Verify Tree-SHA512s in merge commits, enforce sigs are not SHA1 #9880

pull TheBlueMatt wants to merge 5 commits into bitcoin:master from TheBlueMatt:2017-02-validate-sha512 changing 5 files +101 −12
  1. TheBlueMatt commented at 7:18 PM on February 27, 2017: member

    This will validate Tree-SHA512s in merge commits if verify-commits.sh is called with --tree-checks as a second arg (eg verify-commits.sh upstream/master --tree-checks), as added by #9871. Note that I think we need to fix handling of symlinks in #9871 first.

    Additionally, it disables sha1 for signature checking.

    Due to some SHA1s in folks' selfsigs, the second part currently fails (@MarcoFalke, @sipa, @jonasschnelli.....)

  2. petertodd commented at 9:58 PM on February 27, 2017: contributor

    While concept ACK, note that collision attacks on sha1 signatures - particularly in selfsigs - aren't as insecure as you might think. The reason is they're basically an attack on yourself. For instance, in the case of a selfsig, you already can add multiple subkeys to your PGP identity anyway, and you can do so without revealing that fact to the public, so there isn't a direct attack vector.

    Similarly, given that a git commit signature is an expression of trust anyway, creating two commit objects so you can sign both with the same OpenPGP signature isn't a clear attack on anything; unlike the case where someone inserts a malicious file into the Git tree, that can only be done by the signer

    Meanwhile, with second-preimage attacks that third-parties can do, almost every cryptographic hash function in history has proven immune. In fact, in my OpenTimestamps Python library I note that even MD5 is secure enough for timestamping (though I'm still not inclined to add support for it out of a healthy sense of caution!).

    Now there are more complex cases where this stuff matters - timestamping is one of them depending on how it's implemented - so we probably should still merge this for the long-term. But we can certainly wait until people fix their keys.

  3. petertodd commented at 10:04 PM on February 27, 2017: contributor

    Oh, and another reason to Concept ACK this: it wouldn't be surprising if a colliding self-sig or similar could be used to trigger a non-cryptographic bug in validation somewhere, given that you're violating the common assumption that hash functions don't collide.

  4. TheBlueMatt commented at 10:04 PM on February 27, 2017: member

    @petertodd indeed, selfsig attacks aren't so interesting, but I'm not aware of another way to prevent sha1-based signatures. While probably also not particularly interesting attack vectors, its good belt-and-suspenders when signing "untrusted input" (in the form of the git tree root/sha512 tree root/commit messages/etc) to avoid sha1 inputs.

  5. petertodd commented at 10:07 PM on February 27, 2017: contributor

    @TheBlueMatt Oh, yeah you make a good point in saying this is a case of "untrusted input", as the commit message to be made is semi-deterministic and under the control of the pull-requester.

    One sec, I'll write up a comment for you. :)

  6. fanquake added the label Scripts and tools on Feb 27, 2017
  7. Fail merge if there are any symlinks be908a69bf
  8. TheBlueMatt force-pushed on Mar 1, 2017
  9. TheBlueMatt force-pushed on Mar 1, 2017
  10. TheBlueMatt commented at 4:31 PM on March 1, 2017: member
    • Rebased.
    • Now enforces lack of symlinks in github-merge.py.
    • Now enforces lack of symlinks in verify-commits.sh
    • Always enforce non-SHA1-sigs even when --tree-checks is off
    • Update trusted-sha256-root-commit until Marco updates his subkeys.
  11. laanwj commented at 9:24 AM on March 2, 2017: member

    Concept ACK

  12. laanwj commented at 1:56 PM on March 3, 2017: member

    Note that verify-commits on master is currently failing. I've tried it with this version and it doesn't pass either:

    Using verify-commits data from /.../bitcoin/contrib/verify-commits.new
No parent of 58861ad91b499f6902c0f1c51bb745b91a275826 was signed with a trusted key!
Parents are:
commit f7ec7cfd38b543ba81ac7bed5b77f9a19739460b
Merge: 65d90f5 7ed143c
Author: MarcoFalke <falke.marco@gmail.com>
Date:   Thu Mar 2 22:30:12 2017 +0100

    Merge [#9359](/bitcoin-bitcoin/9359/): Add test for CWalletTx::GetImmatureCredit() returning stale values.
    
    7ed143c Add test for CWalletTx::GetImmatureCredit() returning stale values. (Russell Yanofsky)
    
    Tree-SHA512: c95088ed6dfc5a0774ddaa2fe14ac0a9ebd830922a4d77100ec3d51fdeb6df40ad97de4f2ea970ed0f4122dcc0022ee1d43ab3c7188becd7f90c1c6af0ed39b7
commit 64854666f57d9f94269000f10897858e8c60d99f
Author: Wladimir J. van der Laan <laanwj@gmail.com>
Date:   Thu Mar 2 14:49:11 2017 +0100

    test: Report InitBlockIndex result
    
    If InitBlockIndex fails, then it will segfault later. Same for the later
    ActivateBestChain. BOOST_REQUIRE the result, so that an error will be
    reported and the test case aborted.
  13. TheBlueMatt force-pushed on Mar 4, 2017
  14. TheBlueMatt commented at 12:08 AM on March 4, 2017: member
    • Updated the trusted-sha256-root-commit for Jonas' sha2 commit.
    • Allow any subkey that is properly signed, instead of only listing specific subkeys (this should fix verify-commits on master).
  15. in contrib/verify-commits/verify-commits.sh:None in fd8a9c104b outdated 
      24 | +	VERIFY_TREE=$2
  25 | +	NO_SHA1=$3
  26 | +	if [ $1 = $VERIFIED_SHA512_ROOT ]; then
  27 | +		VERIFY_TREE=0
  28 | +		NO_SHA1=0
  29 | +		if [ "$VERIFY_TREE" = "1" ]; then
    MarcoFalke commented at 12:59 PM on March 4, 2017:

    Either the constant is off by one or the line this is placed in is off by two.

