Skip to content

Fix verification when key specifies hash algorithm #168

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: develop
Choose a base branch
from
Open

Fix verification when key specifies hash algorithm #168

wants to merge 7 commits into from

Conversation

@abeverley
Copy link

@abeverley abeverley commented Feb 3, 2024

If an ARC key specifies the hash type as SHA256 (i.e. h=sha256) then OpenARC will fail to verify the signature. Whilst the presence of a particular hash type is detected, the type is not set and it defaults to sha1.

flowerysong
flowerysong suggested changes Feb 4, 2024
View reviewed changes
Copy link
Contributor

@flowerysong flowerysong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks generally reasonable, but it does have some potential crashes that the previous structure avoided.

@abeverley
Copy link
Author

abeverley commented Feb 4, 2024

Thanks @flowerysong I really appreciate the quick feedback. I've added a couple of additional commits - would you mind taking a look now please?

flowerysong
flowerysong reviewed Feb 4, 2024
View reviewed changes
flowerysong pushed a commit to flowerysong/OpenARC that referenced this pull request Feb 6, 2024
@abeverley @flowerysong
Fix verification when key specifies hash algorithm
6275015 
trusteddomainproject/OpenARC#168
@flowerysong
Copy link
Contributor

flowerysong commented Feb 6, 2024

LGTM. I've integrated this and the other outstanding PRs that looked reasonable into the main branch at https://github.com/flowerysong/OpenARC.

I'm on vacation for the rest of the week so I don't have time to test this branch right now, but I hope to have a chance next week to set up some rudimentary CI.

@abeverley
Copy link
Author

abeverley commented Feb 6, 2024

I've integrated this and the other outstanding PRs that looked reasonable into the main branch at https://github.com/flowerysong/OpenARC.

Brilliant. Just to mention (for people's general interest) that I personally have been using the openarc package in Debian Experimental. It already includes a few existing PRs, and then I've added in #168 and #167. Seems to work well.

futatuki added a commit to futatuki/OpenARC that referenced this pull request Sep 16, 2024
@futatuki
Merge pull request trusteddomainproject#168 from simplelists/hashtype…
68bc7aa 
…_parse

Fix verification when key specifies hash algorithm

If an ARC key specifies the hash type as SHA256 (i.e. h=sha256) then
OpenARC will fail to verify the signature. Whilst the presence of a
particular hash type is detected, the type is not set and it defaults
to sha1.

trusteddomainproject#168
@flowerysong flowerysong mentioned this pull request Oct 16, 2024
Closed
60 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@flowerysong flowerysong flowerysong requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@abeverley @flowerysong