Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hashing API may produce collisions #4110

Closed
qwepoizt opened this issue Oct 19, 2021 · 0 comments
Closed

Hashing API may produce collisions #4110

qwepoizt opened this issue Oct 19, 2021 · 0 comments
Assignees
@lawli3t
Labels
7p seven points bug cm2022s for university course

Comments

@qwepoizt
Copy link
Contributor

qwepoizt commented Oct 19, 2021
edited by markus2330

@markus2330 wrote:
src/libs/ease/hash.c produces collisions in scenarios like key = "keyvalue", value = "" vs. key = "key" and value = "value".

Expected behavior: With different KeySet the sha256 should be different, especially the ones which are only slightly different.

@qwepoizt wrote:
This was noticed by @markus2330 in #4047 (comment) .

I.e. the following test case fails, because string1 is equal to string2 even though the two should be different:

/**
 * Test whether streaming API is aware of character order.
 */
static void test_streaming_aware_of_order (void)
{
	// Initialize sha_256 for streaming
	uint8_t hash1[SIZE_OF_SHA_256_HASH];
	struct Sha_256 sha_256_1;
	sha_256_init (&sha_256_1, hash1);

	const char * key = "key";
	const char * value = "value";
	
	sha_256_write (&sha_256_1, key, strlen(key));
	sha_256_write (&sha_256_1, value, strlen(value));
	sha_256_close (&sha_256_1);
	
	char string1[65];
	hash_to_string (string1, hash1);

	// Reinitialize sha_256 for streaming
	uint8_t hash2[SIZE_OF_SHA_256_HASH];
	struct Sha_256 sha_256_2;
	sha_256_init (&sha_256_2, hash2);
	const char * keyvalue = "keyvalue";

	sha_256_write (&sha_256_2, keyvalue, strlen(keyvalue));
	sha_256_close (&sha_256_2);

	char string2[65];
	hash_to_string (string2, hash2);

	succeed_if (strcmp(string1, string2) == 0, "streaming API of sha_256 is not aware of order!");
}

System Information

  • Elektra Version: master
@qwepoizt qwepoizt mentioned this issue Oct 19, 2021
Merged
20 tasks
@markus2330 markus2330 added bug cm2022s for university course labels Oct 21, 2021
@markus2330 markus2330 changed the title Make streaming API of sha-256.c aware of order Hashing API may produce collisions Oct 21, 2021
@lawli3t lawli3t self-assigned this Nov 23, 2021
@flo91 flo91 mentioned this issue Nov 27, 2021
Merged
20 tasks
@markus2330 markus2330 added the 7p seven points label Dec 13, 2021
flo91 pushed a commit to flo91/libelektra that referenced this issue Dec 17, 2021
@lawli3t @flo91
core: fix hashing collisions in streaming token by including NULL ter…
d931a4d 
…minators

Fixes ElektraInitiative#4110

Added tests to detect this issue as well as changed existing tests so
they with the newly generated hashes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lawli3t lawli3t

Labels
7p seven points bug cm2022s for university course
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lawli3t @markus2330 @qwepoizt