diff options
| -rw-r--r-- | doc/manual/cli.rst | 17 | ||||
| -rw-r--r-- | doc/manual/contents.rst | 1 | ||||
| -rw-r--r-- | doc/manual/tss.rst | 45 | ||||
| -rw-r--r-- | src/cli/tss.cpp | 9 |
4 files changed, 71 insertions, 1 deletions
diff --git a/doc/manual/cli.rst b/doc/manual/cli.rst index 431c81430..71cb5935b 100644 --- a/doc/manual/cli.rst +++ b/doc/manual/cli.rst @@ -234,6 +234,23 @@ The PSK database commands are only available if sqlite3 support was compiled in. $ botan psk_list psk.db deadba55 bunny +Secret Sharing +------------------ + +Split a file into several shares. + +``tss_split M N data_file --id= --share-prefix=share --share-suffix=tss --hash=SHA-256`` + Split a file into ``N`` pieces any ``M`` of which suffices to + recover the original input. The ID allows specifying a unique key ID + which may be up to 16 bytes long, this ensures that shares can be + uniquely matched. If not specified a random 16 byte value is + used. A checksum can be appended to the data to help verify correct + recovery, this can be disabled using ``--hash=None``. + +``tss_recover *shares`` + Recover some data split by ``tss_split``. If insufficient number of + shares are provided an error is printed. + Data Encoding/Decoding ------------------------ diff --git a/doc/manual/contents.rst b/doc/manual/contents.rst index 6b97f7a02..aae2ebd45 100644 --- a/doc/manual/contents.rst +++ b/doc/manual/contents.rst @@ -30,6 +30,7 @@ Contents psk_db filters fpe + tss ecc compression pkcs11 diff --git a/doc/manual/tss.rst b/doc/manual/tss.rst new file mode 100644 index 000000000..947b835d0 --- /dev/null +++ b/doc/manual/tss.rst @@ -0,0 +1,45 @@ +Threshold Secret Sharing +======================================== + +.. versionadded:: 1.9.1 + +Threshold secret sharing allows splitting a secret into ``N`` shares such that +``M`` (for specified ``M`` <= ``N``) is sufficient to recover the secret, but an +attacker with ``M - 1`` shares cannot derive any information about the secret. + +The implementation in Botan follows an expired Internet draft +"draft-mcgrew-tss-03". Several other implementations of this TSS format exist. + +.. cpp:class:: RTSS_Share + + .. cpp:function:: static std::vector<RTSS_Share> split(uint8_t M, uint8_t N, \ + const uint8_t secret[], uint16_t secret_len, \ + const std::vector<uint8_t>& identifier, \ + const std::string& hash_fn, \ + RandomNumberGenerator& rng) + + Split a secret. The identifier is an optional key identifier which may be + up to 16 bytes long. Shorter identifiers are padded with zeros. + + The hash function must be either "SHA-1", "SHA-256", or "None" to disable + the checksum. + + This will return a vector of length ``N``, any ``M`` of these shares is + sufficient to reconstruct the data. + + .. cpp:function:: static secure_vector<uint8_t> reconstruct(const std::vector<RTSS_Share>& shares) + + Given a sufficient number of shares, reconstruct a secret. + + .. cpp:function:: RTSS_Share(const uint8_t data[], size_t len) + + Read a TSS share as a sequence of bytes. + + .. cpp:function:: const secure_vector<uint8>& data() const + + Return the data of this share. + + .. cpp:function:: uint8_t share_id() const + + Return the share ID which will be in the range 1...255 + diff --git a/src/cli/tss.cpp b/src/cli/tss.cpp index bff9c19eb..60149ee29 100644 --- a/src/cli/tss.cpp +++ b/src/cli/tss.cpp @@ -9,6 +9,7 @@ #if defined(BOTAN_HAS_THRESHOLD_SECRET_SHARING) #include <botan/tss.h> #include <botan/hex.h> + #include <botan/rng.h> #include <fstream> #endif @@ -43,7 +44,13 @@ class TSS_Split final : public Command Botan::secure_vector<uint8_t> secret = slurp_file_lvec(input); - const std::vector<uint8_t> id = Botan::hex_decode(id_str); + std::vector<uint8_t> id = Botan::hex_decode(id_str); + + if(id.empty()) + { + id.resize(16); + rng().randomize(id.data(), id.size()); + } std::vector<Botan::RTSS_Share> shares = Botan::RTSS_Share::split(M, N, secret.data(), secret.size(), id, hash_algo, rng()); |