This PR introduces significant changes to the STAR randomness webservice, primarily focusing on enabling key synchronization between leader and worker enclaves. The changes include modifications to the server structure, handling of PPOPRF instances, and the addition of new endpoints for key management. The PR also updates dependencies and improves error handling.
Possible Issues
The new key synchronization feature might introduce potential race conditions or consistency issues if not properly managed across multiple instances.
The changes to the epoch rotation logic could potentially affect the randomness guarantees if not implemented correctly.
The new dependency on reqwest for HTTP requests to nitriding might introduce new failure modes that need to be handled carefully.
Security Hotspots
Key Management: The new methods for setting and getting private keys (set_ppoprf_private_key and get_ppoprf_private_key) are critical security points. Ensure that these endpoints are properly secured and only accessible within the trusted enclave environment.
Leader/Worker Designation: The logic for determining whether a server is a leader or worker (self.is_leader.set()) is a crucial security point. Ensure that this cannot be manipulated by an attacker to gain unauthorized access to key material.
Key Synchronization: The process of sending private keys to nitriding (send_private_keys_to_nitriding) is a potential point of key material exposure. Ensure that this communication channel is properly secured.
Changes
### Changes
1. `Cargo.toml` and `Cargo.lock`:
- Updated version to 0.3.0
- Added new dependencies including `reqwest` and `bincode`
2. `README.md`:
- Added information about reproducible builds and Nitro Enclave image auditing
3. `src/handler.rs`:
- Modified to handle the new key synchronization features
- Added new endpoints for setting and getting PPOPRF private keys
4. `src/instance.rs` (new file):
- Introduced `OPRFInstance` struct to manage OPRF instances
5. `src/main.rs`:
- Updated `Config` struct to include new options for key synchronization
- Modified `app` function to conditionally add new routes for key management
6. `src/result.rs` (new file):
- Introduced custom `Error` type and `Result` alias
7. `src/state.rs`:
- Significant changes to `OPRFServer` struct and its methods to support key synchronization
- Added methods for setting and getting private keys
8. `src/tests.rs`:
- Added new tests for enclave leader and worker scenarios
- Modified existing tests to accommodate new functionality
9. `src/util.rs`:
- Added utility function for sending private keys to nitriding
These changes significantly alter the structure and behavior of the application, particularly in how it manages PPOPRF instances and synchronizes keys between leader and worker enclaves. The new functionality requires careful review to ensure it maintains the security and correctness guarantees of the original implementation.
[puLL-Merge] - brave/star-randsrv@364
Description
This PR introduces significant changes to the STAR randomness webservice, primarily focusing on enabling key synchronization between leader and worker enclaves. The changes include modifications to the server structure, handling of PPOPRF instances, and the addition of new endpoints for key management. The PR also updates dependencies and improves error handling.
Possible Issues
Security Hotspots
Key Management: The new methods for setting and getting private keys (
set_ppoprf_private_keyandget_ppoprf_private_key) are critical security points. Ensure that these endpoints are properly secured and only accessible within the trusted enclave environment.Leader/Worker Designation: The logic for determining whether a server is a leader or worker (
self.is_leader.set()) is a crucial security point. Ensure that this cannot be manipulated by an attacker to gain unauthorized access to key material.Key Synchronization: The process of sending private keys to nitriding (
send_private_keys_to_nitriding) is a potential point of key material exposure. Ensure that this communication channel is properly secured.Changes
### Changes 1. `Cargo.toml` and `Cargo.lock`: - Updated version to 0.3.0 - Added new dependencies including `reqwest` and `bincode` 2. `README.md`: - Added information about reproducible builds and Nitro Enclave image auditing 3. `src/handler.rs`: - Modified to handle the new key synchronization features - Added new endpoints for setting and getting PPOPRF private keys 4. `src/instance.rs` (new file): - Introduced `OPRFInstance` struct to manage OPRF instances 5. `src/main.rs`: - Updated `Config` struct to include new options for key synchronization - Modified `app` function to conditionally add new routes for key management 6. `src/result.rs` (new file): - Introduced custom `Error` type and `Result` alias 7. `src/state.rs`: - Significant changes to `OPRFServer` struct and its methods to support key synchronization - Added methods for setting and getting private keys 8. `src/tests.rs`: - Added new tests for enclave leader and worker scenarios - Modified existing tests to accommodate new functionality 9. `src/util.rs`: - Added utility function for sending private keys to nitriding These changes significantly alter the structure and behavior of the application, particularly in how it manages PPOPRF instances and synchronizes keys between leader and worker enclaves. The new functionality requires careful review to ensure it maintains the security and correctness guarantees of the original implementation.