From bb3150b7f1066d748bc26bfb9a893c3c09ef6412 Mon Sep 17 00:00:00 2001
From: Louis Thibault <louis@turnkey.io>
Date: Tue, 17 Sep 2024 12:58:17 -0400
Subject: [PATCH] Remove deprecated_insecure_shares_generate.

---
 src/qos_client/src/cli/mod.rs      |  2 +-
 src/qos_client/src/cli/services.rs | 17 ++++----
 src/qos_crypto/src/shamir.rs       | 64 ------------------------------
 3 files changed, 10 insertions(+), 73 deletions(-)

diff --git a/src/qos_client/src/cli/mod.rs b/src/qos_client/src/cli/mod.rs
index c164a767..279a5911 100644
--- a/src/qos_client/src/cli/mod.rs
+++ b/src/qos_client/src/cli/mod.rs
@@ -177,7 +177,7 @@ pub enum Command {
 	/// Pivot the enclave to the specified binary.
 	///
 	/// This command goes through the steps of generating a Quorum Key,
-	/// sharding it (N=1), creating/signing/posting a Manifest, and
+	/// sharding it (N=2), creating/signing/posting a Manifest, and
 	/// provisioning the quorum key.
 	DangerousDevBoot,
 	/// Provision a yubikey with a singing and encryption key.
diff --git a/src/qos_client/src/cli/services.rs b/src/qos_client/src/cli/services.rs
index 908f1d38..6fc05191 100644
--- a/src/qos_client/src/cli/services.rs
+++ b/src/qos_client/src/cli/services.rs
@@ -2026,16 +2026,17 @@ pub(crate) fn dangerous_dev_boot<P: AsRef<Path>>(
 
 	// Shard it with N=1, K=1
 	let share = {
-		let mut shares =
-			qos_crypto::shamir::deprecated_insecure_shares_generate(
-				quorum_pair.to_master_seed(),
-				1,
-				1,
-			);
+		let mut shares = qos_crypto::shamir::shares_generate(
+			quorum_pair.to_master_seed(),
+			2,
+			2,
+		)
+		.unwrap();
+
 		assert_eq!(
 			shares.len(),
-			1,
-			"Error generating shares - did not get exactly one share."
+			2,
+			"Error generating shares - did not get exactly two share."
 		);
 		shares.remove(0)
 	};
diff --git a/src/qos_crypto/src/shamir.rs b/src/qos_crypto/src/shamir.rs
index 31903a44..2089dc8d 100644
--- a/src/qos_crypto/src/shamir.rs
+++ b/src/qos_crypto/src/shamir.rs
@@ -4,9 +4,6 @@
 // The original code is under MIT license, see
 // https://github.com/veracruz-project/veracruz/blob/398e4d3ab3023492a64ea91740528e58776e1827/LICENSE_MIT.markdown
 
-use std::{convert::TryFrom, iter};
-
-use rand::Rng;
 use vsss_rs::Gf256;
 
 use crate::QosCryptoError;
@@ -133,19 +130,6 @@ fn gf256_div(a: u8, b: u8) -> u8 {
 	gf256_mul(a, GF256_EXP[usize::from(255 - GF256_LOG[usize::from(b)])])
 }
 
-/// Evaluate a polynomial at x over GF(256) using Horner's method.
-fn gf256_eval(f: &[u8], x: u8) -> u8 {
-	f.iter().rev().fold(0, |acc, c| gf256_mul(acc, x) ^ c)
-}
-
-/// Generate a random polynomial of given degree, fixing f(0) = secret.
-fn gf256_generate(secret: u8, degree: usize) -> Vec<u8> {
-	let mut rng = rand::thread_rng();
-	iter::once(secret)
-		.chain(iter::repeat_with(|| rng.gen_range(1..=255)).take(degree))
-		.collect()
-}
-
 /// Find f(0) using Lagrange interpolation.
 fn gf256_interpolate(xs: &[u8], ys: &[u8]) -> u8 {
 	assert!(xs.len() == ys.len());
@@ -164,54 +148,6 @@ fn gf256_interpolate(xs: &[u8], ys: &[u8]) -> u8 {
 	y
 }
 
-/// This is an old implementation with known runtime security problems and
-/// insufficient parameter checks. We are keeping it here to show that the new
-/// implementation is backwards compatible.
-///
-/// For meaningful k-of-n share configurations with k >= 2, this share
-/// generation mechanism should be fully compatible in both directions.
-///
-/// 1-of-n share generations (k=1) are rejected by the new vsss-rs
-/// implementation and not compatible.
-///
-/// Examples:
-/// n=1 k=1 should be possible but triggers `SharingMinThreshold` in new impl
-/// n=2 k=1 should be possible but triggers `SharingMinThreshold` in new impl
-///
-/// # Panics
-/// This function will panic if more than 255 shares are requested, as the
-/// `u8::try_from` conversion will fail.
-#[must_use]
-#[allow(clippy::expect_used)]
-pub fn deprecated_insecure_shares_generate(
-	secret: &[u8],
-	n: usize,
-	k: usize,
-) -> Vec<Vec<u8>> {
-	let mut shares = vec![vec![]; n];
-
-	// we need to store x for each point somewhere, so just prepend
-	// each array with it
-	for (i, share) in shares.iter_mut().enumerate().take(n) {
-		share.push(u8::try_from(i + 1).expect("exceeded 255 shares"));
-	}
-
-	for x in secret {
-		// generate random polynomial for each byte
-		let f = gf256_generate(*x, k - 1);
-
-		// assign each share a point at f(i)
-		for (i, share) in shares.iter_mut().enumerate().take(n) {
-			share.push(gf256_eval(
-				&f,
-				u8::try_from(i + 1).expect("exceeded 255 shares"),
-			));
-		}
-	}
-
-	shares
-}
-
 /// Generate `share_count` shares requiring `threshold` shares to reconstruct.
 ///
 /// Known limitations: