From 144f859b340d07117bb7fc29d3ab244065419e3e Mon Sep 17 00:00:00 2001 From: Philip Tricca Date: Wed, 9 Oct 2024 17:20:07 -0700 Subject: [PATCH] Add constant for length of Share. All of the `{ KEY_LEN + 1 }` was a bit much, --- src/hsm.rs | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/src/hsm.rs b/src/hsm.rs index ae1cdaa..67df3f2 100644 --- a/src/hsm.rs +++ b/src/hsm.rs @@ -39,6 +39,7 @@ const DOMAIN: Domain = Domain::all(); const ID: Id = 0x1; const SEED_LEN: usize = 32; const KEY_LEN: usize = 32; +const SHARE_LEN: usize = KEY_LEN + 1; const LABEL: &str = "backup"; const SHARES: usize = 5; @@ -229,7 +230,7 @@ impl Hsm { Scalar, ProjectivePoint, ChaCha20Rng, - { KEY_LEN + 1 }, + SHARE_LEN, >(*nzs.as_ref(), None, &mut rng) .map_err(|e| HsmError::SplitKeyFailed { e })?; @@ -424,7 +425,7 @@ impl Hsm { info!("Restoring HSM from backup"); info!("Restoring backup / wrap key from shares"); // vector used to collect shares - let mut shares: Vec> = Vec::new(); + let mut shares: Vec> = Vec::new(); // deserialize verifier: // verifier was serialized to output/verifier.json in the provisioning ceremony @@ -434,7 +435,7 @@ impl Hsm { let verifier: FeldmanVerifier< Scalar, ProjectivePoint, - { KEY_LEN + 1 }, + SHARE_LEN, > = serde_json::from_str(&verifier)?; // get enough shares to recover backup key @@ -499,7 +500,7 @@ impl Hsm { }; // construct a Share from the decoded hex string - let share: Share<{ KEY_LEN + 1 }> = + let share: Share = match Share::try_from(&share_vec[..]) { Ok(share) => share, Err(_) => { @@ -536,7 +537,7 @@ impl Hsm { let scalar = Feldman::::combine_shares::< Scalar, - { KEY_LEN + 1 }, + SHARE_LEN, >(&shares) .map_err(|e| HsmError::CombineKeyFailed { e })?; @@ -936,7 +937,7 @@ mod tests { secret } - fn deserialize_share(share: &str) -> Result> { + fn deserialize_share(share: &str) -> Result> { // filter out whitespace to keep hex::decode happy let share: String = share.chars().filter(|c| !c.is_whitespace()).collect(); @@ -960,7 +961,7 @@ mod tests { Scalar, ProjectivePoint, ThreadRng, - { KEY_LEN + 1 }, + SHARE_LEN, >(*nzs.as_ref(), None, &mut rng) .map_err(|e| anyhow::anyhow!("failed to split secret: {}", e))?; @@ -970,7 +971,7 @@ mod tests { let scalar = Feldman::::combine_shares::< Scalar, - { KEY_LEN + 1 }, + SHARE_LEN, >(&shares) .map_err(|e| anyhow::anyhow!("failed to combine secret: {}", e))?; @@ -989,7 +990,7 @@ mod tests { let verifier: FeldmanVerifier< Scalar, ProjectivePoint, - { KEY_LEN + 1 }, + SHARE_LEN, > = serde_json::from_str(VERIFIER) .context("Failed to deserialize FeldmanVerifier from JSON.")?; @@ -1006,12 +1007,12 @@ mod tests { let verifier: FeldmanVerifier< Scalar, ProjectivePoint, - { KEY_LEN + 1 }, + SHARE_LEN, > = serde_json::from_str(VERIFIER) .context("Failed to deserialize FeldmanVerifier from JSON.")?; - let share: Share<{ KEY_LEN + 1 }> = - Share::try_from([0u8; KEY_LEN + 1].as_ref()) + let share: Share = + Share::try_from([0u8; SHARE_LEN].as_ref()) .context("Failed to create Share from static array.")?; assert!(!verifier.verify(&share)); @@ -1026,7 +1027,7 @@ mod tests { let verifier: FeldmanVerifier< Scalar, ProjectivePoint, - { KEY_LEN + 1 }, + SHARE_LEN, > = serde_json::from_str(VERIFIER) .context("Failed to deserialize FeldmanVerifier from JSON.")?; @@ -1047,14 +1048,14 @@ mod tests { #[test] fn recover_secret() -> Result<()> { - let mut shares: Vec> = Vec::new(); + let mut shares: Vec> = Vec::new(); for share in SHARE_ARRAY { shares.push(deserialize_share(share)?); } let scalar = Feldman::::combine_shares::< Scalar, - { KEY_LEN + 1 }, + SHARE_LEN, >(&shares) .map_err(|e| anyhow::anyhow!("failed to combine secret: {}", e))?;