added secrets for keys and sigs

warlock-labs · Nov 5, 2024 · 2bc426c · 2bc426c
1 parent 5bc4d2a
commit 2bc426c
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 23 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -41,6 +41,7 @@ num-traits = "0.2.19"
 sha3 = "0.11.0-pre.4"
 subtle = "2.6.1"
 tracing = "0.1.40"
+secrets = "1.2.0"
 
 [dev-dependencies]
 confy = "0.6.1"

diff --git a/examples/simple_xor_ecies.rs b/examples/simple_xor_ecies.rs
@@ -1,4 +1,5 @@
 use crypto_bigint::rand_core::OsRng;
+use secrets::SecretBox;
 use sha3::Keccak256;
 use sylow::{
     sign, verify, Expander, FieldExtensionTrait, Fp, Fr, G1Projective, G2Projective, GroupTrait,
@@ -32,22 +33,23 @@ impl ECIESParty {
         }
     }
 
-    pub fn get_public_key(&self) -> G2Projective {
-        self.key_pair.public_key
+    pub fn get_public_key(&self) -> SecretBox<G2Projective> {
+        self.key_pair.public_key.clone()
     }
 
     #[instrument(skip(self, recipient_public_key, message), fields(message_len = message.len()))]
     pub fn encrypt(
         &self,
-        recipient_public_key: &G2Projective,
+        recipient_public_key: &SecretBox<G2Projective>,
         message: &[u8],
-    ) -> Result<(G1Projective, Vec<u8>, G1Projective), ECIESError> {
+    ) -> Result<(SecretBox<G1Projective>, Vec<u8>, SecretBox<G1Projective>), ECIESError> {
         debug!("Generating ephemeral key pair");
-        let ephemeral_private_key = Fp::new(Fr::rand(&mut OsRng).value());
-        let ephemeral_public_key = G1Projective::generator() * ephemeral_private_key;
+        let ephemeral_private_key = SecretBox::new(|s| *s = Fp::new(Fr::rand(&mut OsRng).value()));
+        let ephemeral_public_key =
+            SecretBox::new(|s| *s = G1Projective::generator() * *ephemeral_private_key.borrow());
 
         debug!("Computing shared secret");
-        let shared_secret = *recipient_public_key * ephemeral_private_key;
+        let shared_secret = *recipient_public_key.borrow() * *ephemeral_private_key.borrow();
         let encryption_key = self.derive_key(&shared_secret)?;
 
         debug!("Encrypting message");
@@ -67,10 +69,10 @@ impl ECIESParty {
     #[instrument(skip(self, ephemeral_public_key, ciphertext, signature, sender_public_key), fields(ciphertext_len = ciphertext.len()))]
     pub fn decrypt(
         &self,
-        ephemeral_public_key: &G1Projective,
+        ephemeral_public_key: &SecretBox<G1Projective>,
         ciphertext: &[u8],
-        signature: &G1Projective,
-        sender_public_key: &G2Projective,
+        signature: &SecretBox<G1Projective>,
+        sender_public_key: &SecretBox<G2Projective>,
     ) -> Result<Vec<u8>, ECIESError> {
         debug!("Verifying signature");
         if !verify(sender_public_key, ciphertext, signature)
@@ -81,7 +83,7 @@ impl ECIESParty {
         }
 
         debug!("Computing shared secret");
-        let shared_secret = *ephemeral_public_key * self.key_pair.secret_key;
+        let shared_secret = *ephemeral_public_key.borrow() * *self.key_pair.secret_key.borrow();
         let decryption_key = self.derive_key(&shared_secret)?;
 
         debug!("Decrypting message");

diff --git a/src/fields/fp12.rs b/src/fields/fp12.rs
@@ -723,7 +723,7 @@ mod tests {
                 [5, 0, 0, 0],
                 [0, 6, 0, 0],
             ]);
-            let mut two = Fp12::one() + Fp12::one();
+            let two = Fp12::one() + Fp12::one();
             let [ell0, ell_vv, ell_vw] = two.0[0].0;
             // this is an element of the form, in the 2x 𝔽ₚ⁶ representation:
             // f = [[g0, g1, g2], [h0, h1, h2]] = [ [2, 0, 0], [0, 0, 0]] = g + hw,

diff --git a/src/lib.rs b/src/lib.rs
@@ -60,11 +60,12 @@
 //! For more detailed information, examples, and advanced usage, please refer to the
 //! [full documentation](https://docs.rs/sylow)
 //! and the [GitHub repository](https://github.com/warlock-labs/sylow).
-#![deny(unsafe_code, dead_code)]
+#![deny(dead_code)]
 mod fields;
 mod groups;
 mod hasher;
 mod pairing;
+mod secrets;
 mod svdw;
 pub(crate) mod utils;
 
