Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wallet database encryption does not bind to field keys #4137

Closed
AaronFeickert opened this issue May 25, 2022 · 0 comments
Closed

Wallet database encryption does not bind to field keys #4137

AaronFeickert opened this issue May 25, 2022 · 0 comments
Assignees
@agubarev

Comments

@AaronFeickert
Copy link
Collaborator

Wallet database field key-value entries are secured in place: AES-GCM is used to encrypt values, with keys left in the clear. However, the value encryption does not bind this operation to the field key. An attacker could replace these values with other encrypted values taken from elsewhere in the database (or otherwise encrypted using the same AES-GCM key) without detection.

One mitigation is to use the field key as associated data passed to the encryption and decryption operations.
agubarev added a commit to agubarev/tari that referenced this issue Jul 22, 2022
@agubarev
Added source_key to encrypt_bytes_integral_nonce() and `decrypt_b…
3679280 
…ytes_integral_nonce`.

tari-project#4137
Signed-off-by: Andrei Gubarev <agubarev@users.noreply.github.com>
agubarev added a commit to agubarev/tari that referenced this issue Jul 22, 2022
@agubarev
Added source_key to encrypt_bytes_integral_nonce() and `decrypt_b…
4bbce2d 
…ytes_integral_nonce`.

tari-project#4137
Signed-off-by: Andrei Gubarev <agubarev@users.noreply.github.com>
agubarev added a commit to agubarev/tari that referenced this issue Jul 22, 2022
@agubarev
Added source_key to encrypt_bytes_integral_nonce() and `decrypt_b…
f792531 
…ytes_integral_nonce`.

tari-project#4137
Signed-off-by: Andrei Gubarev <agubarev@users.noreply.github.com>
@agubarev agubarev mentioned this issue Jul 22, 2022
Merged
agubarev added a commit to agubarev/tari that referenced this issue Jul 23, 2022
@agubarev
Added source_key to encrypt_bytes_integral_nonce() and `decrypt_b…
3f047f4 
…ytes_integral_nonce`.

tari-project#4137
Signed-off-by: Andrei Gubarev <agubarev@users.noreply.github.com>
agubarev added a commit to agubarev/tari that referenced this issue Jul 23, 2022
@agubarev
Added source_key to encrypt_bytes_integral_nonce() and `decrypt_b…
84a676b 
…ytes_integral_nonce`.

tari-project#4137
Signed-off-by: Andrei Gubarev <agubarev@users.noreply.github.com>
agubarev added a commit to agubarev/tari that referenced this issue Jul 25, 2022
@agubarev
Added source_key and a MAC to encrypt_bytes_integral_nonce() and …
864ae02 
…`decrypt_bytes_integral_nonce()`.

tari-project#4137
Signed-off-by: Andrei Gubarev <agubarev@users.noreply.github.com>
agubarev added a commit to agubarev/tari that referenced this issue Jul 25, 2022
@agubarev
Added source_key and a MAC to encrypt_bytes_integral_nonce() and …
8bd5226 
…`decrypt_bytes_integral_nonce()`.

tari-project#4137
Signed-off-by: Andrei Gubarev <agubarev@users.noreply.github.com>
agubarev added a commit to agubarev/tari that referenced this issue Jul 28, 2022
@agubarev
Added source_key and a MAC to encrypt_bytes_integral_nonce() and …
c2fee14 
…`decrypt_bytes_integral_nonce()`.

tari-project#4137
Signed-off-by: Andrei Gubarev <agubarev@users.noreply.github.com>
agubarev added a commit to agubarev/tari that referenced this issue Jul 28, 2022
@agubarev
Added source_key and a MAC to encrypt_bytes_integral_nonce() and …
ca5c58a 
…`decrypt_bytes_integral_nonce()`.

tari-project#4137
Signed-off-by: Andrei Gubarev <agubarev@users.noreply.github.com>
agubarev added a commit to agubarev/tari that referenced this issue Jul 29, 2022
@agubarev
Added source_key and a MAC to encrypt_bytes_integral_nonce() and …
983ee93 
…`decrypt_bytes_integral_nonce()`.

tari-project#4137
Signed-off-by: Andrei Gubarev <agubarev@users.noreply.github.com>
@agubarev agubarev self-assigned this Aug 1, 2022
aviator-app bot pushed a commit that referenced this issue Aug 3, 2022
@agubarev
fix: wallet database encryption does not bind to field keys #4137 (#4340
32184b5 
)

Description
---
Added `source_key` to `encrypt_bytes_integral_nonce()` and `decrypt_bytes_integral_nonce()` which are used to encrypt and decrypt values in the storage backend. Also, encrypted values are now suffixed with a MAC.

Motivation and Context
---
#4137
Wallet database field key-value entries are secured in place: AES-GCM is used to encrypt values, with keys left in the clear. However, the value encryption does not bind this operation to the field key. An attacker could replace these values with other encrypted values taken from elsewhere in the database (or otherwise encrypted using the same AES-GCM key) without detection.

One mitigation is to use the field key as associated data passed to the encryption and decryption operations.

How Has This Been Tested?
---
unit test
sdbondi added a commit to sdbondi/tari that referenced this issue Aug 4, 2022
@sdbondi
Merge branch 'development' into dan-layer-state-store
214fc14 
* development:
  fix: wallet database encryption does not bind to field keys tari-project#4137 (tari-project#4340)
  fix: use SafePassword struct instead of String for passwords (tari-project#4320)
  feat(dan): template macro handles component state (tari-project#4380)
  fix(dht)!: add message padding for message decryption, to reduce message length leaks (fixes tari-project#4140) (tari-project#4362)
  fix(wallet): update seed words for output manager tests (tari-project#4379)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@agubarev agubarev

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@agubarev @SWvheerden @AaronFeickert