From 837cc31a9305ad15e4245a05c32473ef6a0846e3 Mon Sep 17 00:00:00 2001 From: Sergio Chouhy Date: Wed, 7 May 2025 16:34:52 -0300 Subject: [PATCH 1/4] use x coordinate as key for aes --- .../key_management/ephemeral_key_holder.rs | 11 ++---- accounts/src/key_management/mod.rs | 34 ++++++------------- 2 files changed, 13 insertions(+), 32 deletions(-) diff --git a/accounts/src/key_management/ephemeral_key_holder.rs b/accounts/src/key_management/ephemeral_key_holder.rs index 9e3a9b1..266cfa3 100644 --- a/accounts/src/key_management/ephemeral_key_holder.rs +++ b/accounts/src/key_management/ephemeral_key_holder.rs @@ -3,6 +3,7 @@ use elliptic_curve::PrimeField; use k256::{AffinePoint, FieldBytes, Scalar}; use log::info; use rand::{rngs::OsRng, RngCore}; +use elliptic_curve::point::AffineCoordinates; use super::constants_types::{CipherText, Nonce}; @@ -39,14 +40,8 @@ impl EphemeralKeyHolder { viewing_public_key_receiver: AffinePoint, data: &[u8], ) -> (CipherText, Nonce) { - let key_point = self.calculate_shared_secret_sender(viewing_public_key_receiver); - let binding = serde_json::to_vec(&key_point).unwrap(); - let key_raw = &binding.as_slice()[..32]; - let key_raw_adjust: [u8; 32] = key_raw.try_into().unwrap(); - - let key: Key = key_raw_adjust.into(); - - let cipher = Aes256Gcm::new(&key); + let shared_secret = self.calculate_shared_secret_sender(viewing_public_key_receiver); + let cipher = Aes256Gcm::new(&shared_secret.x()); let nonce = Aes256Gcm::generate_nonce(&mut OsRng); (cipher.encrypt(&nonce, data).unwrap(), nonce) diff --git a/accounts/src/key_management/mod.rs b/accounts/src/key_management/mod.rs index 25673f6..79418ec 100644 --- a/accounts/src/key_management/mod.rs +++ b/accounts/src/key_management/mod.rs @@ -5,6 +5,7 @@ use ephemeral_key_holder::EphemeralKeyHolder; use k256::AffinePoint; use log::info; use secret_holders::{SeedHolder, TopSecretKeyHolder, UTXOSecretKeyHolder}; +use elliptic_curve::point::AffineCoordinates; use crate::account_core::PublicKey; @@ -63,14 +64,8 @@ impl AddressKeyHolder { ciphertext: CipherText, nonce: Nonce, ) -> Result, aes_gcm::Error> { - let key_point = self.calculate_shared_secret_receiver(ephemeral_public_key_sender); - let binding = serde_json::to_vec(&key_point).unwrap(); - let key_raw = &binding.as_slice()[..32]; - let key_raw_adjust: [u8; 32] = key_raw.try_into().unwrap(); - - let key: Key = key_raw_adjust.into(); - - let cipher = Aes256Gcm::new(&key); + let shared_secret = self.calculate_shared_secret_receiver(ephemeral_public_key_sender); + let cipher = Aes256Gcm::new(&shared_secret.x()); cipher.decrypt(&nonce, ciphertext.as_slice()) } @@ -107,18 +102,22 @@ impl AddressKeyHolder { #[cfg(test)] mod tests { + use std::io::Read; + use aes_gcm::{ aead::{Aead, KeyInit, OsRng}, Aes256Gcm, }; use constants_types::{CipherText, Nonce}; use constants_types::{NULLIFIER_SECRET_CONST, VIEWING_SECRET_CONST}; - use elliptic_curve::ff::Field; + use elliptic_curve::{ff::Field, PrimeField}; use elliptic_curve::group::prime::PrimeCurveAffine; use k256::{AffinePoint, ProjectivePoint, Scalar}; + use elliptic_curve::point::AffineCoordinates; use super::*; + #[test] fn test_new_os_random() { // Ensure that a new AddressKeyHolder instance can be created without errors. @@ -154,22 +153,14 @@ mod tests { let address_key_holder = AddressKeyHolder::new_os_random(); // Generate an ephemeral key and shared secret - let scalar = Scalar::random(OsRng); let ephemeral_public_key_sender = address_key_holder .produce_ephemeral_key_holder() .generate_ephemeral_public_key(); let shared_secret = address_key_holder.calculate_shared_secret_receiver(ephemeral_public_key_sender); - // Prepare the encryption key from shared secret - let key_raw = serde_json::to_vec(&shared_secret).unwrap(); - let key_raw_adjust_pre = &key_raw.as_slice()[..32]; - let key_raw_adjust: [u8; 32] = key_raw_adjust_pre.try_into().unwrap(); - let key: Key = key_raw_adjust.into(); - - let cipher = Aes256Gcm::new(&key); - // Encrypt sample data + let cipher = Aes256Gcm::new(&shared_secret.x()); let nonce = Nonce::from_slice(b"unique