Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Nitriding key sync support #364

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add Nitriding key sync support #364

wants to merge 3 commits into from

Conversation

DJAndries
Copy link
Collaborator

No description provided.

@DJAndries DJAndries requested a review from a team as a code owner July 19, 2024 23:09
github-actions[bot]
github-actions bot reviewed Jul 19, 2024
View reviewed changes
src/instance.rs
.instance_names
.iter()
.position(|name| name == instance_name)
.unwrap();
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon @bcaller

src/instance.rs
// Get base time for calculating curren epochs
let now = time::OffsetDateTime::now_utc()
.replace_millisecond(0)
.expect("failed to remove millisecond component from OffsetDateTime");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon @bcaller

src/instance.rs
for epoch in config.first_epoch..current_epoch {
server
.puncture(epoch)
.expect("Failed to puncture obsolete epoch");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon @bcaller

src/state.rs
if !self.is_leader.initialized() {
self.is_leader
.set(false)
.expect("failed to set leader status");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon @bcaller

src/state.rs
None => {
let new_instance =
OPRFInstance::new(&self.config, &instance_name, false)
.expect("Could not initialize PPOPRF state");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon @bcaller

src/state.rs

instance_guard
.as_mut()
.unwrap()
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon @bcaller

src/state.rs
if !self.is_leader.initialized() {
self.is_leader
.set(true)
.expect("failed to set leader status");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon @bcaller

src/state.rs
}
let mut private_keys = OPRFKeysRef::default();
for (instance_name, instance) in &mut server_guards {
let instance = instance.as_ref().unwrap();
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon @bcaller

claucece
claucece approved these changes Aug 27, 2024
View reviewed changes
Copy link
Member

@claucece claucece left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@github-actions GitHub Actions
Copy link

[puLL-Merge] - brave/star-randsrv@364

Description

This PR introduces significant changes to the STAR randomness webservice, primarily focusing on enabling key synchronization between leader and worker enclaves. The changes include modifications to the server structure, handling of PPOPRF instances, and the addition of new endpoints for key management. The PR also updates dependencies and improves error handling.

Possible Issues

  1. The new key synchronization feature might introduce potential race conditions or consistency issues if not properly managed across multiple instances.
  2. The changes to the epoch rotation logic could potentially affect the randomness guarantees if not implemented correctly.
  3. The new dependency on reqwest for HTTP requests to nitriding might introduce new failure modes that need to be handled carefully.

Security Hotspots

  1. Key Management: The new methods for setting and getting private keys (set_ppoprf_private_key and get_ppoprf_private_key) are critical security points. Ensure that these endpoints are properly secured and only accessible within the trusted enclave environment.

  2. Leader/Worker Designation: The logic for determining whether a server is a leader or worker (self.is_leader.set()) is a crucial security point. Ensure that this cannot be manipulated by an attacker to gain unauthorized access to key material.

  3. Key Synchronization: The process of sending private keys to nitriding (send_private_keys_to_nitriding) is a potential point of key material exposure. Ensure that this communication channel is properly secured.

Changes

Changes

  1. Cargo.toml and Cargo.lock:

    • Updated version to 0.3.0
    • Added new dependencies including reqwest and bincode

  2. README.md:

    • Added information about reproducible builds and Nitro Enclave image auditing

  3. src/handler.rs:

    • Modified to handle the new key synchronization features
    • Added new endpoints for setting and getting PPOPRF private keys

  4. src/instance.rs (new file):

    • Introduced OPRFInstance struct to manage OPRF instances

  5. src/main.rs:

    • Updated Config struct to include new options for key synchronization
    • Modified app function to conditionally add new routes for key management

  6. src/result.rs (new file):

    • Introduced custom Error type and Result alias

  7. src/state.rs:

    • Significant changes to OPRFServer struct and its methods to support key synchronization
    • Added methods for setting and getting private keys

  8. src/tests.rs:

    • Added new tests for enclave leader and worker scenarios
    • Modified existing tests to accommodate new functionality

  9. src/util.rs:

    • Added utility function for sending private keys to nitriding

These changes significantly alter the structure and behavior of the application, particularly in how it manages PPOPRF instances and synchronizes keys between leader and worker enclaves. The new functionality requires careful review to ensure it maintains the security and correctness guarantees of the original implementation.

github-actions[bot]
github-actions bot reviewed Aug 31, 2024
View reviewed changes
src/instance.rs
.instance_names
.iter()
.position(|name| name == instance_name)
.unwrap();
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon

src/instance.rs
// Get base time for calculating curren epochs
let now = time::OffsetDateTime::now_utc()
.replace_millisecond(0)
.expect("failed to remove millisecond component from OffsetDateTime");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon

src/instance.rs
for epoch in config.first_epoch..current_epoch {
server
.puncture(epoch)
.expect("Failed to puncture obsolete epoch");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon

src/state.rs
if !self.is_leader.initialized() {
self.is_leader
.set(false)
.expect("failed to set leader status");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon

src/state.rs
None => {
let new_instance =
OPRFInstance::new(&self.config, &instance_name, false)
.expect("Could not initialize PPOPRF state");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon

src/state.rs

instance_guard
.as_mut()
.unwrap()
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon

src/state.rs
if !self.is_leader.initialized() {
self.is_leader
.set(true)
.expect("failed to set leader status");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon

src/state.rs
}
let mut private_keys = OPRFKeysRef::default();
for (instance_name, instance) in &mut server_guards {
let instance = instance.as_ref().unwrap();
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@claucece claucece claucece approved these changes

Assignees

@thypon thypon

@bcaller bcaller

Labels
needs-security-review puLL-Merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@DJAndries @claucece @thypon @bcaller