Skip to content

Commit ac8ae88

Browse files
tnulltnull
committed
Supply store_key as aad for StorableBuilder
Previously, we the `vss-client` didn't allow to set `ChaCha20Poly1305RFC`'s `aad` field, which had the `tag` not commit to any particular key. This would allow a malicious VSS provider to substitute blobs stored under a different key without the client noticing. Here, we now set the `aad` field to the key under which the `Storable` will be stored, ensuring that the retrieved data was originally stored under the key we expected.
1 parent fe33579 commit ac8ae88

File tree

1 file changed

+12
-10
lines changed

1 file changed

+12
-10
lines changed

src/io/vss_store.rs

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ pub struct VssStore {
4343
client: VssClient<CustomRetryPolicy>,
4444
store_id: String,
4545
runtime: Arc<Runtime>,
46-
storable_builder: StorableBuilder<RandEntropySource>,
46+
data_encryption_key: [u8; 32],
4747
key_obfuscator: KeyObfuscator,
4848
}
4949

@@ -55,7 +55,6 @@ impl VssStore {
5555
let (data_encryption_key, obfuscation_master_key) =
5656
derive_data_encryption_and_obfuscation_keys(&vss_seed);
5757
let key_obfuscator = KeyObfuscator::new(obfuscation_master_key);
58-
let storable_builder = StorableBuilder::new(data_encryption_key, RandEntropySource);
5958
let retry_policy = ExponentialBackoffRetryPolicy::new(Duration::from_millis(10))
6059
.with_max_attempts(10)
6160
.with_max_total_delay(Duration::from_secs(15))
@@ -70,7 +69,7 @@ impl VssStore {
7069
}) as _);
7170

7271
let client = VssClient::new_with_headers(base_url, retry_policy, header_provider);
73-
Self { client, store_id, runtime, storable_builder, key_obfuscator }
72+
Self { client, store_id, runtime, data_encryption_key, key_obfuscator }
7473
}
7574

7675
fn build_key(
@@ -132,10 +131,9 @@ impl KVStore for VssStore {
132131
&self, primary_namespace: &str, secondary_namespace: &str, key: &str,
133132
) -> io::Result<Vec<u8>> {
134133
check_namespace_key_validity(primary_namespace, secondary_namespace, Some(key), "read")?;
135-
let request = GetObjectRequest {
136-
store_id: self.store_id.clone(),
137-
key: self.build_key(primary_namespace, secondary_namespace, key)?,
138-
};
134+
135+
let store_key = self.build_key(primary_namespace, secondary_namespace, key)?;
136+
let request = GetObjectRequest { store_id: self.store_id.clone(), key: store_key.clone() };
139137
let resp = self.runtime.block_on(self.client.get_object(&request)).map_err(|e| {
140138
let msg = format!(
141139
"Failed to read from key {}/{}/{}: {}",
@@ -156,20 +154,24 @@ impl KVStore for VssStore {
156154
Error::new(ErrorKind::Other, msg)
157155
})?;
158156

159-
Ok(self.storable_builder.deconstruct(storable)?.0)
157+
let storable_builder = StorableBuilder::new(self.data_encryption_key, RandEntropySource);
158+
let decrypted = storable_builder.deconstruct(storable, store_key.as_bytes())?.0;
159+
Ok(decrypted)
160160
}
161161

162162
fn write(
163163
&self, primary_namespace: &str, secondary_namespace: &str, key: &str, buf: &[u8],
164164
) -> io::Result<()> {
165165
check_namespace_key_validity(primary_namespace, secondary_namespace, Some(key), "write")?;
166+
let store_key = self.build_key(primary_namespace, secondary_namespace, key)?;
166167
let version = -1;
167-
let storable = self.storable_builder.build(buf.to_vec(), version);
168+
let storable_builder = StorableBuilder::new(self.data_encryption_key, RandEntropySource);
169+
let storable = storable_builder.build(buf.to_vec(), version, store_key.as_bytes());
168170
let request = PutObjectRequest {
169171
store_id: self.store_id.clone(),
170172
global_version: None,
171173
transaction_items: vec![KeyValue {
172-
key: self.build_key(primary_namespace, secondary_namespace, key)?,
174+
key: store_key,
173175
version,
174176
value: storable.encode_to_vec(),
175177
}],

0 commit comments

Comments
 (0)