Comments (2)
from tink.
In AesGcmHkdfStreaming.java, we can verify the integrity of the segments individually but we cannot verify the integrity of the file as a whole: header || seg1 || seg2 || ... || seg_n. An integrity attack could be using a segment from another file to replace a segment of that file, assuming that the attacker can obtain 2 files encrypted by the same key.
Each file is encrypted with a unique key derived from the master key and the salt in the file header. The salt is not authenticated, thus an attacker can copy file 1's salt to file 2, and copy file 1's segments to overwrite file 2's segments. There are two scenarios:
1/ The attacker copies the whole file. They basically change the file path. This could be an issue if users don't authenticate the file path. At the API level, StreamingAead however doesn't know if users are going to encrypt a file or just a stream. So it seems that there's a disconnection between what we offer and what users might be expecting, and that could lead to potential misuses. We can address this by introducing an API for file encryption in which the file path is used as the additional associated data, but there's a concern that it would break when the file path changes (i.e., people making copies of their data).
2/ Assuming that file_1 and file_2 are encrypted with the same key and chunk size. The attacker overwrites file_1's salt with file_2's salt and overwrite file_1's segment 1 with file_2's segment 1. This is similar to scenario #1 in which the only information that the attacker did actually change is the file path.
I would suggest having a mode where we can check this as well, for example, a file can look like header || seg1 || seg2 || ... || seg_n || footer. Where footer is the collection of all the GCM integrity tags of the segments, and also being authenticated, so footer might look like: IV_f || tag1 || tag2 || ... || tag_n || tag_footer.
Now, if one wants to verify the integrity of the file, he collects the gcm tags from the segments and computes a tag to compare with tag_footer, this can only be done if he is the owner of the file with the proper key.
Because of the above observation this is not necessary because segments cannot be actually copied.
I'm going to close this issue, please reopen if you disagree with the assessment or if you have any other suggestions.
Thanks!
from tink.
Related Issues (20)
- tink cannot be installed on arm64 linux HOT 9
- Cannot install it with googleapis-common-protos and other related libs in python HOT 7
- Envelope AEAD Performance with GCP KMS HOT 1
- java tink library is not scaling with java threads HOT 1
- Tink installation on bazel and pip3 fail HOT 4
- Missing classes dectected while running R8 HOT 11
- Is Tink for Objective-C buildable via Bazel? HOT 9
- Recommendation on the best approach for rotation HOT 1
- tink 1.7.0 depends on protobuf 3.20.1 which has a security vulnerability patched in a newer version HOT 4
- Windows OS Support HOT 4
- Cannot download tinkey - The project to be billed is associated with a closed billing account. HOT 2
- cannot verify signature HOT 3
- java.security.GeneralSecurityException: cannot verify signature HOT 1
- No manager for type 'type.googleapis.com/google.crypto.tink.HpkePrivateKey' has been registered HOT 2
- H HOT 1
- compile tink cpp library for ios HOT 4
- OSS-Fuzz issue 66058 HOT 1
- Intent to archive https://github.com/google/tink
- Duplicate class found in modules jetified-tink-1.8.0 and jetified-tink-android-1.8.0 HOT 1
- Add PRF Documentation to website HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tink.