New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
keymanager: Add forward-secrecy to ephemeral keys #5158
keymanager: Add forward-secrecy to ephemeral keys #5158
Conversation
ef71046
to
e7f6b5a
Compare
Codecov Report
@@ Coverage Diff @@
## master #5158 +/- ##
==========================================
- Coverage 61.41% 61.40% -0.02%
==========================================
Files 511 512 +1
Lines 53463 53980 +517
==========================================
+ Hits 32836 33146 +310
- Misses 16448 16603 +155
- Partials 4179 4231 +52
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should probably amend the key manager node status (as exposed via e.g. control status
) to include the status of ephemeral secret replication so that node operators can easily confirm whether the key manager node is fully operational.
go/consensus/tendermint/apps/keymanager/state/interop/interop.go
Outdated
Show resolved
Hide resolved
f5cf32e
to
13f602f
Compare
cdcbd4b
to
44fcba1
Compare
Renamed MasterSecret so that it can be used for ephemeral secrets also. Refactored kdf so that keys can be derived from an arbitrary secret.
Moved init_kdf function to methods.rs. Refactored key manager methods so that context is the first parameter.
The RPC client retries RPC calls if they fail. This was also true if the peer list was empty, introducing additional latencies.
44fcba1
to
b3254c1
Compare
e612b99
to
dec4a75
Compare
Deriving ephemeral keys from the key manager's master secret did not guarantee forward secrecy. In order to fulfill this requirement, we needed ephemeral secrets that are randomly generated on every epoch and distributed securely amongst enclave executors.
dec4a75
to
badd3c9
Compare
Task
See ADR21 for details. Changes:
TODO: Discuss/solve upgrade procedure.
Tests
No need to introduce a new feature as the new key manager node will silently ignore errors when sending new RPC requests to an outdated enclave.