    TheBlueMatt commented at 2:41 PM on March 4, 2017:

    Oops, indeed. Fixed and squashed.

  16. MarcoFalke commented at 1:01 PM on March 4, 2017: member

    utACK 6b2a4a3

  17. Verify Tree-SHA512s in merge commits, enforce sigs are not SHA1 d9c450ffb2
  18. Add comment re: why SHA1 is disabled eddc77a1b1
  19. Allow any subkey in verify-commits d025bc7964
  20. TheBlueMatt force-pushed on Mar 4, 2017
  21. TheBlueMatt commented at 8:22 PM on March 4, 2017: member

    We may want to backport at least the "Allow any subkey in verify-commits" commit for 0.14 so that verify-commits passes on release

  22. Fix regsig checking for subkey sigs in verify-commits bbd757940b
  23. TheBlueMatt commented at 4:22 PM on March 5, 2017: member

    Pushed a new commit which will fix the checks on the 0.14 branch.

  24. jonasschnelli commented at 11:14 AM on March 6, 2017: contributor

    Verified the new/changed keys (same as in #9920). Tested ACK bbd757940bcb0628df6f7a5bd1fb348cf2290502

  25. in contrib/verify-commits/verify-commits.sh:None in bbd757940b 
      62 | +		done
  63 | +		IFS="$IFS_CACHE"
  64 | +
  65 | +		FILE_HASHES=""
  66 | +		for FILE in $(git ls-tree --full-tree -r --name-only $1 | LANG=C sort); do
  67 | +			HASH=$(git cat-file blob $1:"$FILE" | sha512sum | { read FIRST OTHER; echo $FIRST; } )
    jonasschnelli commented at 11:28 AM on March 6, 2017:

    nit: IMO sha512sum is not portable (at least it's not available on OSX). What about shasum -a 512 instead?

    TheBlueMatt commented at 4:20 PM on March 6, 2017:

    shasum is part of perl, so is probably less standard than sha512sum. We should have a check for whether sha512sum is available and only use shasum if it is not.

  26. laanwj commented at 4:17 PM on March 6, 2017: member

    Going to merge this to fix travis. The shasum nit can be fixed later.

  27. laanwj merged this on Mar 6, 2017
  28. laanwj closed this on Mar 6, 2017
  29. laanwj referenced this in commit 4df8213b98 on Mar 6, 2017
  30. laanwj referenced this in commit 309bf16257 on Mar 7, 2017
  31. practicalswift referenced this in commit 9d0e03ddfe on Apr 27, 2017
  32. PastaPastaPasta referenced this in commit f1152f4e32 on Dec 30, 2018
  33. PastaPastaPasta referenced this in commit 5bd68f406b on Dec 30, 2018
  34. PastaPastaPasta referenced this in commit 7359845463 on Dec 31, 2018
  35. PastaPastaPasta referenced this in commit 5c09c4ed16 on Dec 31, 2018
  36. PastaPastaPasta referenced this in commit ffececdb9a on Dec 31, 2018
  37. PastaPastaPasta referenced this in commit 6fef448b66 on Dec 31, 2018
  38. PastaPastaPasta referenced this in commit 1f49615eb7 on Dec 31, 2018
  39. PastaPastaPasta referenced this in commit d81d254022 on Dec 31, 2018
  40. PastaPastaPasta referenced this in commit f67d382df2 on Jan 2, 2019
  41. PastaPastaPasta referenced this in commit d161404b2d on Jan 2, 2019
  42. PastaPastaPasta referenced this in commit 4e846d541c on Jan 2, 2019
  43. PastaPastaPasta referenced this in commit 05e23f747f on Jan 2, 2019
  44. PastaPastaPasta referenced this in commit 9c5bc5f272 on Jan 3, 2019
  45. PastaPastaPasta referenced this in commit c2a46d4c8f on Jan 3, 2019
  46. PastaPastaPasta referenced this in commit 106a27bba2 on Jan 21, 2019
  47. PastaPastaPasta referenced this in commit 261f827a55 on Jan 21, 2019
  48. PastaPastaPasta referenced this in commit 2229441c3a on Jan 29, 2019
  49. PastaPastaPasta referenced this in commit 014f3a90c7 on Jan 29, 2019
  50. PastaPastaPasta referenced this in commit 7d1bdc8911 on Feb 5, 2019
  51. PastaPastaPasta referenced this in commit 7de9533a21 on Feb 5, 2019
  52. PastaPastaPasta referenced this in commit 6addbe0747 on Feb 5, 2019
  53. PastaPastaPasta referenced this in commit 9c8c12ed47 on Feb 5, 2019
  54. MarcoFalke locked this on Sep 8, 2021
Contributors
TheBlueMattpetertoddlaanwjMarcoFalkejonasschnelli
Labels
Scripts and tools
Linked (view graph)
#9871 Add a tree sha512 hash to merge commits#9920 [0.14] Allow any subkey in verify-commits (BlueMatt)
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-13 21:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me