Skip to content
This repository was archived by the owner on Nov 15, 2023. It is now read-only.

Encryption support for the statement store#14440

Merged
paritytech-processbot[bot] merged 8 commits intomasterfrom
arkpar/ecies
Jul 17, 2023
Merged

Encryption support for the statement store#14440
paritytech-processbot[bot] merged 8 commits intomasterfrom
arkpar/ecies

Conversation

@arkpar
Copy link
Member

@arkpar arkpar commented Jun 22, 2023
edited
Loading

This implements simple encryption scheme that uses ed25519 key exchange and AEAD for the statement store. See https://github.com/paritytech/labs/issues/3 and #13893

cumulus companion: paritytech/cumulus#2876

@arkpar arkpar requested review from bkchr and cheme June 22, 2023 08:53
@arkpar arkpar added A0-please_review Pull request needs code review. B0-silent Changes should not be mentioned in any release notes C1-low PR touches the given topic and has a low impact on builders. labels Jun 22, 2023
@arkpar arkpar changed the title Added ECIES encryption Encryption support for the statement store Jun 22, 2023
@arkpar arkpar added the D5-nicetohaveaudit ⚠️ PR contains trivial changes to logic that should be properly reviewed. label Jun 22, 2023
cheme
cheme approved these changes Jun 22, 2023
View reviewed changes
client/keystore/src/local.rs Outdated
key_type: KeyTypeId,
public: &ed25519::Public,
f: &mut dyn FnMut(&ed25519::Pair),
) -> std::result::Result<bool, TraitError> {
Copy link
Contributor

@cheme cheme Jun 22, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I remember doing a similar function in a branch.

One possible issue is that this is maybe not appropriate for a future hardware keystore, so a specialized function may be more suitable, but at this point I don't know if it is worth doing (given this would mean putting eceis in keystore and I think it was a point that was not suitable from previous PR).

Since it is explicitely a Statement store key that would not be possible to run on HSM, it may not be such an issue.

client/statement-store/src/lib.rs Outdated
HexDisplay::from(&statement.hash())
),
},
) {
Copy link
Contributor

@cheme cheme Jun 22, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can have with_ed25519_key use a function that return an error as param, and potentially have posted clear report this in its list for results.

bkchr
bkchr reviewed Jun 25, 2023
View reviewed changes
client/keystore/src/local.rs Outdated
self.sign::<ed25519::Pair>(key_type, public, msg)
}

fn with_ed25519_key(
Copy link
Member

@bkchr bkchr Jun 25, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We already provide key_pair in the local key store. You can directly use this?

bin/node/cli/src/service.rs Outdated
&config.data_path,
Default::default(),
client.clone(),
keystore_container.keystore(),
Copy link
Member

@bkchr bkchr Jun 25, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
keystore_container.keystore(),
keystore_container.local_keystore(),

@arkpar arkpar requested a review from athei as a code owner July 3, 2023 12:38
@arkpar arkpar requested review from a team July 3, 2023 12:38
@arkpar arkpar requested a review from koute as a code owner July 3, 2023 12:38
@arkpar
Copy link
Member Author

arkpar commented Jul 3, 2023

@bkchr Changed to use local keystore.
There are some additional changes introduced with cargo +nightly fmt. They seem harmless.

bkchr
bkchr approved these changes Jul 7, 2023
View reviewed changes
Copy link
Member

@bkchr bkchr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No idea about the crypto, but looks good.

primitives/statement-store/src/ecies.rs Outdated
let hkdf = hkdf::Hkdf::<sha2::Sha256>::new(None, shared_secret);
let mut aes_key = [0u8; AES_KEY_LEN];
hkdf.expand(b"", &mut aes_key)
.expect("There's always enough data for derivation.");
Copy link
Member

@bkchr bkchr Jul 7, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

qed? :P

@arkpar arkpar mentioned this pull request Jul 16, 2023
Merged
@arkpar
Copy link
Member Author

arkpar commented Jul 17, 2023

bot merge

@paritytech-processbot paritytech-processbot bot merged commit 8463ca3 into master Jul 17, 2023
@paritytech-processbot paritytech-processbot bot deleted the arkpar/ecies branch July 17, 2023 18:41
nathanwhit pushed a commit to nathanwhit/substrate that referenced this pull request Jul 19, 2023
@arkpar @nathanwhit
Encryption support for the statement store (paritytech#14440)
30e8cfd 
* Added ECIES encryption

* tweaks

* fmt

* Make clippy happy

* Use local keystore

* qed
Ank4n pushed a commit that referenced this pull request Jul 22, 2023
@arkpar @Ank4n
Encryption support for the statement store (#14440)
eb9df47 
* Added ECIES encryption

* tweaks

* fmt

* Make clippy happy

* Use local keystore

* qed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@athei athei Awaiting requested review from athei

@koute koute Awaiting requested review from koute koute is a code owner

2 more reviewers

@cheme cheme cheme approved these changes

@bkchr bkchr bkchr approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

A0-please_review Pull request needs code review. B0-silent Changes should not be mentioned in any release notes C1-low PR touches the given topic and has a low impact on builders. D5-nicetohaveaudit ⚠️ PR contains trivial changes to logic that should be properly reviewed.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@arkpar @cheme @bkchr