fix(verify): Fix a vulnerability in the verification of threshold signatures (due to handling of keys with multiple IDs) #369
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cedricvanrompay-datadog
changed the title
|
I realise I should probably have shared this privately with the maintainers instead of sending a public PR, apologies. |
|
Thanks for reporting this. I had found a similar issue for python-tuf before, but unfortunately we never got around to publishing it, which may explain why no other implementations had noticed. It looks good on a cursory glance, but let us review and merge ASAP. |
|
I'll do a more detailed review, but it looks like this needs DCO and conventional commits
Yes, for future reference, but thanks for sharing this. We'll work to improve our security reporting docs to make the private reporting process more clear in the future. |
|
LGTM. I'll approve pending the failing checks |
trishankatdatadog
changed the title
trishankatdatadog
changed the title
ethan-lowman-dd
approved these changes
Sep 2, 2022
trishankatdatadog
approved these changes
Sep 2, 2022
There was a problem hiding this comment.
LGTM, @cedricvanrompay-datadog, @ethan-lowman-dd, and I discussed this over Zoom, thanks!
mnm678
approved these changes
Sep 2, 2022
Closed
znewman01
pushed a commit
to znewman01/go-tuf
that referenced
this pull request
Sep 7, 2022
…natures (due to handling of keys with multiple IDs) (theupdateframework#369) * add test for several signatures same key diff ID * fix verifying threshold signatures * add some comments * rename variables and add comments Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
This was referenced Sep 7, 2022
znewman01
pushed a commit
to znewman01/go-tuf
that referenced
this pull request
Sep 7, 2022
…natures (due to handling of keys with multiple IDs) (theupdateframework#369) * add test for several signatures same key diff ID * fix verifying threshold signatures * add some comments * rename variables and add comments Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com> Signed-off-by: Zachary Newman <z@znewman.net>
znewman01
added a commit
that referenced
this pull request
Sep 7, 2022
…eshold si… (#375) fix(verify): Fix a vulnerability in the verification of threshold signatures (due to handling of keys with multiple IDs) (#369) * add test for several signatures same key diff ID * fix verifying threshold signatures * add some comments * rename variables and add comments Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com> Signed-off-by: Zachary Newman <z@znewman.net> Signed-off-by: Zachary Newman <z@znewman.net> Co-authored-by: Cédric Van Rompay <97546950+cedricvanrompay-datadog@users.noreply.github.com> Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
5 tasks
arbll
pushed a commit
to DataDog/go-tuf
that referenced
this pull request
Sep 28, 2022
…natures (due to handling of keys with multiple IDs) (theupdateframework#369) * add test for several signatures same key diff ID * fix verifying threshold signatures * add some comments * rename variables and add comments Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Release Notes: Fixes a vulnerability in the verification of threshold signatures (due to handling of keys with multiple IDs)
Types of changes:
Description of the changes being introduced by the pull request:
Go-TUF has a security vulnerability in the way it validates threshold signatures: it relies on the key IDs declared in the metadata file it is currently validating (varibale
sig.KeyID) to tell if this new signature should count towards the threshold, assuming that these IDs will be the same as the one it generates (verifier.MarshalPublicKey().IDs()). This assumption can be made false and this can be leveraged to forge valid threshold signatures using a number of keys which, in theory, should be insufficient.This PR adds a test demonstrating the vulnerability, then it fixes the vulnerability.
My opinion however is that Go-TUF should stop trying to be compatible with old versions of TUF implementations that were assigning several IDs to a same key, as this makes signature validation way too error-prone. Note that all versions of the TUF specification since version 1 are very clear on there being a single correct way to compute the key ID:
Also, I am aware that TAP 12 (which does not apply to TUF 1.0.x anyway) introduces key ID flexibility. A better solution than the one in this PR would be to apply the recommendation in TAP 12 to "use a standardized representation for keys, like the modulus and exponent for RSA or the point and curve for ECC". That's probably something we should do in Go-TUF without waiting for TUF 1.1.
Please verify and check that the pull request fulfills the following requirements: