Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Use a constant-time Base64 encoder for secret key material #156

Merged
merged 1 commit into from
May 20, 2024
Merged

fix: Use a constant-time Base64 encoder for secret key material #156

merged 1 commit into from
May 20, 2024

Conversation

poljar
Copy link
Collaborator

@poljar poljar commented May 20, 2024
edited by dkasak
Loading

This patch fixes a security issue around a side-channel vulnerability1 when decoding secret key material using Base64.

In some circumstances an attacker can obtain information about secret key material via a controlled-channel and side-channel attack.

This patch avoids the side-channel by switching to the base64ct crate for the encoding, and more importantly, the decoding of secret key material.

Footnotes

  1. https://arxiv.org/abs/2108.04600

@poljar
fix: Use a constant-time Base64 encoder for secret key material
734b6c6 
This patch fixes a security issue around a side-channel vulnerability[1]
when decoding secret key material using Base64.

In some circumstances an attacker can obtain information about secret
secret key material via a controlled-channel and side-channel attack.

This patch avoids the side-channel by switching to the base64ct crate
for the encoding, and more importantly, the decoding of secret key
material.

[1]: https://arxiv.org/abs/2108.04600
@poljar poljar requested a review from dkasak as a code owner May 20, 2024 12:05
@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.57%. Comparing base (4ef989c) to head (734b6c6).
Report is 3 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #156   +/-   ##
=======================================
  Coverage   90.56%   90.57%           
=======================================
  Files          34       34           
  Lines        1908     1910    +2     
=======================================
+ Hits         1728     1730    +2     
  Misses        180      180

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@poljar poljar merged commit 77765da into main May 20, 2024
33 checks passed
@poljar poljar deleted the poljar/constant-time-base64-for-secret-keys branch May 20, 2024 14:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dkasak dkasak dkasak approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@poljar @codecov-commenter @dkasak