Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[refactor] #3240: Guard against secrets leakage #4457

Merged
merged 1 commit into from
Apr 18, 2024
Merged

[refactor] #3240: Guard against secrets leakage #4457

merged 1 commit into from
Apr 18, 2024

Conversation

dima74
Copy link
Contributor

@dima74 dima74 commented Apr 17, 2024

Description

  • Added Secret to PrivateKey. Access to inner PrivateKeyInner now requires import of ExposeSecret trait via expose_secret method
  • Display, Debug and Serialize implementations for PrivateKey now returns "[REDACTED]"
  • Added ExposedPrivateKey wrapper which can be formatted and serialized as usual
  • Note that I don't used secrecy crate because it requires to implement Zeroize trait, but inner key struct (ed25519_dalek::SigningKey) implement only ZeroizeOnDrop, and not Zeroize. So I used modified version of Secret which requires ZeroizeOnDrop instead of Zeroize. This potentially could be controversal, so any suggestions are welcome

Linked issue

Closes #3240

Checklist

  • I've read CONTRIBUTING.md
  • I've used the standard signed-off commit format (or will squash just before merging)
  • All applicable CI checks pass (or I promised to make them pass later)
  • (optional) I've written unit tests for the code changes
  • I replied to all comments after code review, marking all implemented changes with thumbs up

@github-actions github-actions bot added the Refactor Improvement to overall code quality label Apr 17, 2024
Erigara
Erigara reviewed Apr 17, 2024
View reviewed changes
cli/src/lib.rs Outdated Show resolved Hide resolved
config/tests/fixtures.rs Show resolved Hide resolved
@dima74 dima74 force-pushed the guard-private-key branch from ae088ba to 4328892 Compare April 17, 2024 12:52
DCNick3
DCNick3 reviewed Apr 17, 2024
View reviewed changes
cli/src/lib.rs Outdated Show resolved Hide resolved
cli/src/lib.rs Show resolved Hide resolved
crypto/src/lib.rs Outdated Show resolved Hide resolved
@dima74 dima74 force-pushed the guard-private-key branch from 4328892 to 23b0ed9 Compare April 17, 2024 13:57
@mversic mversic force-pushed the guard-private-key branch from 23b0ed9 to b7f3aa3 Compare April 17, 2024 16:50
@github-actions github-actions bot added the iroha2-dev The re-implementation of a BFT hyperledger in RUST label Apr 17, 2024
@mversic
Copy link
Contributor

mversic commented Apr 17, 2024
edited
Loading

I was thinking that this change won't affect iroha_crypto crate. IMO This should be an external functionality and not integrated into iroha_crypto, the change should be in iroha_config mostly

@dima74
Copy link
Contributor Author

dima74 commented Apr 18, 2024

To summarize today discussion:

  • Current implementation:
    • Add Secret inside PrivateKey
    • Disadvantages: new public struct ExposedPrivateKey in iroha_crypto crate
  • Alternative implementation:
    • Add secret to usages of PrivateKey in other crates, such as iroha_config
    • Disadvantages: easy to forget to add Secret in case new PrivateKey field added to some struct in future

The plan is to merge current implementation as-is if no new concerns arise

@mversic mversic force-pushed the guard-private-key branch from b7f3aa3 to 9082e5f Compare April 18, 2024 13:29
@mversic mversic force-pushed the guard-private-key branch from 9082e5f to 082fb49 Compare April 18, 2024 14:33
@dima74 dima74 merged commit d3f21bb into hyperledger-iroha:main Apr 18, 2024
10 of 12 checks passed
@dima74 dima74 deleted the guard-private-key branch April 19, 2024 08:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Erigara Erigara Erigara approved these changes

@DCNick3 DCNick3 DCNick3 approved these changes

@s8sato s8sato Awaiting requested review from s8sato s8sato is a code owner

@mversic mversic Awaiting requested review from mversic mversic is a code owner

@SamHSmith SamHSmith Awaiting requested review from SamHSmith

@outoftardis outoftardis Awaiting requested review from outoftardis outoftardis is a code owner

@0x009922 0x009922 Awaiting requested review from 0x009922 0x009922 is a code owner

@VAmuzing VAmuzing Awaiting requested review from VAmuzing

@Asem-Abdelhady Asem-Abdelhady Awaiting requested review from Asem-Abdelhady

Assignees

@dima74 dima74

@DCNick3 DCNick3

@Erigara Erigara

Labels
iroha2-dev The re-implementation of a BFT hyperledger in RUST Refactor Improvement to overall code quality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Guard against secrets leakage
4 participants
@dima74 @mversic @DCNick3 @Erigara