Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: slightly improve security for secret keys #1367

Merged
merged 1 commit into from
Aug 29, 2023
Merged

refactor: slightly improve security for secret keys #1367

merged 1 commit into from
Aug 29, 2023

Conversation

yangby-cryptape
Copy link
Collaborator

What this PR does / why we need it?

  • Keep a human-readable string of a private key is very dangerous.

  • Do not copy private keys again and again.

  • If the memory of a private key is not zeroized after the key dropped, it could be read from other threads and other processes.

    Also, that piece of memory could be read by programs started after axon stopped.

  • Remove unnecessary unwrap() and structs conversions.

    +---------------+
|  Secret Key   |
| (Hex String)  |    +----------------------------------------------------------------+
+---------------+    |                                                                |
       |             |             This PR deleted these useless conversions.         |
       v             |                                                                |
+---------------+    |     +---------------+      +--------+      +--------+          |
|  Secret Key   |  Clone   |  Secret Key   |----->| Secret |----->| Public |          |
|    (Bytes)    |--------->|    (Bytes)    |      |   Key  |      |   Key  |          |
+---------------+    |     +---------------+      +--------+      +--------+          |
       |             |                                                |               |
       v             |                                                v               |
   +--------+        |                         +--------+      +------------+         |
   | Secret |        |               +---------| Public |<-----| Public Key |         |
   |   Key  |        |               |         |   Key  |      |   (Bytes)  |         |
   +--------+        |               |         +--------+      +------------+         |
       |             +---------------|------------------------------------------------+
       v                             v
   +--------+                  +------------+
   | Public |- - - - - - - - ->| Public Key |
   |   Key  |  This PR Added   |   (Bytes)  |
   +--------+                  +------------+
      |                              |
      v                              v
  +----------+                 +----------+
  |   Node   |<----------------| Address  |
  |   Info   |                 |          |
  +----------+                 +----------+

What is the impact of this PR?

No Breaking Change

CI Settings

CI Usage

Tip: Check the CI you want to run below, and then comment /run-ci.

CI Switch

  • Coverage Test
  • E2E Tests
  • Code Format
  • Web3 Compatible Tests
  • OCT 1-5 And 12-15
  • OCT 6-10
  • OCT 11
  • OCT 16-19
  • v3 Core Tests

CI Description

CI Name Description
Chaos CI Test the liveness and robustness of Axon under terrible network condition
Cargo Clippy Run cargo clippy --all --all-targets --all-features
Coverage Test Get the unit test coverage report
E2E Test Run end-to-end test to check interfaces
Code Format Run cargo +nightly fmt --all -- --check and cargo sort -gwc
Web3 Compatible Test Test the Web3 compatibility of Axon
v3 Core Test Run the compatibility tests provided by Uniswap V3
OCT 1-5 | 6-10 | 11 | 12-15 | 16-19 Run the compatibility tests provided by OpenZeppelin

@yangby-cryptape yangby-cryptape requested a review from a team as a code owner August 25, 2023 17:31
@yangby-cryptape yangby-cryptape requested review from Flouse, driftluo and KaoImin and removed request for ahonn and felicityin August 25, 2023 17:31
@yangby-cryptape

This comment was marked as off-topic.

Sign in to view
@axon-bot

This comment was marked as outdated.

Sign in to view
@yangby-cryptape yangby-cryptape force-pushed the yangby/refactor/secrets-security branch from 3ac91cf to 68f92ba Compare August 27, 2023 03:54
@yangby-cryptape

This comment was marked as off-topic.

Sign in to view
@axon-bot

This comment was marked as outdated.

Sign in to view
@yangby-cryptape yangby-cryptape mentioned this pull request Aug 27, 2023
Closed
@Flouse Flouse mentioned this pull request Aug 28, 2023
Closed
9 tasks
@yangby-cryptape yangby-cryptape force-pushed the yangby/refactor/secrets-security branch from 68f92ba to 7ed58f3 Compare August 28, 2023 08:04
@yangby-cryptape

This comment was marked as off-topic.

Sign in to view
@axon-bot

This comment was marked as outdated.

Sign in to view
Flouse
Flouse previously approved these changes Aug 28, 2023
View reviewed changes
protocol/src/types/primitive.rs Show resolved Hide resolved
@Flouse Flouse mentioned this pull request Aug 28, 2023
Merged
9 tasks
@yangby-cryptape yangby-cryptape force-pushed the yangby/refactor/secrets-security branch from 19de48a to 09a12ae Compare August 28, 2023 09:12
@yangby-cryptape

This comment was marked as off-topic.

Sign in to view
@axon-bot
Copy link

axon-bot bot commented Aug 28, 2023

CI tests run on commit:

CI test list:

  • Code Format
  • E2E Tests
  • OCT 1-5 And 12-15
  • OCT 6-10
  • OCT 11
  • OCT 16-19
  • v3 Core Tests
  • Web3 Compatible Tests

Please check ci test results later.

@Flouse Flouse enabled auto-merge August 28, 2023 16:38
@Flouse Flouse added this pull request to the merge queue Aug 29, 2023
Merged via the queue into main with commit 22d97b7 Aug 29, 2023
@yangby-cryptape yangby-cryptape deleted the yangby/refactor/secrets-security branch August 29, 2023 02:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KaoImin KaoImin KaoImin approved these changes

@Flouse Flouse Flouse approved these changes

@driftluo driftluo Awaiting requested review from driftluo

Assignees
No one assigned
Labels
refactor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yangby-cryptape @Flouse @KaoImin