Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolves #53 Signing Enhancements #61

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Resolves #53 Signing Enhancements #61

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b569d8b
CR only requires closure reviewer signature
corinnt Oct 6, 2024
50f7e9f
only 2 Signatures in websubmit CriticalRegions
corinnt Oct 7, 2024
eac0971
swap PCR hasher for Sha256
corinnt Oct 13, 2024
d29d2ca
rm println
corinnt Oct 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 1 addition & 5 deletions alohomora/src/pcr.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,7 @@ pub struct PrivacyCriticalRegion<F> {
}
impl<F> PrivacyCriticalRegion<F> {
pub const fn new(f: F,
_author: Signature,
_fn_reviewer: Signature,
_cargo_lock_reviewer: Signature) -> Self {
_fn_reviewer: Signature) -> Self {
PrivacyCriticalRegion { f }
}
pub fn get_functor(self) -> F {
Expand All @@ -35,8 +33,6 @@ pub struct Signature {
pub signature: &'static str,
}

//TODO updated macro instructions w/ both author and reviewer & username and signature

/*
// Example of how to use this with a function definition.
//#[PrivacyCriticalRegion("signature")]
Expand Down
12 changes: 10 additions & 2 deletions alohomora_lints/Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions alohomora_lints/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ scrutils = { path = "../../scrutinizer/scrutils" }
syn = { version = "2.0.58", features = ["full"]}
quote = "1.0.37"
proc-macro2 = "1.0.86"
sha2 = "0.10.8"
hex = "0.4.3"

[dev-dependencies]
dylint_testing = "=2.5.0"
Expand Down
16 changes: 4 additions & 12 deletions alohomora_lints/examples/alohomora_pcr_illegal.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,27 +7,19 @@ fn main() {
x + child(x)
},
Signature {
username: "KinanBab",
signature: "LS0tLS1CRUdJTiBTU0ggU0lHTkFUVVJFLS0tLS0KVTFOSVUwbEhBQUFBQVFBQUFETUFBQUFMYzNOb0xXVmtNalUxTVRrQUFBQWdRRVVMUGFSOEVlZk53WGtvc2RhZFJDZU14Zwp3MnEvMlY3dzk4VndneUZiTUFBQUFFWm1sc1pRQUFBQUFBQUFBR2MyaGhOVEV5QUFBQVV3QUFBQXR6YzJndFpXUXlOVFV4Ck9RQUFBRUFTNGs4SU9tV1dGb3Avdk5Hb2NtSmNvQWdzOG82OUFQUFBUd3ZlUGVGQ3Z4dTN1amNaaFlpZThDSTZ3aGJFNHAKY1AxclAvVDNxN0l3dy9VY3MyZ1JFTAotLS0tLUVORCBTU0ggU0lHTkFUVVJFLS0tLS0K"
},
Signature {
username: "KinanBab",
signature: "LS0tLS1CRUdJTiBTU0ggU0lHTkFUVVJFLS0tLS0KVTFOSVUwbEhBQUFBQVFBQUFETUFBQUFMYzNOb0xXVmtNalUxTVRrQUFBQWdRRVVMUGFSOEVlZk53WGtvc2RhZFJDZU14Zwp3MnEvMlY3dzk4VndneUZiTUFBQUFFWm1sc1pRQUFBQUFBQUFBR2MyaGhOVEV5QUFBQVV3QUFBQXR6YzJndFpXUXlOVFV4Ck9RQUFBRUFTNGs4SU9tV1dGb3Avdk5Hb2NtSmNvQWdzOG82OUFQUFBUd3ZlUGVGQ3Z4dTN1amNaaFlpZThDSTZ3aGJFNHAKY1AxclAvVDNxN0l3dy9VY3MyZ1JFTAotLS0tLUVORCBTU0ggU0lHTkFUVVJFLS0tLS0K"
username: "corinnt",
signature: "LS0tLS1CRUdJTiBTU0ggU0lHTkFUVVJFLS0tLS0KVTFOSVUwbEhBQUFBQVFBQUFETUFBQUFMYzNOb0xXVmtNalUxTVRrQUFBQWd6dGJjeE9zVzlOL09Fd2c3Y3BKZ3dUQnFMNgpGazI2ZVB2Rm1ZaXpRRjM1VUFBQUFFWm1sc1pRQUFBQUFBQUFBR2MyaGhOVEV5QUFBQVV3QUFBQXR6YzJndFpXUXlOVFV4Ck9RQUFBRUFDeWgwVGw0T0NkVm53MjJmQlRVcCtPSmtFNk5qWDdKMUVWUzh4SVlzL0JORkhxZHRCSk85OURyKy9IcXdaSFAKVldlc1A1bTQ5TzNrTEprMlFrNUhVQgotLS0tLUVORCBTU0ggU0lHTkFUVVJFLS0tLS0K"
},
Signature {
username: "KinanBab",
signature: "LS0tLS1CRUdJTiBTU0ggU0lHTkFUVVJFLS0tLS0KVTFOSVUwbEhBQUFBQVFBQUFETUFBQUFMYzNOb0xXVmtNalUxTVRrQUFBQWdRRVVMUGFSOEVlZk53WGtvc2RhZFJDZU14Zwp3MnEvMlY3dzk4VndneUZiTUFBQUFFWm1sc1pRQUFBQUFBQUFBR2MyaGhOVEV5QUFBQVV3QUFBQXR6YzJndFpXUXlOVFV4Ck9RQUFBRUFsR3VYcnF3TG90UEZmd3FwRVpDK1ZHTEgzSmdtTTgzSGlVK0Y0WXBkYzFyWmp5V1JNT1FGeGVMbUNwRDdrZTUKb2RZZzlTYytkK050ZFNEL2hpeGNVTwotLS0tLUVORCBTU0ggU0lHTkFUVVJFLS0tLS0K"
}

