5.x/doxygen/sharing_8h_source.html

// Copyright (c) Microsoft Corporation. All rights reserved.

// Licensed under the Apache 2.0 License.

#pragma once


#include <cstddef>

#include <cstdint>

#include <span>


#define FMT_HEADER_ONLY

#include "ccf/crypto/hkdf.h"

#include "ccf/crypto/sha256.h"

#include "ds/serialized.h"

#include "openssl/crypto.h"


#include <fmt/format.h>


namespace ccf::crypto

{

  namespace sharing

  {

    // We get (almost) 31 bits of entropy per limb, hence to get 256 bits of

    // entropy of derived key material, with 80 bits of safety margin,

    // ((256+80)/31) = 10 limbs.

    static constexpr size_t LIMBS = 10;

    static constexpr const char* key_label = "CCF Wrapping Key v1";


    struct Share

    {

      // Index in a re-share, 0 is a full key, and 1+ is a partial share

      uint32_t x = 0;

      uint32_t y[LIMBS];

      constexpr static size_t serialised_size =

        sizeof(uint32_t) + sizeof(uint32_t) * LIMBS;


      Share() = default;

      bool operator==(const Share& other) const = default;


      ~Share()

      {

        OPENSSL_cleanse(y, sizeof(y));

      };


      HashBytes key(size_t key_size) const

      {

        if (x != 0)

        {

          throw std::invalid_argument(

            "Cannot derive a key from a partial share");

        }

        const std::span<const uint8_t> ikm(

          reinterpret_cast<const uint8_t*>(y), sizeof(y));

        const std::span<const uint8_t> label(

          reinterpret_cast<const uint8_t*>(y), sizeof(y));

        auto k = ccf::crypto::hkdf(

          ccf::crypto::MDType::SHA256, key_size, ikm, {}, label);

        return k;

      }


      std::vector<uint8_t> serialise() const

      {

        auto size = serialised_size;

        std::vector<uint8_t> serialised(size);

        auto data = serialised.data();

        serialized::write(data, size, x);

        for (size_t i = 0; i < LIMBS; ++i)

        {

          serialized::write(data, size, y[i]);

        }

        return serialised;

      }


      Share(const std::span<uint8_t const>& serialised)

      {

        if (serialised.size() != serialised_size)

        {

          throw std::invalid_argument("Invalid serialised share size");

        }

        auto data = serialised.data();

        auto size = serialised.size();

        x = serialized::read<uint32_t>(data, size);

        for (size_t i = 0; i < LIMBS; ++i)

        {

          y[i] = serialized::read<uint32_t>(data, size);

        }

      }


      std::string to_str() const

      {

        return fmt::format("x: {} y: {}", x, fmt::join(y, ", "));

      }


    };


    // Exposed for testing only

    using element = uint64_t;

    element ct_reduce(element x);


    void sample_secret_and_shares(

      Share& raw_secret, const std::span<Share>& shares, size_t threshold);


    void recover_unauthenticated_secret(

      Share& raw_secret,

      const std::span<Share const>& shares,

      size_t threshold);

  }

}

hkdf.h

ccf::crypto::sharing::element
uint64_t element
Definition sharing.cpp:22

ccf::crypto::sharing::ct_reduce
element ct_reduce(element x)
Definition sharing.cpp:37

ccf::crypto::sharing::sample_secret_and_shares
void sample_secret_and_shares(Share &raw_secret, const std::span< Share > &shares, size_t threshold)
Definition sharing.cpp:130

ccf::crypto::sharing::recover_unauthenticated_secret
void recover_unauthenticated_secret(Share &raw_secret, const std::span< Share const > &shares, size_t threshold)
Definition sharing.cpp:165

ccf::crypto
Definition base64.h:9

ccf::crypto::hkdf
std::vector< uint8_t > hkdf(MDType md_type, size_t length, const std::span< const uint8_t > &ikm, const std::span< const uint8_t > &salt={}, const std::span< const uint8_t > &info={})
Definition hash.cpp:51

ccf::crypto::HashBytes
std::vector< uint8_t > HashBytes
Definition hash_bytes.h:10

ccf::crypto::MDType::SHA256
@ SHA256

serialized::write
void write(uint8_t *&data, size_t &size, const T &v)
Definition serialized.h:106

serialized.h

sha256.h

ccf::crypto::sharing::Share
Definition sharing.h:28

ccf::crypto::sharing::Share::operator==
bool operator==(const Share &other) const =default

ccf::crypto::sharing::Share::serialised_size
static constexpr size_t serialised_size
Definition sharing.h:32

ccf::crypto::sharing::Share::key
HashBytes key(size_t key_size) const
Definition sharing.h:43

ccf::crypto::sharing::Share::Share
Share(const std::span< uint8_t const > &serialised)
Definition sharing.h:72

ccf::crypto::sharing::Share::y
uint32_t y[LIMBS]
Definition sharing.h:31

ccf::crypto::sharing::Share::~Share
~Share()
Definition sharing.h:38

ccf::crypto::sharing::Share::Share
Share()=default

ccf::crypto::sharing::Share::to_str
std::string to_str() const
Definition sharing.h:87

ccf::crypto::sharing::Share::x
uint32_t x
Definition sharing.h:30

ccf::crypto::sharing::Share::serialise
std::vector< uint8_t > serialise() const
Definition sharing.h:59