Safe memory storage #1997
Merged
Safe memory storage #1997
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
turuslan
reviewed
Mar 6, 2024
Comment on lines
+1
to
+9
| /** | ||
| * Copyright Quadrivium LLC | ||
| * All Rights Reserved | ||
| * SPDX-License-Identifier: Apache-2.0 | ||
| */ | ||
|
|
||
| #include "crypto/common.hpp" | ||
|
|
||
| namespace kagome::crypto {} |
|
|
||
| namespace kagome::crypto::bip39 { | ||
| namespace constants { | ||
| constexpr size_t BIP39_SEED_LEN_512 = 64u; | ||
| } // namespace constants | ||
|
|
||
| using Bip39Seed = common::Buffer; | ||
| struct Bip39Tag; | ||
| using Bip39Seed = PrivateKey<constants::BIP39_SEED_LEN_512, Bip39Tag>; |
There was a problem hiding this comment.
Revert, Bip39Seed is variable size.
https://github.com/paritytech/polkadot-sdk/blob/8f8297e9debe79139e3a41be8b54a5fcd603f783/substrate/primitives/core/src/crypto.rs#L966-L991
from_string_with_seed() { if let Some(hex) { Self::Seed::fromHex(hex) } }
| @@ -71,7 +70,7 @@ namespace kagome::crypto { | |||
| * Create a seed from its bytes | |||
| */ | |||
| virtual outcome::result<Seed> toSeed( | |||
| common::BufferView bytes) const noexcept = 0; | |||
| SecureCleanGuard<uint8_t> bytes) const noexcept = 0; | |||
There was a problem hiding this comment.
Revert to (span) (or )?(const SecureCleanGuard &)
There was a problem hiding this comment.
Why? I want to make the user to clean up the memory used to iniitalize the seed.
turuslan
reviewed
Mar 7, 2024
Comment on lines
+67
to
+68
| template <std::output_iterator<uint8_t> Iter> | ||
| outcome::result<void> unhex_to(std::string_view hex, Iter out) { |
There was a problem hiding this comment.
out is vector or array or span
Suggested change
| template <std::output_iterator<uint8_t> Iter> | |
| outcome::result<void> unhex_to(std::string_view hex, Iter out) { | |
| template <typename T> | |
| outcome::result<void> unhex_to(std::string_view hex, T &out) { | |
| if constexpr (requires { out.resize(); }) { | |
| out.resize(hex.size() / 2); | |
| } else if (hex.size() != out.size() * 2) { | |
| return ERROR; | |
| } |
turuslan
reviewed
Mar 8, 2024
Comment on lines
+65
to
+66
| .secret_key = crypto::Ed25519PrivateKey::from( | ||
| crypto::SecureCleanGuard(private_key_bytes)), |
There was a problem hiding this comment.
Suggested change
| .secret_key = crypto::Ed25519PrivateKey::from( | |
| crypto::SecureCleanGuard(private_key_bytes)), | |
| .secret_key = fromSpan<crypto::Ed25519PrivateKey>(libp2p_key.privateKey.data).value(), |
Comment on lines
+163
to
+167
| template <size_t Offset, size_t Length> | ||
| BufferView view() const { | ||
| return std::span(*this).template subspan<Offset, Length>(); | ||
| } | ||
|
|
There was a problem hiding this comment.
- Don't add
Buffermember function. - Use
std::span{}.subspan<_, _>()directly. - Must check size.
- May make free function for any
span.
Suggested change
| template <size_t Offset, size_t Length> | |
| BufferView view() const { | |
| return std::span(*this).template subspan<Offset, Length>(); | |
| } |
core/crypto/bip39/mnemonic.cpp
Outdated
Comment on lines
97
to
102
| if (seed.size() != HEX_SEED_STR_LENGTH) { | ||
| return bip39::MnemonicError::INVALID_SEED_LENGTH; | ||
| } | ||
| SecureBuffer<> bytes(HEX_SEED_BIT_LENGTH, 0); | ||
| OUTCOME_TRY(common::unhexWith0x(seed, bytes.begin())); | ||
| OUTCOME_TRY(seed, Bip39Seed::from(std::move(bytes))); |
There was a problem hiding this comment.
If Mnemonic.seed is Bip39Seed, and Bip39Seed is not vector but byte[64]
Suggested change
| if (seed.size() != HEX_SEED_STR_LENGTH) { | |
| return bip39::MnemonicError::INVALID_SEED_LENGTH; | |
| } | |
| SecureBuffer<> bytes(HEX_SEED_BIT_LENGTH, 0); | |
| OUTCOME_TRY(common::unhexWith0x(seed, bytes.begin())); | |
| OUTCOME_TRY(seed, Bip39Seed::from(std::move(bytes))); | |
| Bip39Seed seed; | |
| // ed25519/sr25519/ecdsa/bandersnatch seeds are 32 bytes | |
| OUTCOME_TRY(common::unhexWith0x(seed, std::span{seed}.first(32)); | |
| mnemonic.seed = std::move(seed); |
| @@ -29,12 +30,12 @@ namespace kagome::crypto::bip39 { | |||
| struct Mnemonic { | |||
| using Words = std::vector<std::string>; | |||
|
|
|||
| boost::variant<common::Buffer, Words> seed; | |||
| std::variant<Words, Bip39Seed> seed; | |||
There was a problem hiding this comment.
It's not Bip39Seed (byte[64]).
May rename to entropy.
Must be variant<Words, vector> or variant<Words, byte[32]> (because current crypto types use 32 bytes seed).
iceseer
approved these changes
Mar 12, 2024
turuslan
approved these changes
Mar 13, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Referenced issues
resolves https://github.com/qdrvm/KAGOME-audit/issues/29
Description of the Change
Storage for private keys and seeds is allocated in secure OpenSSL heap.
Benefits
Possible Drawbacks
Usage Examples or Tests
Alternate Designs