@@ -82,6 +83,7 @@ pub use crate::hasher::{Expander, XMDExpander, XOFExpander};
 pub use crate::pairing::{
     glued_miller_loop, glued_pairing, pairing, G2PreComputed, MillerLoopResult,
 };
+use ::secrets::SecretBox;
 use crypto_bigint::rand_core::OsRng;
 use sha3::Keccak256;
 use subtle::ConstantTimeEq;
@@ -101,12 +103,11 @@ const SECURITY_BITS: u64 = 128;
 ///
 /// This struct contains both the secret key (a scalar in the 𝔽ₚ base field)
 /// and the corresponding public key (a point on the 𝔾₂ curve).
-#[derive(Debug, Copy, Clone)]
 pub struct KeyPair {
     /// The secret key, represented as a scalar in the base field
-    pub secret_key: Fp,
+    pub secret_key: SecretBox<Fp>,
     /// The public key, represented as a point on the 𝔾₂ curve
-    pub public_key: G2Projective,
+    pub public_key: SecretBox<G2Projective>,
 }
 
 impl KeyPair {
@@ -128,8 +129,10 @@ impl KeyPair {
     /// let key_pair = KeyPair::generate();
     /// ```
     pub fn generate() -> KeyPair {
-        let secret_key = Fp::new(Fr::rand(&mut OsRng).value());
-        let public_key = G2Projective::generator() * secret_key;
+        let secret_key = SecretBox::new(|s| *s = Fp::new(Fr::rand(&mut OsRng).value()));
+        let secret_key_clone = secret_key.clone();
+        let secret_key_ref = secret_key_clone.borrow();
+        let public_key = SecretBox::new(|s| *s = G2Projective::generator() * *secret_key_ref);
         KeyPair {
             secret_key,
             public_key,
@@ -176,12 +179,17 @@ impl KeyPair {
 ///     Err(e) => println!("Signing error: {:?}", e),
 /// }
 /// ```
-pub fn sign(k: &Fp, msg: &[u8]) -> Result<G1Projective, GroupError> {
+pub fn sign(k: &SecretBox<Fp>, msg: &[u8]) -> Result<SecretBox<G1Projective>, GroupError> {
     // Expand the message to a curve point using the DST and security bits
     let expander = XMDExpander::<Keccak256>::new(DST, SECURITY_BITS);
     // Hash the message to a curve point, returning the point in 𝔾₁ multiplied by the secret key or an error
     match G1Projective::hash_to_curve(&expander, msg) {
-        Ok(hashed_message) => Ok(hashed_message * *k),
+        Ok(hashed_message) => {
+            let signature = SecretBox::new(|sig| {
+                *sig = hashed_message * *k.borrow();
+            });
+            Ok(signature)
+        }
         _ => Err(GroupError::CannotHashToGroup),
     }
 }
@@ -220,15 +228,19 @@ pub fn sign(k: &Fp, msg: &[u8]) -> Result<G1Projective, GroupError> {
 ///     Err(e) => println!("Signing error: {:?}", e),
 /// }
 /// ```
-pub fn verify(pubkey: &G2Projective, msg: &[u8], sig: &G1Projective) -> Result<bool, GroupError> {
+pub fn verify(
+    pubkey: &SecretBox<G2Projective>,
+    msg: &[u8],
+    sig: &SecretBox<G1Projective>,
+) -> Result<bool, GroupError> {
     // Expand the message to a curve point using the DST and security bits
     let expander = XMDExpander::<Keccak256>::new(DST, SECURITY_BITS);
     // Assert that the message can be hashed to a curve point and the pairings compared,
     // returning a boolean or an error
     match G1Projective::hash_to_curve(&expander, msg) {
         Ok(hashed_message) => {
-            let lhs = pairing(sig, &G2Projective::generator());
-            let rhs = pairing(&hashed_message, pubkey);
+            let lhs = pairing(&*sig.borrow(), &G2Projective::generator());
+            let rhs = pairing(&hashed_message, &*pubkey.borrow());
             Ok(lhs.ct_eq(&rhs).into())
         }
         _ => Err(GroupError::CannotHashToGroup),