo: update crypto.rs dependency
826ed65
@semenov-vladyslav
snapshot tests: updated test vectors
a84d56d
@thibault-martinez @semenov-vladyslav
Derive Display for Error
f107ee5
@thibault-martinez @semenov-vladyslav
Fix warnings
27eeca9
@semenov-vladyslav
snapshot: fail on associated data
49d2ba9
@semenov-vladyslav
snapshot error
24d0954
@semenov-vladyslav
snapshot: v2 + wallet + identity + refactor
690e765
@semenov-vladyslav
snapshot: v2 generalize value ctor + CryptoError
d66c688
@semenov-vladyslav
snapshot: v2 factor out wallet/identity
9cc6d4c
@thibault-martinez @semenov-vladyslav
Split into module files
cda735c
@thibault-martinez @semenov-vladyslav
Visibility and warnings
ca19aa5
@thibault-martinez @semenov-vladyslav
publicly export error
0bbe822
@thibault-martinez @semenov-vladyslav
Fmt
a9999f6
@thibault-martinez @semenov-vladyslav
Bump crypto.rs
47aebf4
@semenov-vladyslav
snapshot age: update to crypto-0.16
d9f0842
@semenov-vladyslav
snapshot age: 0 work_factor for strong keys
ebaf39c
@thibault-martinez @semenov-vladyslav
Remove redundant mod
743a17b
@thibault-martinez @semenov-vladyslav
Clippy
bbe980a
@thibault-martinez @semenov-vladyslav
Add missing license headers
88254fe
@semenov-vladyslav
refactor + security comments
2da9ed2
@semenov-vladyslav
bump crypto-0.17.0
a8b39d7
@semenov-vladyslav
snapshot errors
d03f7ba
@semenov-vladyslav
runtime: xor_mut
fe19796
@semenov-vladyslav
keyprovider: ctors cleanup
82d6c10
@semenov-vladyslav
zeroizing
7c8c5a8
@semenov-vladyslav
Zeroizing
7a6e580
@semenov-vladyslav
more Zeroizing
aa09fb4
@semenov-vladyslav
deprecate NCM::refresh
cf9d9ee
@semenov-vladyslav
age release work factor
bf08302
DaughterOfMars
DaughterOfMars reviewed May 23, 2023
View reviewed changes
engine/runtime/src/memories/noncontiguous_memory.rs Outdated
let (data1, data2) = self.get_shards_data()?;
let data1 = &blake2b::Blake2b256::digest(data1);
let reconstructed_data = xor(data1, &data2, NC_DATA_SIZE);
let (r, mut m) = self.get_shards_data()?;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

more descriptive variables?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We've discussed this. See #474 (comment). Do you have suggestions?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, because I don't know what this code does (because the variables aren't descriptive)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we're just not gonna change this?

DaughterOfMars
DaughterOfMars reviewed May 23, 2023
View reviewed changes
client/src/procedures/primitives.rs
.try_into()
.map_err(|_| FatalProcedureError::from("bad slip10 extended secret key size".to_owned()))?;
slip10::ExtendedSecretKey::try_from_extended_bytes(self.curve, ext_bytes)
.and_then(|parent| parent.derive(&self.chain))
match self.curve {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be too much to add a generic key type to the Slip10Derive rather than have Curve?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, actually. First, hazmat traits are inaccessible because hazmat module is private. Second, it's common for stronghold to have runtime types (see KeyType and AeadCipher enums, GenerateKey and PublicKey procedures). We can make hazmat module public in iota-crypto-0.20.1, but it would be difficult to completely fix stronghold.

DaughterOfMars
DaughterOfMars approved these changes May 24, 2023
View reviewed changes
Copy link
Collaborator

@DaughterOfMars DaughterOfMars left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Much better, thank you.

@thibault-martinez thibault-martinez merged commit 1e72f00 into 2.0 May 24, 2023
@thibault-martinez thibault-martinez deleted the snapshot-migration-v3age-2.0 branch May 24, 2023 16:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PhilippGackstatter PhilippGackstatter PhilippGackstatter approved these changes

@Thoralf-M Thoralf-M Thoralf-M left review comments

@thibault-martinez thibault-martinez thibault-martinez approved these changes

@DaughterOfMars DaughterOfMars DaughterOfMars approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@semenov-vladyslav @thibault-martinez @DaughterOfMars @PhilippGackstatter @Thoralf-M