Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: issues with v4 tempering and obfuscation #277

Merged
merged 17 commits into from May 2, 2024
Merged

Fix: issues with v4 tempering and obfuscation #277

merged 17 commits into from May 2, 2024

Conversation

phanshiyu
Copy link

@phanshiyu phanshiyu commented Apr 30, 2024
edited

Why

We have the following problems:

1. Document can be tempered with by inserting empty [] or {} while passing verification

const SIGN_WRAPPED_DOCUMENT = document;
// malicious attacker can add a new empty array property anywhere
SIGN_WRAPPED_DOCUMENT.credentialSubject.children = []; 

verify(SIGN_WRAPPED_DOCUMENT) // still good

Leaf node

We define leaf node as a value in an object that does not have any children:
string | number | boolean | null | empty objects | empty arrays

The way we compute our hash (>v3) has always been over leaf nodes, but did not include empty objects | empty arrays. This allow [] or {} to be inserted into the document while still passing validation.

2. Document can be tempered with by changing the values from one type to the other provided they are string coerced to the same value. ie, true can be changed to "true"

This is how we hash each leaf node, as you can see, no type info is being accounted

keccak256(JSON.stringify({ [salt.path]: `${salt.value}:${get(document, salt.path)}` }))

3. Obfuscation does not error when it leaves behind new leaf nodes

How we perform obfuscation and allow the document to still verify as valid hinges on the fact that the obfuscation does not create a new leaf node; but you can imagine taking out all keys in an object would essentially have that effect, ie y: { x: 1 } is not leaf node, since it has a child, but now if we obfuscate x, we y now becomes a leaf node (see above on definition of leaf node).

The case with removing an item from an array can be illustrated below:

in js land

removing the first item from [0,1] will yield

[<empty item>, 1]

all good, empty items are not considered leaf node, so it does not affect the verification.. RIGHT!?

in JSON land

[<empty item>, 1]

becomes

[null, 1]

wait... null is a new leaf node; verification fails

What

  1. traverseAndFlatten our method to find leaf nodes will not include empty arrays and objects
  2. Hashing of each value now includes type information
  3. Assertions are done whether a new empty object or array is being introduced during obfuscation
  4. Fix obfuscation tests(still incomplete) and other tests that broke from this change
  5. Some renaming and light refactoring and type fixes/improvements

@phanshiyu phanshiyu requested a review from HJunyuan May 1, 2024 04:57
@phanshiyu phanshiyu marked this pull request as ready for review May 1, 2024 04:57
@phanshiyu phanshiyu changed the title wip: draft of changes to address issues raised Fix: issues with v4 tempering and obfuscation May 1, 2024
HJunyuan
HJunyuan reviewed May 2, 2024
View reviewed changes
src/4.0/__tests__/obfuscate.test.ts Show resolved Hide resolved
src/4.0/fixtures.ts Outdated Show resolved Hide resolved
src/4.0/fixtures.ts Outdated Show resolved Hide resolved
src/4.0/obfuscate.ts Outdated Show resolved Hide resolved
@phanshiyu phanshiyu merged commit 45cb43c into oa-v4 May 2, 2024
5 of 6 checks passed
@phanshiyu phanshiyu deleted the fix/oa-v4-digest-and-obfuscate branch May 2, 2024 06:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HJunyuan HJunyuan HJunyuan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@phanshiyu @HJunyuan