fix(weaver): zero-pad ECDH shared secret in eciesEncryptMessage#4409
Open
mskrzypkows wants to merge 11 commits into
Open
fix(weaver): zero-pad ECDH shared secret in eciesEncryptMessage#4409mskrzypkows wants to merge 11 commits into
mskrzypkows wants to merge 11 commits into
Conversation
The ECDH shared secret Z was passed to the KDF without zero-padding in eciesEncryptMessage, while eciesDecryptMessage always padded it to the full field size. When a random ephemeral key produced a shared secret with leading zero bytes, the two sides derived different AES keys, causing decryption to silently produce garbage. Fix by applying the same zero-padding in the encrypt path, and replace the hardcoded 32 in the decrypt path with Math.ceil(level / 8) to correctly handle both P-256 and P-384 curves. Regression test added with a pre-found ephemeral key that deterministically produces a 31-byte shared secret with the test certificate's public key. Assisted-by: anthropic:claude-sonnet-4.6 Signed-off-by: Maciej Skrzypkowski <mskr@gmx.com>
Contributor
|
@mskrzypkows Please update your PR and check if this is already implemented now? |
Author
|
Yes, it's implemented, we can close it or if we need additional test then it can be merged. |
Signed-off-by: Maciej Skrzypkowski <mskr@gmx.com>
- Remove release/v3.0.0-staging branch, as its merged.
- Reduce number of PRs to 1, as often dependabot duplicates PRs with
almost same updates.
Signed-off-by: Sandeep Nishad <sandeepn.official@gmail.com>
Signed-off-by: Maciej Skrzypkowski <mskr@gmx.com>
Assisted-by: Google:Gemini Signed-off-by: Sandeep Nishad <sandeepn.official@gmail.com> Signed-off-by: Maciej Skrzypkowski <mskr@gmx.com>
Assisted-by: anthropic:claude-opus-4.7 Signed-off-by: Sandeep Nishad <sandeepn.official@gmail.com> Signed-off-by: Maciej Skrzypkowski <mskr@gmx.com>
Pushing Cargo.lock causes dirty publish. Hence deleted and added in gitignore to not allow push it in future Signed-off-by: Sandeep Nishad <sandeepn.official@gmail.com> Signed-off-by: Maciej Skrzypkowski <mskr@gmx.com>
Signed-off-by: Sandeep Nishad <sandeepn.official@gmail.com> Signed-off-by: Maciej Skrzypkowski <mskr@gmx.com>
Fix broken external documentation links (replaced labs.hyperledger.org with hyperledger-cacti.github.io). Remove references to deprecated and non-existent weaver/docs directories in weaver/README.md and update incorrect documentation paths in various sample READMEs. Fixes hyperledger-cacti#4037 Co-authored-by: Dev10-sys <kalpanagola9897@gmail.com> Assisted-by: google:gemini-1.5-pro Signed-off-by: ParthSinghPS <posiedon.1721@gmail.com> Signed-off-by: Maciej Skrzypkowski <mskr@gmx.com>
Signed-off-by: Mustafa Sayyed <mustafasayyed2429@gmail.com> Signed-off-by: Maciej Skrzypkowski <mskr@gmx.com>
…er_bug Signed-off-by: Maciej Skrzypkowski <mskr@gmx.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The ECDH shared secret Z was passed to the KDF without zero-padding in eciesEncryptMessage, while eciesDecryptMessage always padded it to the full field size. When a random ephemeral key
produced a shared secret with leading zero bytes, the two sides derived different AES keys, causing decryption to silently produce garbage.
Fix by applying the same zero-padding in the encrypt path, and replace the hardcoded 32 in the decrypt path with Math.ceil(level / 8) to correctly handle both P-256 and P-384 curves.
Regression test added with a pre-found ephemeral key that deterministically
produces a 31-byte shared secret with the test certificate's public key.
Assisted-by: anthropic:claude-sonnet-4.6