stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint. addition features and their state. check some ofthem

Browse Source
This commit is contained in:
master
2026-02-10 07:54:44 +02:00
parent 4bdc298ec1
commit 5593212b41
211 changed files with 10248 additions and 1208 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
docs/features/checked/signer/shamir-secret-sharing-key-escrow.md Normal file
View File

@@ -0,0 +1,45 @@
# Shamir Secret Sharing Key Escrow
## Module
Signer
## Status
VERIFIED
## Description
Key escrow system using Shamir's Secret Sharing over GF(256) to split signing keys into M-of-N shares distributed to escrow agents, with ceremony-authorized recovery requiring quorum approval.
## Implementation Details
- **ShamirSecretSharing**: `src/Cryptography/StellaOps.Cryptography/KeyEscrow/ShamirSecretSharing.cs` -- GF(2^8) arithmetic implementation: Split (creates random polynomial per byte with secret as constant term, evaluates at share indices 1..N), Combine (Lagrange interpolation at x=0 to reconstruct), Verify (round-trip reconstruction test); constraints: threshold >= 2, totalShares >= threshold, max 255 shares; uses cryptographically secure RandomNumberGenerator; clears sensitive coefficients after use
- **GaloisField256**: `src/Cryptography/StellaOps.Cryptography/KeyEscrow/GaloisField256.cs` -- GF(2^8) field arithmetic: EvaluatePolynomial, LagrangeInterpolateAtZero, multiply/inverse via log/exp tables
- **KeyEscrowService**: `src/Cryptography/StellaOps.Cryptography/KeyEscrow/KeyEscrowService.cs` -- full escrow lifecycle: EscrowKeyAsync (split with ShamirSecretSharing, encrypt shares with AES-256-GCM per agent, store via IEscrowAgentStore, compute SHA-256 checksums), RecoverKeyAsync (validate threshold share count, dual-control enforcement, checksum verification, Lagrange reconstruction), GetEscrowStatusAsync, ListEscrowedKeysAsync, RevokeEscrowAsync, ReEscrowKeyAsync (revoke + re-escrow with new shares); all operations audit-logged via IKeyEscrowAuditLogger
- **CeremonyAuthorizedRecoveryService**: `src/Cryptography/StellaOps.Cryptography/KeyEscrow/CeremonyAuthorizedRecoveryService.cs` -- integrates key recovery with ceremony system for quorum-authorized recovery
- **IKeyEscrowService**: `src/Cryptography/StellaOps.Cryptography/KeyEscrow/IKeyEscrowService.cs` -- interface: EscrowKeyAsync, RecoverKeyAsync, GetEscrowStatusAsync, ListEscrowedKeysAsync, RevokeEscrowAsync, ReEscrowKeyAsync
- **IEscrowAgentStore**: `src/Cryptography/StellaOps.Cryptography/KeyEscrow/IEscrowAgentStore.cs` -- agent and share persistence: StoreShareAsync, GetSharesForKeyAsync, GetAgentAsync, GetActiveAgentsAsync, StoreEscrowMetadataAsync, DeleteSharesForKeyAsync
- **KeyEscrowModels**: `src/Cryptography/StellaOps.Cryptography/KeyEscrow/KeyEscrowModels.cs` -- KeyShare (ShareId, Index, EncryptedData, KeyId, Threshold, TotalShares, CustodianId, ChecksumHex, EncryptionInfo), KeyEscrowResult, KeyRecoveryResult, KeyEscrowStatus, KeyEscrowOptions (Threshold, TotalShares, RequireDualControl, ExpirationDays), KeyEscrowMetadata, EscrowAgent, KeyRecoveryRequest (KeyId, InitiatorId, Reason, AuthorizingCustodians, CeremonyId)
- **Tests**: `src/Cryptography/__Tests/StellaOps.Cryptography.Tests/ShamirSecretSharingTests.cs`, `KeyEscrow/KeyEscrowRecoveryIntegrationTests.cs`, `KeyEscrow/KeyEscrowRecoveryIntegrationTests.Fixed.cs`
- **Source**: SPRINT_20260112_018_CRYPTO_key_escrow_shamir.md
## E2E Test Plan
- [x] Verify M-of-N split produces N shares and any M shares can reconstruct the original secret
- [x] Verify fewer than M shares cannot reconstruct the secret (information-theoretic security)
- [x] Verify duplicate share indices are rejected during reconstruction
- [x] Test key escrow flow: escrow key -> retrieve status -> recover with threshold shares
- [x] Verify dual-control enforcement requires at least 2 authorizing custodians when enabled
- [x] Verify share checksums (SHA-256) are validated during recovery
- [x] Verify escrow revocation deletes all shares and audit-logs the action
- [x] Test re-escrow preserves original parameters when no new options provided
- [x] Verify maximum 255 shares constraint from GF(2^8) field
## Verification
- **Run ID**: run-001
- **Date**: 2026-02-10
- **Method**: Tier 1 code review + Tier 2d existing test verification
- **Build**: PASS (0 errors, 0 warnings)
- **Tests**: PASS (491/491 signer tests pass)
- **Code Review**:
- ShamirSecretSharing: Correct GF(2^8) implementation verified. Split creates degree-(threshold-1) random polynomial per byte with secret byte as constant term, evaluates at indices 1..N. Combine uses Lagrange interpolation at x=0 via GaloisField256. Input validation: threshold >= 2, totalShares >= threshold, totalShares <= 255. Cryptographically secure RandomNumberGenerator for coefficients. Coefficient array cleared after use (defense-in-depth).
- GaloisField256: Log/exp table-based multiplication and division. EvaluatePolynomial uses Horner's method. LagrangeInterpolateAtZero implements standard Lagrange basis at x=0 with GF(2^8) arithmetic.
- KeyEscrowService: Full lifecycle verified. EscrowKeyAsync splits with ShamirSecretSharing, encrypts each share with AES-256-GCM using per-agent key, stores via IEscrowAgentStore, computes SHA-256 checksums. RecoverKeyAsync validates threshold count, dual-control enforcement, checksum verification, Lagrange reconstruction. All operations audit-logged.
- Tests: ShamirSecretSharingTests (split/combine round-trip, threshold enforcement, edge cases), KeyEscrowRecoveryIntegrationTests (full escrow/recovery flow with mocked stores).
- **Verdict**: PASS