New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Generated Secret Connection keys are all zeroes #118

Closed
tarcieri opened this Issue Nov 25, 2018 · 5 comments

Comments

Projects
None yet
1 participant
@tarcieri
Copy link
Collaborator

tarcieri commented Nov 25, 2018

This is a critical bug. Via the forums:

https://forum.cosmos.network/t/ann-tendermint-kms-v0-2-validator-signing-support/1361/11?u=iqlusion

xxd /opt/tmkms/config/secret_connection.key
00000000: 0000 0000 0000 0000 0000 0000 0000 0000 …
00000010: 0000 0000 0000 0000 0000 0000 0000 0000 …

I am investigating.

@tarcieri tarcieri added the security label Nov 25, 2018

@tarcieri

This comment has been minimized.

Copy link
Collaborator

tarcieri commented Nov 25, 2018

I've reproduced this problem with a release build on Linux. So far I have been unable to reproduce it in either a debug or release build on macOS.

I am continuing to investigate.

@tarcieri

This comment has been minimized.

Copy link
Collaborator

tarcieri commented Nov 25, 2018

Another data point: on Linux, debug builds appear to generate a random key, but release builds do not.

@tarcieri

This comment has been minimized.

Copy link
Collaborator

tarcieri commented Nov 25, 2018

I've found the cause: a bug in the subtle-encoding crate where the encoding/decoding functionality was unintentionally gated on a debug_assert_eq! and therefore worked in debug builds, but failed in release builds.

Open PR to fix it here: iqlusioninc/crates#126

@tarcieri

This comment has been minimized.

Copy link
Collaborator

tarcieri commented Nov 25, 2018

That PR has been merged. I'll try to get a release of everything, including tmkms, out later today.

I have also updated the CI configuration for subtle-encoding to run the tests in release mode to ensure this sort of thing doesn't happen in the future. I also confirmed that doing so would've caught this bug:

https://travis-ci.org/iqlusioninc/crates/jobs/459482729

@tarcieri tarcieri closed this in bc8bca0 Nov 27, 2018

tarcieri added a commit that referenced this issue Nov 27, 2018

Merge pull request #124 from tendermint/subtle-encoding/v0.3
Cargo.toml: Update to subtle-encoding v0.3 (fixes #118)
@tarcieri

This comment has been minimized.

Copy link
Collaborator

tarcieri commented Nov 27, 2018

This will be fixed in the forthcoming v0.2.1 release, which should be out shortly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment