Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: don't fail early on bad gRPC username #5905

Conversation

AaronFeickert
Copy link
Collaborator

@AaronFeickert AaronFeickert commented Nov 4, 2023

Description

Modifies gPRC credential validation not to fail early on an incorrect username.

Closes #5904.

Motivation and Context

Concurrent work in #5902 modifies gPRC username comparison to be a (mostly) constant-time operation. However, overall credential validation will still fail early if the username is incorrect without running Argon2 on the provided passphrase. This could leak timing information to an attacker, who could use it to determine if the provided username is correct.

This PR modifies the credential validation flow to run both username and password validation. If either fails, a more generic error is returned. It is still possible to fail early on data that can't be parsed correctly; however, this doesn't leak any information and is therefore safe.

It also updates credential failure tests, which were written in a way that didn't fully exercise the proper failure mode.

Note that this will introduce a small conflict with #5902 that will require a trivial modification to address.

How Has This Been Tested?

Existing tests pass. Modified tests pass.

What process can a PR reviewer use to test or verify this change?

Check that the new validation flow has the intended effect, and that the updated test exercises the correct failure mode.

Copy link

github-actions bot commented Nov 4, 2023

Test Results (CI)

1 254 tests   1 254 ✔️  15m 10s ⏱️
     39 suites         0 💤
       1 files           0

Results for commit 971a924.

♻️ This comment has been updated with latest results.

@ghpbot-tari-project ghpbot-tari-project added P-acks_required Process - Requires more ACKs or utACKs P-reviews_required Process - Requires a review from a lead maintainer to be merged labels Nov 4, 2023
Copy link

github-actions bot commented Nov 4, 2023

Test Results (Integration tests)

31 tests  +31   31 ✔️ +31   14m 27s ⏱️ + 14m 27s
11 suites +11     0 💤 ±  0 
  2 files   +  2     0 ±  0 

Results for commit 971a924. ± Comparison against base commit 1195afb.

♻️ This comment has been updated with latest results.

Copy link
Contributor

@brianp brianp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, utAck

@ghpbot-tari-project ghpbot-tari-project removed the P-reviews_required Process - Requires a review from a lead maintainer to be merged label Nov 6, 2023
@AaronFeickert
Copy link
Collaborator Author

This is now superseded by an update to #5902.

@AaronFeickert AaronFeickert deleted the grpc-authentication-timing branch November 8, 2023 21:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
P-acks_required Process - Requires more ACKs or utACKs
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Early authentication timing failure could leak username correctness
3 participants