Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix!: avoid Encryptable domain collisions #6275

Merged
merged 1 commit into from
Apr 15, 2024
Merged

fix!: avoid Encryptable domain collisions #6275

merged 1 commit into from
Apr 15, 2024

Conversation

AaronFeickert
Copy link
Collaborator

Description

Updates a few Encryptable implementations to make domains canonical.

Closes #6274.

Motivation and Context

As noted in #6274, concatenation of variable-length data when generating Encryptable domains for AEAD associated data is not canonical for several types, and could result in collisions.

This PR updates the affected implementations to use fixed-size length prepending.

How Has This Been Tested?

Existing tests.

What process can a PR reviewer use to test or verify this change?

Ensure that all Encryptable implementations have canonical domain encodings that cannot collide.

BREAKING CHANGE: Affects the way that local encrypted data is authenticated, so existing encrypted databases will not function correctly.

@AaronFeickert AaronFeickert requested a review from a team as a code owner April 12, 2024 16:01
@github-actions GitHub Actions
Copy link

Test Results (CI)

    3 files    120 suites   39m 29s ⏱️
1 277 tests 1 277 ✅ 0 💤 0 ❌
3 823 runs  3 823 ✅ 0 💤 0 ❌

Results for commit dacfc43.

@ghpbot-tari-project ghpbot-tari-project added P-acks_required Process - Requires more ACKs or utACKs P-reviews_required Process - Requires a review from a lead maintainer to be merged labels Apr 12, 2024
@github-actions GitHub Actions
Copy link

Test Results (Integration tests)

 2 files  + 2  11 suites  +11   37m 54s ⏱️ + 37m 54s
33 tests +33  30 ✅ +30  0 💤 ±0  3 ❌ +3 
36 runs  +36  33 ✅ +33  0 💤 ±0  3 ❌ +3 

For more details on these failures, see this check.

Results for commit dacfc43. ± Comparison against base commit 0019c11.

@ghpbot-tari-project ghpbot-tari-project removed the P-reviews_required Process - Requires a review from a lead maintainer to be merged label Apr 15, 2024
@SWvheerden SWvheerden merged commit 39a3fba into tari-project:development Apr 15, 2024
14 of 16 checks passed
sdbondi added a commit to sdbondi/tari that referenced this pull request Apr 15, 2024
@sdbondi
Merge branch 'development' into update-feature-dan2
9afd2c8 
* development:
  fix!: avoid `Encryptable` domain collisions (tari-project#6275)
  ci(fix): docker image build fix and ci improvements (tari-project#6270)
  feat: keep smt memory (tari-project#6265)
  feat: show warning when GRPC method is disallowed (tari-project#6246)
  fix(chat): metadata panic (tari-project#6247)
  feat: add monerod detection as an option to the merge mining proxy (tari-project#6248)
  chore(deps): bump h2 from 0.3.24 to 0.3.26 (tari-project#6250)
  feat: improve lmdb dynamic growth (tari-project#6242)
  feat: allow wallet type from db to have preference (tari-project#6245)
  feat: prevent mempool panic (tari-project#6239)
  ci: bump nightly version (tari-project#6241)
  feat: add validation for zero confirmation block sync (tari-project#6237)
  feat: new template with coinbase call (tari-project#6226)
  feat: improve wallet sql queries (tari-project#6232)
  chore: remove ahash as dependancy (tari-project#6238)
  feat: add dynamic growth to lmdb (tari-project#6231)
  chore(deps): bump borsh from 0.10.3 to 1.0.0 in /applications/minotari_ledger_wallet (tari-project#6236)
sdbondi added a commit to sdbondi/tari that referenced this pull request Apr 15, 2024
@sdbondi
Merge branch 'development' into update-feature-dan2
00cdbb0 
* development:
  fix!: avoid `Encryptable` domain collisions (tari-project#6275)
  ci(fix): docker image build fix and ci improvements (tari-project#6270)
  feat: keep smt memory (tari-project#6265)
  feat: show warning when GRPC method is disallowed (tari-project#6246)
  fix(chat): metadata panic (tari-project#6247)
  feat: add monerod detection as an option to the merge mining proxy (tari-project#6248)
  chore(deps): bump h2 from 0.3.24 to 0.3.26 (tari-project#6250)
  feat: improve lmdb dynamic growth (tari-project#6242)
  feat: allow wallet type from db to have preference (tari-project#6245)
  feat: prevent mempool panic (tari-project#6239)
  ci: bump nightly version (tari-project#6241)
  feat: add validation for zero confirmation block sync (tari-project#6237)
  feat: new template with coinbase call (tari-project#6226)
  feat: improve wallet sql queries (tari-project#6232)
  chore: remove ahash as dependancy (tari-project#6238)
  feat: add dynamic growth to lmdb (tari-project#6231)
  chore(deps): bump borsh from 0.10.3 to 1.0.0 in /applications/minotari_ledger_wallet (tari-project#6236)
@AaronFeickert AaronFeickert deleted the field-binding branch April 15, 2024 16:13
SWvheerden added a commit to SWvheerden/tari that referenced this pull request Apr 22, 2024
@SWvheerden
Revert "fix!: avoid Encryptable domain collisions (tari-project#6275)"
45f8005 
This reverts commit 39a3fba.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SWvheerden SWvheerden SWvheerden approved these changes

Assignees
No one assigned
Labels
P-acks_required Process - Requires more ACKs or utACKs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Possible collisions in encrypted database field bindings
3 participants
@AaronFeickert @SWvheerden @ghpbot-tari-project