);
}

pub fn child(x: u8) -> u8 {
println!("stolen secret: {}", x);
x + grandchild(x)
}

pub fn grandchild(x: u8) -> u8 {
// I've changed the below line since signing, this will invalidate the signature!
// I've added the below line since signing, this will invalidate the signature!
println!("leaking secrets: {}", x);
x
}
9 changes: 4 additions & 5 deletions alohomora_lints/examples/alohomora_pcr_illegal.stderr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
error: invalid signature on privacy-critical region, might be a source of privacy-related bugs
error: invalid signature on privacy-critical region, could be a source of privacy policy violation bugs
--> $DIR/alohomora_pcr_illegal.rs:5:16
|
LL | let _pcr = PrivacyCriticalRegion::new(
Expand All @@ -7,13 +7,12 @@ LL | | |x: u8| {
LL | | x + child(x)
LL | | },
... |
LL | | }
LL | |
LL | | );
| |_____^
|
= help: could not verify author's signature: Signature verification failed: incorrect signature
could not verify closure reviewer's signature: Signature verification failed: incorrect signature
written the hash of privacy-critical region into the files for signing: ./pcr/main-{closure#0}_src_hash.rs
= help: could not verify closure reviewer's signature: Signature verification failed: incorrect signature
wrote the hash of privacy-critical region into the file for signing: ./pcr/main-{closure#0}_src_hash.rs

