Skip to content

Commit d645d56

Browse files
cjen1-msftcjen1-msft
authored
Initialise commit_secret alongside LedgerSecret (#7689)
1 parent 676e3f3 commit d645d56

1 file changed

Lines changed: 16 additions & 11 deletions

File tree

src/node/ledger_secret.h

Lines changed: 16 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -28,16 +28,18 @@ namespace ccf
2828
std::shared_ptr<ccf::crypto::KeyAesGcm> key;
2929
std::optional<ccf::kv::Version> previous_secret_stored_version =
3030
std::nullopt;
31-
std::optional<ccf::crypto::HashBytes> commit_secret = std::nullopt;
31+
ccf::crypto::HashBytes commit_secret;
3232

33-
const ccf::crypto::HashBytes& get_commit_secret()
33+
static ccf::crypto::HashBytes derive_commit_secret(
34+
std::span<const uint8_t> raw_key)
3435
{
35-
if (!commit_secret.has_value())
36-
{
37-
commit_secret = ccf::crypto::hmac(
38-
ccf::crypto::MDType::SHA256, raw_key, commit_secret_label);
39-
}
40-
return commit_secret.value();
36+
return ccf::crypto::hmac(
37+
ccf::crypto::MDType::SHA256, raw_key, commit_secret_label);
38+
}
39+
40+
[[nodiscard]] const ccf::crypto::HashBytes& get_commit_secret() const
41+
{
42+
return commit_secret;
4143
}
4244

4345
bool operator==(const LedgerSecret& other) const
@@ -46,11 +48,12 @@ namespace ccf
4648
previous_secret_stored_version == other.previous_secret_stored_version;
4749
}
4850

49-
LedgerSecret() = default;
51+
LedgerSecret() : commit_secret(derive_commit_secret(raw_key)) {}
5052

5153
~LedgerSecret()
5254
{
5355
OPENSSL_cleanse(raw_key.data(), raw_key.size());
56+
OPENSSL_cleanse(commit_secret.data(), commit_secret.size());
5457
}
5558

5659
// The copy constructor is used for serialising a LedgerSecret. However,
@@ -59,7 +62,8 @@ namespace ccf
5962
LedgerSecret(const LedgerSecret& other) :
6063
raw_key(other.raw_key),
6164
key(ccf::crypto::make_key_aes_gcm(other.raw_key)),
62-
previous_secret_stored_version(other.previous_secret_stored_version)
65+
previous_secret_stored_version(other.previous_secret_stored_version),
66+
commit_secret(derive_commit_secret(raw_key))
6367
{}
6468

6569
LedgerSecret(
@@ -68,7 +72,8 @@ namespace ccf
6872
std::nullopt) :
6973
raw_key(raw_key_),
7074
key(ccf::crypto::make_key_aes_gcm(std::move(raw_key_))),
71-
previous_secret_stored_version(previous_secret_stored_version_)
75+
previous_secret_stored_version(previous_secret_stored_version_),
76+
commit_secret(derive_commit_secret(raw_key))
7277
{}
7378
};
7479

0 commit comments

Comments
 (0)