nonce"); let plaintext = b"Sensitive data"; let ciphertext = cipher @@ -315,12 +306,7 @@ mod tests { let shared_secret = address_key_holder.calculate_shared_secret_receiver(ephemeral_public_key_sender); - // Prepare the encryption key from shared secret - let key_raw = serde_json::to_vec(&shared_secret).unwrap(); - let key_raw_adjust_pre = &key_raw.as_slice()[..32]; - let key_raw_adjust: [u8; 32] = key_raw_adjust_pre.try_into().unwrap(); - let key: Key = key_raw_adjust.into(); - let cipher = Aes256Gcm::new(&key); + let cipher = Aes256Gcm::new(&shared_secret.x()); let ciphertext = cipher .encrypt(nonce, plaintext.as_ref()) From 7a117150efaab1d3fed7277dc4d4b721b0a2e81a Mon Sep 17 00:00:00 2001 From: Sergio Chouhy Date: Wed, 7 May 2025 16:36:30 -0300 Subject: [PATCH 2/4] remove usage of deprecated function --- accounts/src/key_management/mod.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/accounts/src/key_management/mod.rs b/accounts/src/key_management/mod.rs index 79418ec..712e8a4 100644 --- a/accounts/src/key_management/mod.rs +++ b/accounts/src/key_management/mod.rs @@ -138,7 +138,7 @@ mod tests { // Generate a random ephemeral public key sender let scalar = Scalar::random(&mut OsRng); - let ephemeral_public_key_sender = (ProjectivePoint::generator() * scalar).to_affine(); + let ephemeral_public_key_sender = (ProjectivePoint::GENERATOR * scalar).to_affine(); // Calculate shared secret let shared_secret = @@ -216,7 +216,7 @@ mod tests { // Generate ephemeral public key and shared secret let scalar = Scalar::random(OsRng); - let ephemeral_public_key_sender = (ProjectivePoint::generator() * scalar).to_affine(); + let ephemeral_public_key_sender = (ProjectivePoint::GENERATOR * scalar).to_affine(); let shared_secret = address_key_holder.calculate_shared_secret_receiver(ephemeral_public_key_sender); @@ -256,7 +256,7 @@ mod tests { // Generate ephemeral public key and shared secret let scalar = Scalar::random(OsRng); - let ephemeral_public_key_sender = (ProjectivePoint::generator() * scalar).to_affine(); + let ephemeral_public_key_sender = (ProjectivePoint::GENERATOR * scalar).to_affine(); let shared_secret = address_key_holder.calculate_shared_secret_receiver(ephemeral_public_key_sender); @@ -298,7 +298,7 @@ mod tests { // Generate ephemeral key and shared secret let scalar = Scalar::random(OsRng); - let ephemeral_public_key_sender = (ProjectivePoint::generator() * scalar).to_affine(); + let ephemeral_public_key_sender = (ProjectivePoint::GENERATOR * scalar).to_affine(); // Encrypt sample data let plaintext = b"Round-trip test data"; From 7572188ab08040dc06ed8b271b0139b91296e9f1 Mon Sep 17 00:00:00 2001 From: Sergio Chouhy Date: Wed, 7 May 2025 16:37:03 -0300 Subject: [PATCH 3/4] fmt --- accounts/src/key_management/ephemeral_key_holder.rs | 2 +- accounts/src/key_management/mod.rs | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/accounts/src/key_management/ephemeral_key_holder.rs b/accounts/src/key_management/ephemeral_key_holder.rs index 266cfa3..6210369 100644 --- a/accounts/src/key_management/ephemeral_key_holder.rs +++ b/accounts/src/key_management/ephemeral_key_holder.rs @@ -1,9 +1,9 @@ use aes_gcm::{aead::Aead, AeadCore, Aes256Gcm, Key, KeyInit}; +use elliptic_curve::point::AffineCoordinates; use elliptic_curve::PrimeField; use k256::{AffinePoint, FieldBytes, Scalar}; use log::info; use rand::{rngs::OsRng, RngCore}; -use elliptic_curve::point::AffineCoordinates; use super::constants_types::{CipherText, Nonce}; diff --git a/accounts/src/key_management/mod.rs b/accounts/src/key_management/mod.rs index 712e8a4..1e690ac 100644 --- a/accounts/src/key_management/mod.rs +++ b/accounts/src/key_management/mod.rs @@ -1,11 +1,11 @@ use aes_gcm::{aead::Aead, Aes256Gcm, Key, KeyInit}; use common::merkle_tree_public::TreeHashType; use constants_types::{CipherText, Nonce}; +use elliptic_curve::point::AffineCoordinates; use ephemeral_key_holder::EphemeralKeyHolder; use k256::AffinePoint; use log::info; use secret_holders::{SeedHolder, TopSecretKeyHolder, UTXOSecretKeyHolder}; -use