Merge pull request #2240 from madadam/protect-secret-key-share

madadam · web-flow · commit 7f8a059698e3 · 2020-12-02T12:24:10.000+01:00
Do not expose BLS secret key share
diff --git a/src/error.rs b/src/error.rs
@@ -37,8 +37,8 @@ pub enum Error {
     UntrustedMessage,
     #[error(display = "A signature share is invalid.")]
     InvalidSignatureShare,
-    #[error(display = "An Elder DKG result is invalid.")]
-    InvalidElderDkgResult,
+    #[error(display = "The secret key share is missing.")]
+    MissingSecretKeyShare,
     #[error(display = "Failed to send a message.")]
     FailedSend,
     #[error(display = "Invalid vote.")]
diff --git a/src/routing/mod.rs b/src/routing/mod.rs
@@ -148,17 +148,17 @@ impl Routing {
         self.stage.state.lock().await.node().age
     }
 
-    /// Returns the `PublicKey` of this node.
+    /// Returns the ed25519 public key of this node.
     pub async fn public_key(&self) -> PublicKey {
         self.stage.state.lock().await.node().keypair.public
     }
 
-    /// Sign any data with the key of this node.
+    /// Signs any data with the ed25519 key of this node.
     pub async fn sign(&self, data: &[u8]) -> Signature {
         self.stage.state.lock().await.node().keypair.sign(data)
     }
 
-    /// Verify any signed data with the key of this node.
+    /// Verifies `signature` on `data` with the ed25519 public key of this node.
     pub async fn verify(&self, data: &[u8], signature: &Signature) -> bool {
         self.stage
             .state
@@ -291,45 +291,45 @@ impl Routing {
         self.stage.clone().handle_commands(command).await
     }
 
-    /// Returns the current BLS public key set or `Error::InvalidState` if we are not joined
-    /// yet.
+    /// Returns the current BLS public key set if this node has one, or
+    /// `Error::MissingSecretKeyShare` otherwise.
     pub async fn public_key_set(&self) -> Result<bls::PublicKeySet> {
         self.stage
             .state
             .lock()
             .await
             .section_key_share()
             .map(|share| share.public_key_set.clone())
-            .ok_or(Error::InvalidState)
+            .ok_or(Error::MissingSecretKeyShare)
     }
 
-    /// Returns the current BLS secret key share or `Error::InvalidState` if we are not
-    /// elder.
-    pub async fn secret_key_share(&self) -> Result<bls::SecretKeyShare> {
+    /// Signs `data` with the BLS secret key share of this node, if it has any. Returns
+    // `Error::MissingSecretKeyShare` otherwise.
+    pub async fn sign_with_secret_key_share(&self, data: &[u8]) -> Result<bls::SignatureShare> {
         self.stage
             .state
             .lock()
             .await
             .section_key_share()
-            .map(|share| share.secret_key_share.clone())
-            .ok_or(Error::InvalidState)
+            .map(|share| share.secret_key_share.sign(data))
+            .ok_or(Error::MissingSecretKeyShare)
     }
 
-    /// Returns our section proof chain, or `None` if we are not joined yet.
+    /// Returns our section proof chain.
     pub async fn our_history(&self) -> SectionProofChain {
         self.stage.state.lock().await.section().chain().clone()
     }
 
-    /// Returns our index in the current BLS group or `Error::InvalidState` if section key was
-    /// not generated yet.
+    /// Returns our index in the current BLS group if this node is a member of one, or
+    /// `Error::MissingSecretKeyShare` otherwise.
     pub async fn our_index(&self) -> Result<usize> {
         self.stage
             .state
             .lock()
             .await
             .section_key_share()
             .map(|share| share.index)
-            .ok_or(Error::InvalidState)
+            .ok_or(Error::MissingSecretKeyShare)
     }
 }
 
diff --git a/src/section/section_keys.rs b/src/section/section_keys.rs
@@ -12,7 +12,7 @@ use bls_dkg::key_gen::outcome::Outcome;
 use xor_name::XorName;
 
 /// All the key material needed to sign or combine signature for our section key.
-#[derive(Clone, Debug)]
+#[derive(Debug)]
 pub struct SectionKeyShare {
     /// Public key set to verify threshold signatures and combine shares.
     pub public_key_set: bls::PublicKeySet,
@@ -40,7 +40,7 @@ impl SectionKeysProvider {
     }
 
     pub fn key_share(&self) -> Result<&SectionKeyShare> {
-        self.current.as_ref().ok_or(Error::InvalidElderDkgResult)
+        self.current.as_ref().ok_or(Error::MissingSecretKeyShare)
     }
 
     pub fn insert_dkg_outcome(

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ use bls_dkg::key_gen::outcome::Outcome;`
`12`	`12`	`use xor_name::XorName;`
`13`	`13`
`14`	`14`	`/// All the key material needed to sign or combine signature for our section key.`
`15`		`-#[derive(Clone, Debug)]`
	`15`	`+#[derive(Debug)]`
`16`	`16`	`pub struct SectionKeyShare {`
`17`	`17`	`/// Public key set to verify threshold signatures and combine shares.`
`18`	`18`	`pub public_key_set: bls::PublicKeySet,`
`@@ -40,7 +40,7 @@ impl SectionKeysProvider {`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`pub fn key_share(&self) -> Result<&SectionKeyShare> {`
`43`		`- self.current.as_ref().ok_or(Error::InvalidElderDkgResult)`
	`43`	`+ self.current.as_ref().ok_or(Error::MissingSecretKeyShare)`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`pub fn insert_dkg_outcome(`