Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

keyfile cannot have a newline or other white space #37

Open
hacklschorsch opened this issue May 6, 2021 · 4 comments
Open

keyfile cannot have a newline or other white space #37

hacklschorsch opened this issue May 6, 2021 · 4 comments

Comments

@hacklschorsch
Copy link
Member

hacklschorsch commented May 6, 2021
edited

I am setting up a tahoe-LAFS storage node, and ran into a problem where the key could not be decoded:

If the file holding the ristretto key ends with a newline, or a blank, or something not a NUL byte apparently, the decoding will fail with a pretty opaque DecodeException() without further info. This has cost me a couple of hours :( In the past I only had systems fail because files didn't end with a newline, so this is a fun and welcome change. Even better I would like more robust parsing.

Or maybe just add this to the spec and make our users call .strip() on the strings they send decode_base64()'s way?

Steps to reproduce

[nix-shell:~]$ python
Python 2.7.17 (default, Oct 19 2019, 18:58:51) 
[GCC 8.3.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import challenge_bypass_ristretto
>>> challenge_bypass_ristretto.SigningKey.decode_base64("SILOWzbnkBjxC1hGde9d5Q3Ir/4yLosCLEnEQGAxEQE= ")

Note the blank character at the end of the string.

Expected behaviour

Maybe just work:

challenge_bypass_ristretto.SigningKey.decode_base64("SILOWzbnkBjxC1hGde9d5Q3Ir/4yLosCLEnEQGAxEQE= ")
SigningKey(_raw=<cdata 'struct C_SigningKey *' 0x7dfdc0>)

Or maybe fail with a more specific error description:

challenge_bypass_ristretto.SigningKey.decode_base64("SILOWzbnkBjxC1hGde9d5Q3Ir/4yLosCLEnEQGAxEQE= ")
raise DecodeException("Invalid key format. Expected: base64 encoded 128 bit number, no bit more or less. Just like Python itself, we do not ignore white space.")

Actual behavior

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/nix/store/igr2wqv5jh9c0aqn0c2brn98x35cvlr3-python-2.7.17-env/lib/python2.7/site-packages/challenge_bypass_ristretto/__init__.py", line 61, in decode_base64
    raise DecodeException()
challenge_bypass_ristretto.DecodeException

Workaround

Write your key file with echo -n or a proper editor that lets you not add a newline. (I had only nano on that system, not great.)
hacklschorsch added a commit to hacklschorsch/ZKAPAuthorizer that referenced this issue May 6, 2021
@hacklschorsch
Eliminate white space around ristretto key when reading key file
b8b690a 
It is easy to erroneously add extra white space to a text file. For example when writing with an editor like `nano` or when using `echo` without the `-n` argument.

Handing that white space over to python-challenge-bypass-ristretto's `decode_base64()` method will make it fail in a rather opaque way, see LeastAuthority/python-challenge-bypass-ristretto#37.

This eliminates white space including newlines around the key expected to be in that file.
@hacklschorsch hacklschorsch mentioned this issue May 6, 2021
Closed
@hacklschorsch
Copy link
Member Author

Fixed by PrivateStorageio/ZKAPAuthorizer#198.

@exarkun
Copy link
Contributor

exarkun commented Oct 4, 2021

I think any other users of python-challenge-bypass-ristretto still have the same problem so this should remain open.

@exarkun exarkun reopened this Oct 4, 2021
@hacklschorsch
Copy link
Member Author

Thanks!
Which ones do? We should file bugs there then I guess.

The decision to export such a German API is valid, I guess, even if a bit more laissez faire would be nice of course.
I don't see it as a bug really.

What kind of fix would you like to see?

@exarkun
Copy link
Contributor

exarkun commented Oct 4, 2021

I'd be happy with either of the expected behaviors suggested in the issue description (maybe with a custom exception type instead of a lot of words for the exception case).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@exarkun @hacklschorsch