Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check authentication tag in penumbra #16

Open
bencmbrook opened this issue Jun 24, 2019 · 1 comment
Open

Check authentication tag in penumbra #16

bencmbrook opened this issue Jun 24, 2019 · 1 comment
Labels
security-nice Optional features that improve our security

Comments

@bencmbrook
Copy link
Member

bencmbrook commented Jun 24, 2019
edited
Loading

Right now we're skipping the authtag verification step, which is a tiny security flaw, because it doesn't verify the signature (see step 3 below), meaning Transcend could tamper with the encrypted bytes passed through (which, worst case, just breaks the file).

All we need to do is:

  1. set the authtag on the decipher object. This is done.
  2. decrypt all the data This is done.
  3. then verify the signature with decipher.final. This has to happen after decryption. I think new TransformStream takes a close argument where this may be possible.

This is good to do, because...

  • in the future we might add AAD like the User ID to federate files with coreIdentifiers.
  • people using this package for data that has more serious implications of tampering (i.e. where they're somehow vulnerable to a chosen ciphertext attack)
@michaelfarrell76 michaelfarrell76 transferred this issue from another repository Jun 28, 2019
@michaelfarrell76 michaelfarrell76 added the security Security label Jun 28, 2019
@michaelfarrell76 michaelfarrell76 mentioned this issue Nov 11, 2020
Merged
@dmattia
Copy link
Member

dmattia commented Feb 9, 2021

Could we add a severity to this issue @bencmbrook or @michaelfarrell76 so we can track it under an SLA? It would be good to assign someone as well for all open security Issues

@bencmbrook bencmbrook added the p4 label Feb 9, 2021
@michaelfarrell76 michaelfarrell76 added security-nice Optional features that improve our security and removed security Security p4 labels Feb 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security-nice Optional features that improve our security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bencmbrook @dmattia @michaelfarrell76