-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
runtime-sdk: Add confidential store #639
Conversation
Codecov Report
@@ Coverage Diff @@
## main #639 +/- ##
==========================================
- Coverage 72.20% 71.48% -0.72%
==========================================
Files 111 112 +1
Lines 8214 8421 +207
==========================================
+ Hits 5931 6020 +89
- Misses 2260 2378 +118
Partials 23 23
Continue to review full report at Codecov.
|
ffd510e
to
5d6c7d1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would also be great to have some benchmarks (using cargo bench
) to show overhead compared to plain store.
5d6c7d1
to
b765818
Compare
b765818
to
b22998f
Compare
0afa0c2
to
eace426
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be nicer if the key manager was a trait and the mocked version would be completely separate.
@@ -1,4 +1,5 @@ | |||
//! Oasis runtime SDK. | |||
#![feature(test)] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this needed?
eace426
to
a3e9f23
Compare
6b7a0ce
to
b207472
Compare
ede1609
to
e05bd03
Compare
c91a20b
to
597717b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, some minor comments.
Can you also add unit tests where the underlying storage is corrupted to make sure that the right thing happens. E.g. store something using the confidential store and then corrupt it and try to perform a get.
Also could you add a unit test for the iterator?
61696bf
to
485fdec
Compare
|
||
/// Create a contract instance store. | ||
/// | ||
/// Confidential stores are only available in transaction contexts. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What happens outside a transaction context?
485fdec
to
c6a82e8
Compare
let actual_key = Zeroizing::new(key); | ||
|
||
// Derive a nonce key for nonces used to encrypt storage keys in the store: | ||
// nonce_key = KDF(key) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, HMAC as a KDF isn't amazing, but it's probably ok? This is only used for nonce derivation right?
(nonce, key) | ||
} | ||
|
||
fn make_value(&mut self, plain_value: &[u8]) -> (Nonce, Vec<u8>) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems kind of overkill to mask "the code accessed the same key", but I can't think of a nice way to handle this off the top of my head.
c6a82e8
to
6801b89
Compare
Closes #333