Struct diem_types::network_address::encrypted::EncNetworkAddress [−][src]
pub struct EncNetworkAddress { /* fields omitted */ }
Expand description
An encrypted NetworkAddress
.
Threat Model
Encrypting the on-chain network addresses is purely a defense-in-depth mitigation to minimize attack surface and reduce DDoS attacks on the validators by restricting the visibility of their public-facing network addresses only to other validators.
These encrypted network addresses are intended to be stored on-chain under
each validator’s advertised network addresses in their ValidatorConfig
s.
All validators share the secret shared_val_netaddr_key
, though each validator’s addresses
are encrypted using a per-validator derived_key
.
Account Key
derived_key := HKDF-SHA3-256::extract_and_expand(
salt=HKDF_SALT,
ikm=shared_val_netaddr_key,
info=account_address,
output_length=32,
)
where HKDF-SHA3-256::extract_and_expand
is
HKDF extract-and-expand with SHA3-256,
HKDF_SALT
is a constant salt for application separation, shared_val_netaddr_key
is the
shared secret distributed amongst all the validators, and account_address
is the specific validator’s AccountAddress
.
We use per-validator derived_key
s to limit the “blast radius” of
nonce reuse to each validator, i.e., a validator that accidentally reuses a
nonce will only leak information about their network addresses or derived_key
.
Encryption
A raw network address, addr
, is then encrypted using AES-256-GCM like:
enc_addr := AES-256-GCM::encrypt(
key=derived_key,
nonce=nonce,
ad=key_version,
message=addr,
)
where nonce
is a 96-bit integer as described below, key_version
is
the key version as a u32 big-endian integer, addr
is the serialized
NetworkAddress
, and enc_addr
is the encrypted network address
concatenated with the 16-byte authentication tag.
Nonce
nonce := seq_num || addr_idx
where seq_num
is the seq_num
field as a u64 big-endian integer and
addr_idx
is the index of the encrypted network address in the list of
network addresses as a u32 big-endian integer.
Sequence Number
In order to reduce the probability of nonce reuse, validators should use the
sequence number of the rotation transaction in the seq_num
field.
Key Rotation
The EncNetworkAddress
struct contains a key_version
field, which
identifies the specific shared_val_netaddr_key
used to encrypt/decrypt the
EncNetworkAddress
.
Implementations
impl EncNetworkAddress
[src]
impl EncNetworkAddress
[src]pub fn encrypt(
addr: NetworkAddress,
shared_val_netaddr_key: &Key,
key_version: KeyVersion,
account: &AccountAddress,
seq_num: u64,
addr_idx: u32
) -> Result<Self, ParseError>
[src]
pub fn encrypt(
addr: NetworkAddress,
shared_val_netaddr_key: &Key,
key_version: KeyVersion,
account: &AccountAddress,
seq_num: u64,
addr_idx: u32
) -> Result<Self, ParseError>
[src]Panics
encrypt will panic if addr
length > 64 GiB.
pub fn decrypt(
self,
shared_val_netaddr_key: &Key,
account: &AccountAddress,
addr_idx: u32
) -> Result<NetworkAddress, ParseError>
[src]
self,
shared_val_netaddr_key: &Key,
account: &AccountAddress,
addr_idx: u32
) -> Result<NetworkAddress, ParseError>
pub fn key_version(&self) -> KeyVersion
[src]
pub fn seq_num(&self) -> u64
[src]
Trait Implementations
impl Clone for EncNetworkAddress
[src]
impl Clone for EncNetworkAddress
[src]fn clone(&self) -> EncNetworkAddress
[src]
fn clone(&self) -> EncNetworkAddress
[src]Returns a copy of the value. Read more
fn clone_from(&mut self, source: &Self)
1.0.0[src]
fn clone_from(&mut self, source: &Self)
1.0.0[src]Performs copy-assignment from source
. Read more
impl Debug for EncNetworkAddress
[src]
impl Debug for EncNetworkAddress
[src]impl<'de> Deserialize<'de> for EncNetworkAddress
[src]
impl<'de> Deserialize<'de> for EncNetworkAddress
[src]fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
[src]
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
[src]Deserialize this value from the given Serde deserializer. Read more
impl PartialEq<EncNetworkAddress> for EncNetworkAddress
[src]
impl PartialEq<EncNetworkAddress> for EncNetworkAddress
[src]fn eq(&self, other: &EncNetworkAddress) -> bool
[src]
fn eq(&self, other: &EncNetworkAddress) -> bool
[src]This method tests for self
and other
values to be equal, and is used
by ==
. Read more
fn ne(&self, other: &EncNetworkAddress) -> bool
[src]
fn ne(&self, other: &EncNetworkAddress) -> bool
[src]This method tests for !=
.
impl Serialize for EncNetworkAddress
[src]
impl Serialize for EncNetworkAddress
[src]impl Eq for EncNetworkAddress
[src]
impl StructuralEq for EncNetworkAddress
[src]
impl StructuralPartialEq for EncNetworkAddress
[src]
Auto Trait Implementations
impl RefUnwindSafe for EncNetworkAddress
impl Send for EncNetworkAddress
impl Sync for EncNetworkAddress
impl Unpin for EncNetworkAddress
impl UnwindSafe for EncNetworkAddress
Blanket Implementations
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]pub fn borrow_mut(&mut self) -> &mut T
[src]
pub fn borrow_mut(&mut self) -> &mut T
[src]Mutably borrows from an owned value. Read more
impl<T> Same<T> for T
impl<T> Same<T> for T
type Output = T
type Output = T
Should always be Self
impl<T> TestOnlyHash for T where
T: Serialize + ?Sized,
[src]
impl<T> TestOnlyHash for T where
T: Serialize + ?Sized,
[src]pub fn test_only_hash(&self) -> HashValue
[src]
pub fn test_only_hash(&self) -> HashValue
[src]Generates a hash used only for tests.
impl<T> ToOwned for T where
T: Clone,
[src]
impl<T> ToOwned for T where
T: Clone,
[src]type Owned = T
type Owned = T
The resulting type after obtaining ownership.
pub fn to_owned(&self) -> T
[src]
pub fn to_owned(&self) -> T
[src]Creates owned data from borrowed data, usually by cloning. Read more
pub fn clone_into(&self, target: &mut T)
[src]
pub fn clone_into(&self, target: &mut T)
[src]🔬 This is a nightly-only experimental API. (toowned_clone_into
)
recently added
Uses borrowed data to replace owned data, usually by cloning. Read more
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
pub fn vzip(self) -> V
impl<T> DeserializeOwned for T where
T: for<'de> Deserialize<'de>,
[src]
T: for<'de> Deserialize<'de>,