Skip to content

Commit

Permalink
Ensure zeroization
Browse files Browse the repository at this point in the history
  • Loading branch information
@ryardley
ryardley committed Dec 2, 2024
1 parent a622315 commit bcc4bc7
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 2 deletions.
1 change: 1 addition & 0 deletions packages/ciphernode/Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions packages/ciphernode/net/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,4 @@ tracing-subscriber = { workspace = true, features = ["env-filter"] }
enclave-core = { path = "../core" }
anyhow = { workspace = true }
actix = { workspace = true }
zeroize = { workspace = true }
7 changes: 5 additions & 2 deletions packages/ciphernode/net/src/network_manager.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
use std::sync::Arc;
use std::{collections::HashSet, error::Error};

use crate::NetworkPeer;
/// Actor for connecting to an libp2p client via it's mpsc channel interface
/// This Actor should be responsible for
Expand All @@ -13,6 +12,7 @@ use enclave_core::{EnclaveEvent, EventBus, EventId, Subscribe};
use libp2p::identity::ed25519;
use tokio::sync::mpsc::{Receiver, Sender};
use tracing::{error, info, instrument, trace};
use zeroize::Zeroize;

/// NetworkManager Actor converts between EventBus events and Libp2p events forwarding them to a
/// NetworkPeer for propagation over the p2p network
Expand Down Expand Up @@ -75,7 +75,7 @@ impl NetworkManager {
repository: Repository<Vec<u8>>,
) -> Result<(Addr<Self>, tokio::task::JoinHandle<Result<()>>, String)> {
info!("Reading from repository");
let bytes = if let Some(bytes) = repository.read().await? {
let mut bytes = if let Some(bytes) = repository.read().await? {
let decrypted = cipher.decrypt_data(&bytes)?;
info!("Found keypair in repository");
decrypted
Expand All @@ -85,17 +85,20 @@ impl NetworkManager {
let innerkp = kp.try_into_ed25519()?;
let bytes = innerkp.to_bytes().to_vec();

// We need to clone here so that returned bytes are not zeroized
repository.write(&cipher.encrypt_data(&mut bytes.clone())?);
info!("Saved new keypair to repository");
bytes
};

// We need to clone here to ensure bytes are not zeroized locally as this leads to a test failure.
let ed25519_keypair = ed25519::Keypair::try_from_bytes(&mut bytes.clone())?;
let keypair: libp2p::identity::Keypair = ed25519_keypair.try_into()?;
let mut peer = NetworkPeer::new(&keypair, peers, None, "tmp-enclave-gossip-topic")?;
let rx = peer.rx().ok_or(anyhow!("Peer rx already taken"))?;
let p2p_addr = NetworkManager::setup(bus, peer.tx(), rx);
let handle = tokio::spawn(async move { Ok(peer.start().await?) });
bytes.zeroize();
Ok((p2p_addr, handle, keypair.public().to_peer_id().to_string()))
}
}
Expand Down

0 comments on commit bcc4bc7

Please sign in to comment.