Skip to content

Commit

Permalink
Add constant for length of Share.
Browse files Browse the repository at this point in the history 
All of the `{ KEY_LEN + 1 }` was a bit much,
  • Loading branch information
@flihp
flihp committed Oct 10, 2024
1 parent 409fe64 commit 144f859
Showing 1 changed file with 16 additions and 15 deletions.
31 changes: 16 additions & 15 deletions src/hsm.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ const DOMAIN: Domain = Domain::all();
const ID: Id = 0x1;
const SEED_LEN: usize = 32;
const KEY_LEN: usize = 32;
const SHARE_LEN: usize = KEY_LEN + 1;
const LABEL: &str = "backup";

const SHARES: usize = 5;
Expand Down Expand Up @@ -229,7 +230,7 @@ impl Hsm {
Scalar,
ProjectivePoint,
ChaCha20Rng,
{ KEY_LEN + 1 },
SHARE_LEN,
>(*nzs.as_ref(), None, &mut rng)
.map_err(|e| HsmError::SplitKeyFailed { e })?;

Expand Down Expand Up @@ -424,7 +425,7 @@ impl Hsm {
info!("Restoring HSM from backup");
info!("Restoring backup / wrap key from shares");
// vector used to collect shares
let mut shares: Vec<Share<{ KEY_LEN + 1 }>> = Vec::new();
let mut shares: Vec<Share<SHARE_LEN>> = Vec::new();

// deserialize verifier:
// verifier was serialized to output/verifier.json in the provisioning ceremony
Expand All @@ -434,7 +435,7 @@ impl Hsm {
let verifier: FeldmanVerifier<
Scalar,
ProjectivePoint,
{ KEY_LEN + 1 },
SHARE_LEN,
> = serde_json::from_str(&verifier)?;

// get enough shares to recover backup key
Expand Down Expand Up @@ -499,7 +500,7 @@ impl Hsm {
};

// construct a Share from the decoded hex string
let share: Share<{ KEY_LEN + 1 }> =
let share: Share<SHARE_LEN> =
match Share::try_from(&share_vec[..]) {
Ok(share) => share,
Err(_) => {
Expand Down Expand Up @@ -536,7 +537,7 @@ impl Hsm {

let scalar = Feldman::<THRESHOLD, SHARES>::combine_shares::<
Scalar,
{ KEY_LEN + 1 },
SHARE_LEN,
>(&shares)
.map_err(|e| HsmError::CombineKeyFailed { e })?;

Expand Down Expand Up @@ -936,7 +937,7 @@ mod tests {
secret
}

fn deserialize_share(share: &str) -> Result<Share<{ KEY_LEN + 1 }>> {
fn deserialize_share(share: &str) -> Result<Share<SHARE_LEN>> {
// filter out whitespace to keep hex::decode happy
let share: String =
share.chars().filter(|c| !c.is_whitespace()).collect();
Expand All @@ -960,7 +961,7 @@ mod tests {
Scalar,
ProjectivePoint,
ThreadRng,
{ KEY_LEN + 1 },
SHARE_LEN,
>(*nzs.as_ref(), None, &mut rng)
.map_err(|e| anyhow::anyhow!("failed to split secret: {}", e))?;

Expand All @@ -970,7 +971,7 @@ mod tests {

let scalar = Feldman::<THRESHOLD, SHARES>::combine_shares::<
Scalar,
{ KEY_LEN + 1 },
SHARE_LEN,
>(&shares)
.map_err(|e| anyhow::anyhow!("failed to combine secret: {}", e))?;

Expand All @@ -989,7 +990,7 @@ mod tests {
let verifier: FeldmanVerifier<
Scalar,
ProjectivePoint,
{ KEY_LEN + 1 },
SHARE_LEN,
> = serde_json::from_str(VERIFIER)
.context("Failed to deserialize FeldmanVerifier from JSON.")?;

Expand All @@ -1006,12 +1007,12 @@ mod tests {
let verifier: FeldmanVerifier<
Scalar,
ProjectivePoint,
{ KEY_LEN + 1 },
SHARE_LEN,
> = serde_json::from_str(VERIFIER)
.context("Failed to deserialize FeldmanVerifier from JSON.")?;

let share: Share<{ KEY_LEN + 1 }> =
Share::try_from([0u8; KEY_LEN + 1].as_ref())
let share: Share<SHARE_LEN> =
Share::try_from([0u8; SHARE_LEN].as_ref())
.context("Failed to create Share from static array.")?;

assert!(!verifier.verify(&share));
Expand All @@ -1026,7 +1027,7 @@ mod tests {
let verifier: FeldmanVerifier<
Scalar,
ProjectivePoint,
{ KEY_LEN + 1 },
SHARE_LEN,
> = serde_json::from_str(VERIFIER)
.context("Failed to deserialize FeldmanVerifier from JSON.")?;

Expand All @@ -1047,14 +1048,14 @@ mod tests {

#[test]
fn recover_secret() -> Result<()> {
let mut shares: Vec<Share<{ KEY_LEN + 1 }>> = Vec::new();
let mut shares: Vec<Share<SHARE_LEN>> = Vec::new();
for share in SHARE_ARRAY {
shares.push(deserialize_share(share)?);
}

let scalar = Feldman::<THRESHOLD, SHARES>::combine_shares::<
Scalar,
{ KEY_LEN + 1 },
SHARE_LEN,
>(&shares)
.map_err(|e| anyhow::anyhow!("failed to combine secret: {}", e))?;

Expand Down

0 comments on commit 144f859

Please sign in to comment.