main/doxygen/sharing_8h_source.html

// Copyright (c) Microsoft Corporation. All rights reserved.

// Licensed under the Apache 2.0 License.

#pragma once


#include <cstddef>

#include <cstdint>

#include <span>


#define FMT_HEADER_ONLY

#include "ccf/crypto/hkdf.h"

#include "ccf/crypto/sha256.h"

#include "ds/serialized.h"

#include "openssl/crypto.h"


#include <fmt/format.h>


namespace ccf::crypto::sharing

{

  // We get (almost) 31 bits of entropy per limb, hence to get 256 bits of

  // entropy of derived key material, with 80 bits of safety margin,

  // ((256+80)/31) = 10 limbs.

  static constexpr size_t LIMBS = 10;

  static constexpr const char* key_label = "CCF Wrapping Key v1";


  struct Share

  {

    // Index in a re-share, 0 is a full key, and 1+ is a partial share

    uint32_t x = 0;

    uint32_t y[LIMBS] = {};

    constexpr static size_t serialised_size =

      sizeof(uint32_t) + sizeof(uint32_t) * LIMBS;


    Share() = default;

    bool operator==(const Share& other) const = default;


    ~Share()

    {

      OPENSSL_cleanse(y, sizeof(y));

    };


    [[nodiscard]] HashBytes key(size_t key_size) const

    {

      if (x != 0)

      {

        throw std::invalid_argument("Cannot derive a key from a partial share");

      }

      const std::span<const uint8_t> ikm(

        reinterpret_cast<const uint8_t*>(y), sizeof(y));

      const std::span<const uint8_t> label(

        reinterpret_cast<const uint8_t*>(y), sizeof(y));

      auto k = ccf::crypto::hkdf(

        ccf::crypto::MDType::SHA256, key_size, ikm, {}, label);

      return k;

    }


    void serialise(std::vector<uint8_t>& serialised) const

    {

      auto size = serialised_size;

      if (serialised.size() != size)

      {

        throw std::invalid_argument("Invalid serialised share size");

      }


      auto* data = serialised.data();

      serialized::write(data, size, x);

      // NOLINTNEXTLINE(modernize-loop-convert)

      for (size_t i = 0; i < LIMBS; ++i)

      {

        serialized::write(data, size, y[i]);

      }

    }


    Share(const std::span<uint8_t const>& serialised)

    {

      if (serialised.size() != serialised_size)

      {

        throw std::invalid_argument("Invalid serialised share size");

      }

      const auto* data = serialised.data();

      auto size = serialised.size();

      x = serialized::read<uint32_t>(data, size);

      // NOLINTNEXTLINE(modernize-loop-convert)

      for (size_t i = 0; i < LIMBS; ++i)

      {

        y[i] = serialized::read<uint32_t>(data, size);

      }

    }


    [[nodiscard]] std::string to_str() const

    {

      return fmt::format("x: {} y: {}", x, fmt::join(y, ", "));

    }


  };


  // Exposed for testing only

  using element = uint64_t;

  element ct_reduce(element x);


  void sample_secret_and_shares(

    Share& raw_secret, const std::span<Share>& shares, size_t threshold);


  void recover_unauthenticated_secret(

    Share& raw_secret, const std::span<Share const>& shares, size_t threshold);

}

hkdf.h

ccf::crypto::sharing
Definition sharing.cpp:10

ccf::crypto::sharing::element
uint64_t element
Definition sharing.cpp:20

ccf::crypto::sharing::ct_reduce
element ct_reduce(element x)
Definition sharing.cpp:37

ccf::crypto::sharing::sample_secret_and_shares
void sample_secret_and_shares(Share &raw_secret, const std::span< Share > &shares, size_t threshold)
Definition sharing.cpp:136

ccf::crypto::sharing::recover_unauthenticated_secret
void recover_unauthenticated_secret(Share &raw_secret, const std::span< Share const > &shares, size_t threshold)
Definition sharing.cpp:171

ccf::crypto::hkdf
std::vector< uint8_t > hkdf(MDType md_type, size_t length, const std::span< const uint8_t > &ikm, const std::span< const uint8_t > &salt={}, const std::span< const uint8_t > &info={})
Definition hash.cpp:51

ccf::crypto::MDType::SHA256
@ SHA256

ccf::crypto::HashBytes
std::vector< uint8_t > HashBytes
Definition hash_bytes.h:10

serialized::write
void write(uint8_t *&data, size_t &size, const T &v)
Definition serialized.h:105

serialized.h

sha256.h

ccf::crypto::sharing::Share
Definition sharing.h:26

ccf::crypto::sharing::Share::operator==
bool operator==(const Share &other) const =default

ccf::crypto::sharing::Share::serialised_size
static constexpr size_t serialised_size
Definition sharing.h:30

ccf::crypto::sharing::Share::key
HashBytes key(size_t key_size) const
Definition sharing.h:41

ccf::crypto::sharing::Share::Share
Share(const std::span< uint8_t const > &serialised)
Definition sharing.h:73

ccf::crypto::sharing::Share::y
uint32_t y[LIMBS]
Definition sharing.h:29

ccf::crypto::sharing::Share::serialise
void serialise(std::vector< uint8_t > &serialised) const
Definition sharing.h:56

ccf::crypto::sharing::Share::~Share
~Share()
Definition sharing.h:36

ccf::crypto::sharing::Share::Share
Share()=default

ccf::crypto::sharing::Share::to_str
std::string to_str() const
Definition sharing.h:89

ccf::crypto::sharing::Share::x
uint32_t x
Definition sharing.h:28