MarketTakers/arbiter
6
0
Fork 0
Code Issues 26 Pull Requests 1 Packages Projects Releases Wiki Activity

feat(crypto): expose governance signing context and make shamir_threshold pub const

Browse Source
This commit is contained in:
CleverWild
2026-06-13 15:06:36 +02:00
parent d7950beb09
commit af13465c03
3 changed files with 19 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/crates/arbiter-crypto/src/authn/v1.rs
View File

@@ -8,6 +8,7 @@ use rand::RngExt;
pub static CLIENT_CONTEXT: &[u8] = b"arbiter_client"; pub static CLIENT_CONTEXT: &[u8] = b"arbiter_client";
pub static OPERATOR_CONTEXT: &[u8] = b"arbiter_operator"; pub static OPERATOR_CONTEXT: &[u8] = b"arbiter_operator";
pub static GOVERNANCE_CONTEXT: &[u8] = b"arbiter_governance_vote";
const NONCE_SIZE: usize = 32; const NONCE_SIZE: usize = 32;
@@ -90,6 +91,11 @@ impl PublicKey {
self.0 self.0
.verify_with_context(&challenge, context, &signature.0) .verify_with_context(&challenge, context, &signature.0)
} }
#[must_use]
pub fn verify_message(&self, message: &[u8], context: &[u8], signature: &Signature) -> bool {
self.0.verify_with_context(message, context, &signature.0)
}
} }
impl Signature { impl Signature {

11
server/crates/arbiter-server/src/actors/vault_coordinator/mod.rs
View File

@@ -9,7 +9,7 @@ use tracing::error;
use crate::{ use crate::{
actors::vault::{Bootstrap, TryUnseal, Vault}, actors::vault::{Bootstrap, TryUnseal, Vault},
crypto::{KeyCell, derive_key, encryption::v1::Nonce, shamir}, crypto::{KeyCell, derive_key, encryption::v1::Nonce, shamir, shamir::shamir_threshold},
db::{self, models, schema}, db::{self, models, schema},
}; };
@@ -76,15 +76,6 @@ impl VaultCoordinator {
const SHARE_AAD: &[u8] = b"arbiter/shamir-share/v1"; const SHARE_AAD: &[u8] = b"arbiter/shamir-share/v1";
const fn shamir_threshold(n: usize) -> usize {
match n {
0 => panic!("No operators"),
1 => 1,
2 => 2,
n => n / 2 + 1,
}
}
async fn finalize_bootstrap( async fn finalize_bootstrap(
db: db::DatabasePool, db: db::DatabasePool,
vault: ActorRef<Vault>, vault: ActorRef<Vault>,

12
server/crates/arbiter-server/src/crypto/shamir.rs
View File

@@ -20,6 +20,18 @@ pub fn split_key(
.map_err(|e| ShamirError::Split(format!("{e:?}"))) .map_err(|e| ShamirError::Split(format!("{e:?}")))
} }
/// Returns the minimum number of shares required to reconstruct the secret
/// for a committee of `n` operators.
#[must_use]
pub const fn shamir_threshold(n: usize) -> usize {
match n {
0 => panic!("No operators"),
1 => 1,
2 => 2,
n => n / 2 + 1,
}
}
/// Reconstruct the secret from `threshold` or more shares. /// Reconstruct the secret from `threshold` or more shares.
pub fn combine_shares(shares: &[Vec<u8>]) -> Result<[u8; 32], ShamirError> { pub fn combine_shares(shares: &[Vec<u8>]) -> Result<[u8; 32], ShamirError> {
let bytes = Gf256::combine_array(shares) let bytes = Gf256::combine_array(shares)