5.x/doxygen/secret__share_8h_source.html

// Copyright (c) Microsoft Corporation. All rights reserved.

// Licensed under the Apache 2.0 License.

#pragma once


#include "ccf/crypto/entropy.h"


#include <array>

#define FMT_HEADER_ONLY

#include <fmt/format.h>

#include <iostream>

#include <openssl/crypto.h>

#include <optional>

#include <vector>


extern "C"

{


  int randombytes(void* buf, size_t n)

  {

    ccf::crypto::EntropyPtr entropy = ccf::crypto::get_entropy();

    entropy->random((unsigned char*)buf, n);

    return 0;

  }


#include <sss/sss.h>

}


namespace ccf

{

  // The SecretSharing class provides static functions to split a secret into

  // shares and (re-)combine those shares into the original secret.

  // The size of the secret to share is fixed (SECRET_TO_SPLIT_LENGTH, 64

  // bytes). It is up to the caller to either shrink the secret if it is too

  // long. If the secret to split is shorter than SECRET_TO_SPLIT_LENGTH bytes,

  // the caller should ignore the extra bytes.


  class SecretSharing

  {

  public:

    static constexpr size_t SECRET_TO_SPLIT_LENGTH = sss_MLEN;

    static constexpr size_t SHARE_LENGTH = sss_SHARE_LEN;

    static constexpr size_t MAX_NUMBER_SHARES = 255; // As per sss documentation


    using Share = std::array<uint8_t, SHARE_LENGTH>;

    using SplitSecret = std::array<uint8_t, SECRET_TO_SPLIT_LENGTH>;


    static std::vector<Share> split(

      const SplitSecret& secret_to_split, size_t n, size_t k)

    {

      if (n == 0 || n > MAX_NUMBER_SHARES)

      {

        throw std::logic_error(fmt::format(

          "Share creation failed: n ({}) not in 1-{} range",

          n,

          MAX_NUMBER_SHARES));

      }


      if (k == 0 || k > n)

      {

        throw std::logic_error(fmt::format(

          "Share creation failed: k not in 1-n range (k: {}, n: {})", k, n));

      }


      std::vector<Share> shares(n);


      sss_create_shares(

        reinterpret_cast<sss_Share*>(shares.data()),

        secret_to_split.data(),

        n,

        k);


      return shares;

    }


    static SplitSecret combine(std::vector<Share>& shares, size_t k)

    {

      if (k == 0 || k > shares.size())

      {

        throw std::logic_error(fmt::format(

          "Share combination failed: k not in 1-n range (k: {}, n: {})",

          k,

          shares.size()));

      }


      SplitSecret restored_secret;


      if (

        sss_combine_shares(

          restored_secret.data(), (sss_Share*)shares.data(), k) != 0)

      {

        throw std::logic_error(fmt::format(

          "Share combination failed: {} shares may be corrupted", k));

      }


      for (auto& s : shares)

      {

        OPENSSL_cleanse(s.data(), s.size());

      }


      return restored_secret;

    }


  };


}

ccf::SecretSharing
Definition secret_share.h:37

ccf::SecretSharing::Share
std::array< uint8_t, SHARE_LENGTH > Share
Definition secret_share.h:43

ccf::SecretSharing::split
static std::vector< Share > split(const SplitSecret &secret_to_split, size_t n, size_t k)
Definition secret_share.h:46

ccf::SecretSharing::combine
static SplitSecret combine(std::vector< Share > &shares, size_t k)
Definition secret_share.h:74

ccf::SecretSharing::MAX_NUMBER_SHARES
static constexpr size_t MAX_NUMBER_SHARES
Definition secret_share.h:41

ccf::SecretSharing::SECRET_TO_SPLIT_LENGTH
static constexpr size_t SECRET_TO_SPLIT_LENGTH
Definition secret_share.h:39

ccf::SecretSharing::SHARE_LENGTH
static constexpr size_t SHARE_LENGTH
Definition secret_share.h:40

ccf::SecretSharing::SplitSecret
std::array< uint8_t, SECRET_TO_SPLIT_LENGTH > SplitSecret
Definition secret_share.h:44

entropy.h

ccf::crypto::get_entropy
EntropyPtr get_entropy()
Definition entropy.cpp:10

ccf::crypto::EntropyPtr
std::shared_ptr< Entropy > EntropyPtr
Definition entropy.h:303

ccf
Definition app_interface.h:15

randombytes
int randombytes(void *buf, size_t n)
SSS assumes that there is a function of this prototype.
Definition secret_share.h:18