Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix private decoding bug #61

Merged
merged 1 commit into from
Dec 1, 2023
Merged

Conversation

BlackHoleFox
Copy link
Collaborator

@BlackHoleFox BlackHoleFox commented Oct 7, 2023

Fixes a bug where the decode implementation of PrivateKey would attempt to validate the full key matched itself even when it was encrypted. This is obviously wrong so don't do that. Regression test included that fails when the fix is removed.

Depends on #60
Bug originally reported in #59 (comment)

Copy link

@sug0 sug0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested these changes, and unfortunately decoding encrypted keys is still broken :(
EDIT: well I guess you didn't port every change from the other pr haha

rand_core = { version = "0.5", default-features = false }
bcrypt-pbkdf = { version = "0.10", default-features = false }
base64ct = { version = "1.6", default-features = false, features = ["alloc"] }
ed25519-dalek = { version = "2", default-features = false, features = ["alloc", "fast", "rand_core"] }
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good call! GHSA-w5vr-6qhr-36cc

@BlackHoleFox
Copy link
Collaborator Author

I tested these changes, and unfortunately decoding encrypted keys is still broken :(

I don't quite know how to reproduce your issue yet, so no deep dive has been attempted. Is therea way you could create an encrypted key that reproduces the issue which can be uploaded here for testing?

EDIT: well I guess you didn't port every change from the other pr haha

@sug0 Apologies if that wasn't clear. I had posted on a specific thread in your PR as a scope attempt.

@sug0
Copy link

sug0 commented Oct 8, 2023

@BlackHoleFox of course. clone https://github.com/sug0/git-signify and checkout the branch signify-decoding-bug. build the bin (or run cargo run -- ...args). under the keys/ directory you'll find some sample keys I've generated with the signify cli util from openbsd; the password to the private key is 1234.

this util signs arbitrary git objects. let's say we want to sign HEAD. we can run:

cargo run -- sign -k keys/key.sec HEAD

even after you input the right password, you'll never be able to decrypt the private key. if you switch back to main, and rebuild the util, you'll be able to decrypt the key and sign HEAD.

@badboy badboy merged commit 988984c into badboy:main Dec 1, 2023
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants