Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

p2p/conn: simplify secret connection handshake malleability fix with merlin #4185

Merged
merged 7 commits into from
Nov 26, 2019
Merged

p2p/conn: simplify secret connection handshake malleability fix with merlin #4185

merged 7 commits into from
Nov 26, 2019

Conversation

zmanian
Copy link
Contributor

@zmanian zmanian commented Nov 24, 2019
edited
Loading

This simplifies transcript hashing using the merlin protocol rather than HKDF.
It's a cleaner API
This also only uses the transcript hash as a MAC. Fixes #4140 as well.

  • Referenced an issue explaining the need for the change
  • Updated all relevant documentation in docs
  • Updated all code comments where relevant
  • Wrote tests
  • Updated CHANGELOG_PENDING.md

@zmanian
Simplify secret connection handshake malleability fix with merlin.
752b46e 
Introduces new dependencies on github.com/gtank/merlin and sha3 as a cryptographic primitive

This also only uses the transcript hash as a MAC.
melekes
melekes reviewed Nov 25, 2019
View reviewed changes
Copy link
Contributor

@melekes melekes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Thank you

@tessr tessr changed the title Simplify secret connection handshake malleability fix with merlin. p2p/conn: simplify secret connection handshake malleability fix with merlin. Nov 25, 2019
@tessr tessr changed the title p2p/conn: simplify secret connection handshake malleability fix with merlin. p2p/conn: simplify secret connection handshake malleability fix with merlin Nov 25, 2019
melekes
melekes approved these changes Nov 26, 2019
View reviewed changes
Copy link
Contributor

@melekes melekes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@codecov-io
Copy link

Codecov Report

Merging #4185 into master will increase coverage by 0.13%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #4185      +/-   ##
==========================================
+ Coverage   67.43%   67.56%   +0.13%     
==========================================
  Files         221      221              
  Lines       18666    18658       -8     
==========================================
+ Hits        12587    12607      +20     
+ Misses       5125     5102      -23     
+ Partials      954      949       -5
Impacted Files Coverage Δ
p2p/conn/secret_connection.go 74.24% <100%> (+2.88%) ⬆️
blockchain/v2/routine.go 81.81% <0%> (-6.07%) ⬇️
consensus/state.go 79.21% <0%> (+1.26%) ⬆️
p2p/pex/pex_reactor.go 84.43% <0%> (+1.72%) ⬆️
privval/signer_listener_endpoint.go 89.13% <0%> (+2.17%) ⬆️
privval/signer_endpoint.go 81.08% <0%> (+5.4%) ⬆️

tac0turtle
tac0turtle approved these changes Nov 26, 2019
View reviewed changes
Copy link
Contributor

@tac0turtle tac0turtle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tessr
Copy link
Contributor

tessr commented Nov 26, 2019

Nice. I'm going to merge this, but I'd also love to read more about Merlin vs. HKDF, and it could be a useful thing to include in the comments of this PR. @zmanian do you have any resources handy?

(I personally have some understanding of Merlin--thanks Henry!--but don't know anything about HKDF, and I imagine others would find it useful too.)

@tessr tessr merged commit af3afc2 into master Nov 26, 2019
@tessr tessr deleted the zaki-merlin-secret-connection branch November 26, 2019 11:40
@tac0turtle
Copy link
Contributor

dev session?

@tessr
Copy link
Contributor

tessr commented Nov 26, 2019

That would be fun. Maybe we could get Henry or George to come, too.

@zmanian
Copy link
Contributor Author

zmanian commented Nov 26, 2019
edited
Loading

Transcript hashing and exchanging a transcript derived authenticator

Merlin is kind of the ideal transcript hashing API. It's safe accumulate and extract state in the function.

TLS 1.3 uses a strategy of concatenating all messages together.
https://tools.ietf.org/id/draft-ietf-tls-tls13-21.html#rfc.section.4.4.1

Noise uses HKDF to derive both encryption and MAC keys from the transcript.
https://noiseprotocol.org/noise.html#hash-functions

IMO Merlin is the nicest and easiest to understand API for doing thing. Our needs are basically like TLS 1.3. We don't really need to ability to accumulate and extract so we do have some downsiders to not doing the TLS thing. What I like about Merlin is that it's really unlikely that I made a mistake that would introduce malleability.

One downside of this is that it would make alternative language implementations harder. Merlin is available in go and rust. And likely c soonish.

@ebuchman
Copy link
Contributor

@zmanian can we get this set of changes written up in an RFC in https://github.com/tendermint/spec so we have a permanent place for the rationale to live. A bit backwards this time since the changes have already been merged, but we should follow the process. Also need to update the specs for this in that repo. Thanks!

@zmanian
Copy link
Contributor Author

zmanian commented Nov 26, 2019

Yes will do.

@tony-iqlusion tony-iqlusion mentioned this pull request Mar 23, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@melekes melekes

@tac0turtle tac0turtle

@ebuchman ebuchman

@tessr tessr

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

p2p/secret_connection: use the transcript solely for authentication (i.e. MAC)
6 participants
@zmanian @codecov-io @tessr @tac0turtle @ebuchman @melekes