fix: don't fail early on bad gRPC username #5905
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Modifies gPRC credential validation not to fail early on an incorrect username.
Closes #5904.
Motivation and Context
Concurrent work in #5902 modifies gPRC username comparison to be a (mostly) constant-time operation. However, overall credential validation will still fail early if the username is incorrect without running
Argon2
on the provided passphrase. This could leak timing information to an attacker, who could use it to determine if the provided username is correct.This PR modifies the credential validation flow to run both username and password validation. If either fails, a more generic error is returned. It is still possible to fail early on data that can't be parsed correctly; however, this doesn't leak any information and is therefore safe.
It also updates credential failure tests, which were written in a way that didn't fully exercise the proper failure mode.
Note that this will introduce a small conflict with #5902 that will require a trivial modification to address.
How Has This Been Tested?
Existing tests pass. Modified tests pass.
What process can a PR reviewer use to test or verify this change?
Check that the new validation flow has the intended effect, and that the updated test exercises the correct failure mode.