= note: `-D alohomora-pcr` implied by `-D warnings`

Expand Down
12 changes: 2 additions & 10 deletions alohomora_lints/examples/alohomora_pcr_legal.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,16 +12,8 @@ fn main() {
some_math(x, x)
},
Signature {
username: "KinanBab",
signature: "LS0tLS1CRUdJTiBTU0ggU0lHTkFUVVJFLS0tLS0KVTFOSVUwbEhBQUFBQVFBQUFETUFBQUFMYzNOb0xXVmtNalUxTVRrQUFBQWdRRVVMUGFSOEVlZk53WGtvc2RhZFJDZU14Zwp3MnEvMlY3dzk4VndneUZiTUFBQUFFWm1sc1pRQUFBQUFBQUFBR2MyaGhOVEV5QUFBQVV3QUFBQXR6YzJndFpXUXlOVFV4Ck9RQUFBRUNVRW9JaW1QcVVWbDBNbW9VTjJMb2VrdXdSeUpNWDZoekxzSlljK3Fzb1duYk83YWNNUE1zU2RLZ2ljUmp1OWYKTnZLaGF0Rk1kVEFFZGlROWJ0UWRjQQotLS0tLUVORCBTU0ggU0lHTkFUVVJFLS0tLS0K"
},
Signature {
username: "KinanBab",
signature: "LS0tLS1CRUdJTiBTU0ggU0lHTkFUVVJFLS0tLS0KVTFOSVUwbEhBQUFBQVFBQUFETUFBQUFMYzNOb0xXVmtNalUxTVRrQUFBQWdRRVVMUGFSOEVlZk53WGtvc2RhZFJDZU14Zwp3MnEvMlY3dzk4VndneUZiTUFBQUFFWm1sc1pRQUFBQUFBQUFBR2MyaGhOVEV5QUFBQVV3QUFBQXR6YzJndFpXUXlOVFV4Ck9RQUFBRUNVRW9JaW1QcVVWbDBNbW9VTjJMb2VrdXdSeUpNWDZoekxzSlljK3Fzb1duYk83YWNNUE1zU2RLZ2ljUmp1OWYKTnZLaGF0Rk1kVEFFZGlROWJ0UWRjQQotLS0tLUVORCBTU0ggU0lHTkFUVVJFLS0tLS0K"
},
Signature {
username: "KinanBab",
signature: "LS0tLS1CRUdJTiBTU0ggU0lHTkFUVVJFLS0tLS0KVTFOSVUwbEhBQUFBQVFBQUFETUFBQUFMYzNOb0xXVmtNalUxTVRrQUFBQWdRRVVMUGFSOEVlZk53WGtvc2RhZFJDZU14Zwp3MnEvMlY3dzk4VndneUZiTUFBQUFFWm1sc1pRQUFBQUFBQUFBR2MyaGhOVEV5QUFBQVV3QUFBQXR6YzJndFpXUXlOVFV4Ck9RQUFBRUFsR3VYcnF3TG90UEZmd3FwRVpDK1ZHTEgzSmdtTTgzSGlVK0Y0WXBkYzFyWmp5V1JNT1FGeGVMbUNwRDdrZTUKb2RZZzlTYytkK050ZFNEL2hpeGNVTwotLS0tLUVORCBTU0ggU0lHTkFUVVJFLS0tLS0K"
username: "corinnt",
signature: "LS0tLS1CRUdJTiBTU0ggU0lHTkFUVVJFLS0tLS0KVTFOSVUwbEhBQUFBQVFBQUFETUFBQUFMYzNOb0xXVmtNalUxTVRrQUFBQWd6dGJjeE9zVzlOL09Fd2c3Y3BKZ3dUQnFMNgpGazI2ZVB2Rm1ZaXpRRjM1VUFBQUFFWm1sc1pRQUFBQUFBQUFBR2MyaGhOVEV5QUFBQVV3QUFBQXR6YzJndFpXUXlOVFV4Ck9RQUFBRURZQ21SWkJtOEQ2MkhTamlDVXNVeVJZY1VITzQ3WVZJSVVYY3g1Q2d3ODlkMm5qY0tyMFFKNTBpSlR2VjRHcmsKbzYySUZoR1pzRHB4T1RkRU1Hd0k4SQotLS0tLUVORCBTU0ggU0lHTkFUVVJFLS0tLS0K"
}
);
}
Loading