oasis-core icon indicating copy to clipboard operation
oasis-core copied to clipboard

Published 20 hours ago verified publisher icon oasisprotocol

Add support for ephemeral keys in key manager

Open peternose opened this issue 3 years ago • 2 comments

Add API methods like the following:

  • get_ephemeral_key(epoch, key_pair_id)
  • get_public_ephemeral_key(epoch, key_pair_id)

Those would derive special ephemeral X25519 key pairs separate from the other runtime keys and where the epoch number is used as part of the derivation, but would only derive them if the epoch was not too far back in the past based on consensus layer state as seen by the key manager. Initially the epoch check may rely on untrusted consensus state provided by the key manager host node.

peternose avatar Aug 11 '22 15:08 peternose

Codecov Report

Merging #4888 (d80f77d) into master (7fa7883) will decrease coverage by 0.26%. The diff coverage is 100.00%.

:exclamation: Current head d80f77d differs from pull request most recent head 4102e8e. Consider uploading reports for the commit 4102e8e to get more accurate results

@@            Coverage Diff             @@
##           master    #4888      +/-   ##
==========================================
- Coverage   66.60%   66.34%   -0.27%     
==========================================
  Files         464      464              
  Lines       50977    50977              
==========================================
- Hits        33954    33820     -134     
- Misses      12833    12955     +122     
- Partials     4190     4202      +12
Impacted Files Coverage Δ
go/worker/keymanager/worker.go 65.31% <100.00%> (+0.21%) :arrow_up:
go/worker/keymanager/status.go 0.00% <0.00%> (-82.61%) :arrow_down:
go/worker/keymanager/api/api.go 0.00% <0.00%> (-32.44%) :arrow_down:
go/consensus/tendermint/apps/staking/auth.go 62.96% <0.00%> (-14.82%) :arrow_down:
go/registry/api/grpc.go 38.66% <0.00%> (-6.40%) :arrow_down:
go/beacon/api/grpc.go 21.71% <0.00%> (-6.29%) :arrow_down:
go/consensus/tendermint/abci/prune.go 76.78% <0.00%> (-6.25%) :arrow_down:
go/worker/common/p2p/dispatch.go 71.52% <0.00%> (-5.56%) :arrow_down:
go/storage/api/metrics.go 76.66% <0.00%> (-5.00%) :arrow_down:
.../worker/compute/executor/committee/transactions.go 84.09% <0.00%> (-4.55%) :arrow_down:
... and 34 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

codecov[bot] avatar Aug 13 '22 02:08 codecov[bot]

Given that #4806 has been merged, please rebase on master.

kostko avatar Aug 19 '22 07:08 kostko

Should we generate test vectors for the KDF so we don't inadvertently break it? (Since it's deterministic this should be possible)

Yawning avatar Aug 25 '22 08:08 Yawning

Yeah that's a good idea. They should probably be added as Rust unit tests for the KDF.

kostko avatar Aug 25 '22 08:08 kostko