search

LeastAuthority / python-challenge-bypass-ristretto

Python bindings for Brave's challenge-bypass-ristretto library
4 stars 4 forks source link

keyfile cannot have a newline or other white space #37

Open hacklschorsch opened 3 years ago

hacklschorsch commented 3 years ago

I am setting up a tahoe-LAFS storage node, and ran into a problem where the key could not be decoded:

If the file holding the ristretto key ends with a newline, or a blank, or something not a NUL byte apparently, the decoding will fail with a pretty opaque DecodeException() without further info. This has cost me a couple of hours :( In the past I only had systems fail because files didn't end with a newline, so this is a fun and welcome change. Even better I would like more robust parsing.

Or maybe just add this to the spec and make our users call .strip() on the strings they send decode_base64()'s way?

Steps to reproduce

[nix-shell:~]$ python
Python 2.7.17 (default, Oct 19 2019, 18:58:51) 
[GCC 8.3.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import challenge_bypass_ristretto
>>> challenge_bypass_ristretto.SigningKey.decode_base64("SILOWzbnkBjxC1hGde9d5Q3Ir/4yLosCLEnEQGAxEQE= ")

Note the blank character at the end of the string.

Expected behaviour

Maybe just work:

challenge_bypass_ristretto.SigningKey.decode_base64("SILOWzbnkBjxC1hGde9d5Q3Ir/4yLosCLEnEQGAxEQE= ")
SigningKey(_raw=<cdata 'struct C_SigningKey *' 0x7dfdc0>)

Or maybe fail with a more specific error description:

challenge_bypass_ristretto.SigningKey.decode_base64("SILOWzbnkBjxC1hGde9d5Q3Ir/4yLosCLEnEQGAxEQE= ")
raise DecodeException("Invalid key format. Expected: base64 encoded 128 bit number, no bit more or less. Just like Python itself, we do not ignore white space.")

Actual behavior

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/nix/store/igr2wqv5jh9c0aqn0c2brn98x35cvlr3-python-2.7.17-env/lib/python2.7/site-packages/challenge_bypass_ristretto/__init__.py", line 61, in decode_base64
    raise DecodeException()
challenge_bypass_ristretto.DecodeException

Workaround

Write your key file with echo -n or a proper editor that lets you not add a newline. (I had only nano on that system, not great.)

hacklschorsch commented 3 years ago

Fixed by https://github.com/PrivateStorageio/ZKAPAuthorizer/pull/198.

exarkun commented 3 years ago

I think any other users of python-challenge-bypass-ristretto still have the same problem so this should remain open.

hacklschorsch commented 3 years ago

Thanks! Which ones do? We should file bugs there then I guess.

The decision to export such a German API is valid, I guess, even if a bit more laissez faire would be nice of course. I don't see it as a bug really.

What kind of fix would you like to see?

exarkun commented 3 years ago

I'd be happy with either of the expected behaviors suggested in the issue description (maybe with a custom exception type instead of a lot of words for the exception case).