elliptic_curve::point::AffineCoordinates; use crate::account_core::PublicKey; @@ -110,14 +110,13 @@ mod tests { }; use constants_types::{CipherText, Nonce}; use constants_types::{NULLIFIER_SECRET_CONST, VIEWING_SECRET_CONST}; - use elliptic_curve::{ff::Field, PrimeField}; use elliptic_curve::group::prime::PrimeCurveAffine; - use k256::{AffinePoint, ProjectivePoint, Scalar}; use elliptic_curve::point::AffineCoordinates; + use elliptic_curve::{ff::Field, PrimeField}; + use k256::{AffinePoint, ProjectivePoint, Scalar}; use super::*; - #[test] fn test_new_os_random() { // Ensure that a new AddressKeyHolder instance can be created without errors. From 74d8fd54d9e794b22c69f62df3196ecf0cec2da2 Mon Sep 17 00:00:00 2001 From: Sergio Chouhy Date: Wed, 7 May 2025 16:52:08 -0300 Subject: [PATCH 4/4] fix tests --- .../key_management/ephemeral_key_holder.rs | 2 +- accounts/src/key_management/mod.rs | 26 ++++--------------- 2 files changed, 6 insertions(+), 22 deletions(-) diff --git a/accounts/src/key_management/ephemeral_key_holder.rs b/accounts/src/key_management/ephemeral_key_holder.rs index 6210369..ecfb09e 100644 --- a/accounts/src/key_management/ephemeral_key_holder.rs +++ b/accounts/src/key_management/ephemeral_key_holder.rs @@ -1,4 +1,4 @@ -use aes_gcm::{aead::Aead, AeadCore, Aes256Gcm, Key, KeyInit}; +use aes_gcm::{aead::Aead, AeadCore, Aes256Gcm, KeyInit}; use elliptic_curve::point::AffineCoordinates; use elliptic_curve::PrimeField; use k256::{AffinePoint, FieldBytes, Scalar}; diff --git a/accounts/src/key_management/mod.rs b/accounts/src/key_management/mod.rs index 1e690ac..474bd99 100644 --- a/accounts/src/key_management/mod.rs +++ b/accounts/src/key_management/mod.rs @@ -1,4 +1,4 @@ -use aes_gcm::{aead::Aead, Aes256Gcm, Key, KeyInit}; +use aes_gcm::{aead::Aead, Aes256Gcm, KeyInit}; use common::merkle_tree_public::TreeHashType; use constants_types::{CipherText, Nonce}; use elliptic_curve::point::AffineCoordinates; @@ -102,17 +102,15 @@ impl AddressKeyHolder { #[cfg(test)] mod tests { - use std::io::Read; - use aes_gcm::{ aead::{Aead, KeyInit, OsRng}, Aes256Gcm, }; use constants_types::{CipherText, Nonce}; use constants_types::{NULLIFIER_SECRET_CONST, VIEWING_SECRET_CONST}; + use elliptic_curve::ff::Field; use elliptic_curve::group::prime::PrimeCurveAffine; use elliptic_curve::point::AffineCoordinates; - use elliptic_curve::{ff::Field, PrimeField}; use k256::{AffinePoint, ProjectivePoint, Scalar}; use super::*; @@ -137,7 +135,7 @@ mod tests { // Generate a random ephemeral public key sender let scalar = Scalar::random(&mut OsRng); - let ephemeral_public_key_sender = (ProjectivePoint::GENERATOR * scalar).to_affine(); + let ephemeral_public_key_sender = (ProjectivePoint::generator() * scalar).to_affine(); // Calculate shared secret let shared_secret = @@ -219,15 +217,8 @@ mod tests { let shared_secret = address_key_holder.calculate_shared_secret_receiver(ephemeral_public_key_sender); - // Prepare the encryption key from shared secret - let key_raw = serde_json::to_vec(&shared_secret).unwrap(); - let key_raw_adjust_pre = &key_raw.as_slice()[..32]; - let key_raw_adjust: [u8; 32] = key_raw_adjust_pre.try_into().unwrap(); - let key: Key = key_raw_adjust.into(); - - let cipher = Aes256Gcm::new(&key); - // Encrypt sample data with a specific nonce + let cipher = Aes256Gcm::new(&shared_secret.x()); let nonce = Nonce::from_slice(b"unique nonce"); let plaintext = b"Sensitive data"; let ciphertext = cipher @@ -259,15 +250,8 @@ mod tests { let shared_secret = address_key_holder.calculate_shared_secret_receiver(ephemeral_public_key_sender); - // Prepare the encryption key from shared secret - let key_raw = serde_json::to_vec(&shared_secret).unwrap(); - let key_raw_adjust_pre = &key_raw.as_slice()[..32]; - let key_raw_adjust: [u8; 32] = key_raw_adjust_pre.try_into().unwrap(); - let key: Key = key_raw_adjust.into(); - - let cipher = Aes256Gcm::new(&key); - // Encrypt sample data + let cipher = Aes256Gcm::new(&shared_secret.x()); let nonce = Nonce::from_slice(b"unique nonce"); let plaintext = b"Sensitive data"; let ciphertext = cipher