search

web3labs / crux

Data Privacy for Quorum Blockchains
https://www.web3labs.com
Apache License 2.0
53 stars 28 forks source link

Retrieve of data #47

Open akshitababel opened 5 years ago

akshitababel commented 5 years ago

Why are we using the sender public key to retrieve the data in enclave Retrieve function. Why are not using the private key of recipient to retrieve it?

0zAND1z commented 5 years ago

Hi @akshitababel , can you share some more context on this from a coding point of view?

A few citings shall help.

akshitababel commented 5 years ago

The following is the retrieve function from enclave package:

func (s *SecureEnclave) Retrieve(digestHash *[]byte, to *[]byte) ([]byte, error) {

    encoded, err := s.Db.Read(digestHash)
    if err != nil {
        return nil, err
    }

    epl, recipients := api.DecodePayloadWithRecipients(*encoded)

    masterKey := new([nacl.KeySize]byte)

    var senderPubKey, senderPrivKey, recipientPubKey, sharedKey nacl.Key

    if len(recipients) == 0 {
        // This is a payload originally sent to us by another node
        recipientPubKey = epl.Sender
        senderPubKey, err = utils.ToKey(*to)
        if err != nil {
            return nil, err
        }
    } else {
        // This is a payload that originated from us
        senderPubKey = epl.Sender
        recipientPubKey, err = utils.ToKey(recipients[0])
        if err != nil {
            return nil, err
        }
    }

    senderPrivKey, err = s.resolvePrivateKey(senderPubKey)
    if err != nil {
        return nil, err
    }

    // we might not have the key in our cache if constellation was restarted, hence we may
    // need to recreate
    sharedKey = s.resolveSharedKey(senderPrivKey, senderPubKey, recipientPubKey)

    _, ok := secretbox.Open(masterKey[:0], epl.RecipientBoxes[0], epl.RecipientNonce, sharedKey)
    if !ok {
        return nil, errors.New("unable to open master key secret box")
    }

    var payload []byte
    payload, ok = secretbox.Open(payload[:0], epl.CipherText, epl.Nonce, masterKey)
    if !ok {
        return payload, errors.New("unable to open payload secret box")
    }

    return payload, nil
}

we are using the public key of sender in the arguments at the place of to. Is there any function in enclave package which retrieves the encrypted data using private key of recipient and not public key of sender.