Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix private decoding bug #61

Merged
merged 1 commit into from
Dec 1, 2023
Merged

Fix private decoding bug #61

merged 1 commit into from
Dec 1, 2023

Conversation

BlackHoleFox
Copy link
Collaborator

@BlackHoleFox BlackHoleFox commented Oct 7, 2023
edited
Loading

Fixes a bug where the decode implementation of PrivateKey would attempt to validate the full key matched itself even when it was encrypted. This is obviously wrong so don't do that. Regression test included that fails when the fix is removed.

Depends on #60
Bug originally reported in #59 (comment)

@BlackHoleFox BlackHoleFox mentioned this pull request Oct 7, 2023
Closed
sug0
sug0 reviewed Oct 7, 2023
View reviewed changes
Copy link

@sug0 sug0 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested these changes, and unfortunately decoding encrypted keys is still broken :(
EDIT: well I guess you didn't port every change from the other pr haha

libsignify/Cargo.toml Outdated
rand_core = { version = "0.5", default-features = false }
bcrypt-pbkdf = { version = "0.10", default-features = false }
base64ct = { version = "1.6", default-features = false, features = ["alloc"] }
ed25519-dalek = { version = "2", default-features = false, features = ["alloc", "fast", "rand_core"] }
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good call! GHSA-w5vr-6qhr-36cc

@BlackHoleFox
Copy link
Collaborator Author

I tested these changes, and unfortunately decoding encrypted keys is still broken :(

I don't quite know how to reproduce your issue yet, so no deep dive has been attempted. Is therea way you could create an encrypted key that reproduces the issue which can be uploaded here for testing?

EDIT: well I guess you didn't port every change from the other pr haha

@sug0 Apologies if that wasn't clear. I had posted on a specific thread in your PR as a scope attempt.

@sug0
Copy link

sug0 commented Oct 8, 2023

@BlackHoleFox of course. clone https://github.com/sug0/git-signify and checkout the branch signify-decoding-bug. build the bin (or run cargo run -- ...args). under the keys/ directory you'll find some sample keys I've generated with the signify cli util from openbsd; the password to the private key is 1234.

this util signs arbitrary git objects. let's say we want to sign HEAD. we can run:

cargo run -- sign -k keys/key.sec HEAD

even after you input the right password, you'll never be able to decrypt the private key. if you switch back to main, and rebuild the util, you'll be able to decrypt the key and sign HEAD.

@badboy badboy merged commit 988984c into badboy:main Dec 1, 2023
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sug0 sug0 sug0 left review comments

@badboy badboy badboy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@BlackHoleFox @sug0 @badboy