Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[zk-token-sdk] Limit max seed length for key derivations #33700

Merged
merged 4 commits into from
Oct 20, 2023
Merged

[zk-token-sdk] Limit max seed length for key derivations #33700

merged 4 commits into from
Oct 20, 2023

Conversation

samkim-crypto
Copy link
Contributor

@samkim-crypto samkim-crypto commented Oct 15, 2023
edited
Loading

Problem

#33508

Summary of Changes

Add a maximum length (2^16 bytes, which should be plenty for any practical usecase) check on the maximum seed length for ElGamal and AES keypairs.

Fixes #

@samkim-crypto samkim-crypto added the work in progress This isn't quite right yet label Oct 15, 2023
@codecov
Copy link

codecov bot commented Oct 15, 2023
edited
Loading

Codecov Report

Merging #33700 (45e502d) into master (c98c24b) will increase coverage by 0.0%.
Report is 6 commits behind head on master.
The diff coverage is 97.4%.

@@           Coverage Diff           @@
##           master   #33700   +/-   ##
=======================================
  Coverage    81.8%    81.8%           
=======================================
  Files         806      806           
  Lines      218058   218120   +62     
=======================================
+ Hits       178415   178473   +58     
- Misses      39643    39647    +4

@samkim-crypto samkim-crypto added v1.17 PRs that should be backported to v1.17 and removed work in progress This isn't quite right yet labels Oct 20, 2023
joncinque
joncinque reviewed Oct 20, 2023
View reviewed changes
Copy link
Contributor

@joncinque joncinque left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

R+ with nits addressed

zk-token-sdk/src/encryption/auth_encryption.rs Outdated Show resolved Hide resolved
zk-token-sdk/src/encryption/elgamal.rs Outdated Show resolved Hide resolved
joncinque
joncinque reviewed Oct 20, 2023
View reviewed changes
Copy link
Contributor

@joncinque joncinque left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, just a couple more so that it'll pass CI

zk-token-sdk/src/encryption/auth_encryption.rs Outdated

if seed.len() < MINIMUM_SEED_LEN {
return Err(AuthenticatedEncryptionError::SeedLengthTooShort.into());
}
if seed.len() > MAXIMUM_SEED_LEN {
return Err(AuthenticatedEncryptionError::SeedLengthTooLarge.into());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh sorry, you'll also need this!

Suggested change
return Err(AuthenticatedEncryptionError::SeedLengthTooLarge.into());
return Err(AuthenticatedEncryptionError::SeedLengthTooLong.into());

zk-token-sdk/src/encryption/elgamal.rs Outdated

if seed.len() < MINIMUM_SEED_LEN {
return Err(ElGamalError::SeedLengthTooShort);
}
if seed.len() > MAXIMUM_SEED_LEN {
return Err(ElGamalError::SeedLengthTooLarge);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return Err(ElGamalError::SeedLengthTooLarge);
return Err(ElGamalError::SeedLengthTooLong);

@samkim-crypto samkim-crypto merged commit dd2b1bb into solana-labs:master Oct 20, 2023
32 checks passed
mergify bot pushed a commit that referenced this pull request Oct 20, 2023
@samkim-crypto @mergify
[zk-token-sdk] Limit max seed length for key derivations (#33700)
af6849a 
* limit max seed length for elgamal keypairs

* limit max seed length for authenticated encryption keys

* Apply suggestions from code review

Co-authored-by: Jon Cinque <[email protected]>

* rename `SeedLengthTooLarge` to `SeedLengthTooLong`

---------

Co-authored-by: Jon Cinque <[email protected]>
(cherry picked from commit dd2b1bb)
@mergify mergify bot mentioned this pull request Oct 20, 2023
Merged
samkim-crypto added a commit that referenced this pull request Oct 20, 2023
@mergify @samkim-crypto
v1.17: [zk-token-sdk] Limit max seed length for key derivations (back…
c9e8f9c 
…port of #33700) (#33795)

[zk-token-sdk] Limit max seed length for key derivations (#33700)

* limit max seed length for elgamal keypairs

* limit max seed length for authenticated encryption keys

* Apply suggestions from code review

Co-authored-by: Jon Cinque <[email protected]>

* rename `SeedLengthTooLarge` to `SeedLengthTooLong`

---------

Co-authored-by: Jon Cinque <[email protected]>
(cherry picked from commit dd2b1bb)

Co-authored-by: samkim-crypto <[email protected]>
@samkim-crypto samkim-crypto mentioned this pull request Nov 11, 2023
Closed
@HaoranYi HaoranYi mentioned this pull request Apr 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joncinque joncinque joncinque approved these changes

Assignees
No one assigned
Labels
v1.17 PRs that should be backported to v1.17
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@samkim-crypto @joncinque