fix(739) SignatureECDSAN destroying private key

[ikucuze]

fix for bug 739

[ikucuze]

fixes: #739

[norrisjeremy]

No, I very much oppose this.
We are not going to stop zero'ing private key data.

[ikucuze]

PR updated to always perform a copy of the array instead of not 0-ing it

[norrisjeremy]

This seems acceptable to me by best limiting any potential impact.

[norrisjeremy]

Can you fix this to correctly point to issue 739 and not issue 730 (which is unrelated).

[norrisjeremy]

Also, I would prefer if we included a full link to https://github.com/mwiede/jsch/issues/739 in the comment text, so that future readers don't have to figure out what issue 739 means.

[ikucuze]

Sorry. don't know how I did that

[ikucuze]

made me realize 2 things:
This copy of the private key has to be cleaned... as we don't know if ecdsa signing will clean it...
So I need Util.bzero to be changed to public.
Would you prefer then:

      byte[] keyCopy = Arrays.copyOf(prv_array, prv_array.length);
      ecdsa.setPrvKey(keyCopy);
      Util.bzero(keyCopy);

I also need to change the caller of setPubKey with the same fix :(

[ikucuze]

I pushed a new secured fixed regarding cleaning the key copy.
The resulting code starts to get ugly because of that unneeded copy...

[norrisjeremy]

Please revert those changes and simply constrain this change to making a copy of prv_array that is passed to ecdsa.setPrvKey().

The whole point of what I am asking you to do is to make as minimally invasive changes as possible to fix the issue you reported.
That way we reduce the chance of introducing any sort of regression or any sort of new vulnerability as much as possible.
The JSch codebase is very old and extremely fragile, and we try to minimize risk as much as possible.

[norrisjeremy]

made me realize 2 things: This copy of the private key has to be cleaned... as we don't know if ecdsa signing will clean it... So I need Util.bzero to be changed to public. Would you prefer then:

      byte[] keyCopy = Arrays.copyOf(prv_array, prv_array.length);
      ecdsa.setPrvKey(keyCopy);
      Util.bzero(keyCopy);

I also need to change the caller of setPubKey with the same fix :(

There is zero reason to zero the public key, as that is not sensitive data.

[ikucuze]

ok, just pushed a fix only for private key, adding a cleaning to the copy for security purpose

[norrisjeremy]

Please revert the unnecessary changes to src/main/java/com/jcraft/jsch/jce/Util.java.

[norrisjeremy]

Can you change this to point at https://github.com/mwiede/jsch/issues/739 instead of issue 739?
That way future readers don't have to figure out how to find what issue 739 means.

[ikucuze]

done

[norrisjeremy]

Please revert all these changes back to the minimally invasive change you had originally, which was to simply to call escda.setPrvKey(Arrays.copyOf(prv_array, prv_array.length));.

The whole point of this is to minimize risk as much as possible (both for any regressions as well as any newly introduced vulnerabilities) whilst fixing the issue you originally reported, which is that you were unable to create multiple sessions from a single JSch object instance.

[norrisjeremy]

There is no reason for this class to be made public.
Please revert this change.

[ikucuze]

needed to clean the copy

[norrisjeremy]

This change is unneeded though to accomplish what you have proposed.
src/main/java/com/jcraft/jsch/KeyPairECDSA.java will be utilizing the class src/main/java/com/jcraft/jsch/Util.java, not src/main/java/com/jcraft/jsch/jce/Util.java.
Therefore there is no need for the changes to make src/main/java/com/jcraft/jsch/jce/Util.java public.

[ikucuze]

Right, I was unaware of this duplicate code... fixed.

[ikucuze]

escda.setPrvKey(Arrays.copyOf(prv_array, prv_array.length));.

This is not acceptable as the copy array might stay in memory without cleaning in case of a positive number, thus setPrvKey won't clean it.
You fought for keeping the cleaning in SignatureECDSAN even if the priv_key is a parameter and not under its responsability. I think the responsability of the cleaning is in the hand of the code originating the data. Thus KeyPairECDSA is now reponsible to clean this copy, and for me was also was responsible for cleaning the original prv_array (and it does that correctly in its dispose() ).

[norrisjeremy]

escda.setPrvKey(Arrays.copyOf(prv_array, prv_array.length));.

This is not acceptable as the copy array might stay in memory without cleaning in case of a positive number, thus setPrvKey won't clean it. You fought for keeping the cleaning in SignatureECDSAN even if the priv_key is a parameter and not under its responsability. I think the responsability of the cleaning is in the hand of the code originating the data. Thus KeyPairECDSA is now reponsible to clean this copy, and for me was also was responsible for cleaning the original prv_array (and it does that correctly in its dispose() ).

I'll agree to keeping the introduction of Util.bzero() of the prv_array copy.

[ikucuze]

I'll agree to keeping the introduction of Util.bzero() of the prv_array copy.

Ok, pushed that. Copy of public key do not get cleaned.
Copy of private key is done, by making Util public.
pushed that now

[norrisjeremy]

Please execute mvn formatter:format so that your changes are properly formatted and allow the Maven build to succeed.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[norrisjeremy]

I am good with these changes now.