Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Perform serialization of KES and DSIGN sign keys in MLocked memory #276

Closed
wants to merge 28 commits into from
Closed

Perform serialization of KES and DSIGN sign keys in MLocked memory #276

wants to merge 28 commits into from

Conversation

tdammers
Copy link
Contributor

We will need this for a KES Agent: in order to send and receive keys over a secure network connection, we have to serialize and deserialize them. The serialized format is still just as confidential as the deserialized form, so we need to treat them with the same care, and that involves storing them in mlocked memory.

We also need to make sure no intermediate values ever reach unprotected memory, so we cannot use the usual Haskell serialization primitives, as these may store intermediates on the Haskell heap. At the same time, mlocked memory is a scarce resource, and we don't want to allocate excessive amounts of it, so in the case of staged KES algorithms (SumKES / CompactSumKES), we cannot create a new temporary variable for each sub-key at each stage - ideally, we want to allocate a single block of mlocked memory for the final key, and perform all operations on it, in-place.

Hence, we use the following approach:

  • We extend the MLockedSizedBytes API with a function mlsbMemcpy, which, just like the memcpy C function, takes two pointers (MLockedSizedBytes) and a length, and copies this many bytes from one MLockedSizedBytes to the other. However, this function has two additional offset parameters, which allow us to address memory locations within the MLockedSizedBytes, and, unlike memcpy, we add bounds checking to prevent buffer overruns.
  • The DSIGNM and KESSignAlgorithm classes expose two methods for serializing and deserializing their SignKeys; these methods accept a target MLockedSizedBytes value that they write to, and an offset into it. This is a slightly awkward signature for user code, but it allows us to delegate the serialization of sub-keys recursively.
  • To deal with the awkwardness, then, we provide a pair of convenience wrappers that have more palatable signatures (SignKey -> IO MLockedSizedBytes for serialization, and MLockedSizedBytes -> IO (Maybe SignKey) for deserialization). These can't be used for recursive ser/deser of composite keys, but they are perfect for user code.

tdammers and others added 28 commits April 7, 2022 11:42
@tdammers
KES secure forgetting
1618f77
@tdammers
C code for memory-pooled mlocked allocations
b834de0
@tdammers
Make mlocked_pool thread-safe
738dddc
@tdammers
Bugfixes
b60c9e6 
WIP - trace debugging statements still left in
@tdammers
Test for _SC_PAGESIZE before use
2773b70
@tdammers
Change default page size to 4 kiB
ff74007
@tdammers
Fix atexit()
b23b8e6
@tdammers
Rewrite KES and DSIGNM tests
778cffd
@tdammers
WIP fix KES & DSIGN tests
3821f7f
@tdammers
Fix MockKES (genKeyKES must be strict)
1143579
@tdammers
Remove reference to debugging subproject
f2818b1
@tdammers
Fix DSIGN tests
3de9354
@tdammers
Fix SimpleKES tests
b3d222b
@tdammers
Silence trace-debugging in mlocked pool allocator
ec25617
@tdammers
Add documentation to mlocked-pool.c
5aa14c5
@tdammers
Lift KES key sizes to the type level
112aa7b
@tdammers
Remove incorrect unsafePerformIO usage on mlocked memory
cbb0561
@tdammers
Change KES and DSIGN APIs to serialize SK to MLSB
9942068
@tdammers
Make tests work again
8ed4977
@tdammers
Fix memory-example build errors
def77b6
@tdammers
Direct MLSB I/O to/from FD's
73b8449
@tdammers
Test sending MLocked serialized keys through a pipe
d99c2c4
@tdammers
Make it work with bytestring <0.10.12.0
68eacbe
@lehins @tdammers
Add ability to supply an offset when packing bytes for hashes
543e08b
@lehins @tdammers
Switch to faster and non-partial decodeLatin1 from decodeUtf8.
dd4e584 
Converting to hex prior to decoding ensures correct symbol range.
@lehins @tdammers
Remove strictness from conversion to packed bytes. Otherwise there ar…
c793916 
…e unintentional consequences downstream
@nc6 @tdammers
Add unsafeLinearExtendEpochInfo.
8a67195 
This commit adds a function which can extend an `EpochInfo` linearly
given a starting point. This is needed to put in place a patch for a bug
that arose in the Alonzo era, where the `EpochInfo` was too generous in
translating slots.

In order to support this, this adds an additional function
`epochInfoSlotLength`, which returns the 'SlotLength' for the given
slot.
@lehins @tdammers
Disable VRF10 until the audit is complete
b162c30
@iquerejeta
Copy link
Collaborator

closing in favour of #255 and #317

@iquerejeta iquerejeta closed this Oct 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lehins lehins Awaiting requested review from lehins lehins will be requested when the pull request is marked ready for review lehins is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tdammers @iquerejeta @lehins @nc6