1
0
Fork 0
forgejo/modules
Gusted 12f97ef51f
[SEC] Add keying module
The keying modules tries to solve two problems, the lack of key
separation and the lack of AEAD being used for encryption. The currently
used `secrets` doesn't provide this and is hard to adjust to provide
this functionality.

For encryption, the additional data is now a parameter that can be used,
as the underlying primitive is an AEAD constructions. This allows for
context binding to happen and can be seen as defense-in-depth; it
ensures that if a value X is encrypted for context Y (e.g. ID=3,
Column="private_key") it will only decrypt if that context Y is also
given in the Decrypt function. This makes confused deputy attack harder
to exploit.[^1]

For key separation, HKDF is used to derives subkeys from some IKM, which
is the value of the `[service].SECRET_KEY` config setting. The context
for subkeys are hardcoded, any variable should be shuffled into the the
additional data parameter when encrypting.

[^1]: This is still possible, because the used AEAD construction is not
key-comitting. For Forgejo's current use-case this risk is negligible,
because the subkeys aren't known to a malicious user (which is required
for such attack), unless they also have access to the IKM (at which
point you can assume the whole system is compromised). See
https://scottarc.blog/2022/10/17/lucid-multi-key-deputies-require-commitment/
2024-08-21 16:06:17 +02:00
..
actions test: add more workflow event coverage 2024-08-18 15:19:01 +02:00
activitypub feat: access ActivityPub client through interfaces to facilitate mocking in unit tests (#4853) 2024-08-07 05:45:24 +00:00
analyze
assetfs Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
auth Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
avatar Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
base cherry-pick OIDC changes from gitea (#4724) 2024-08-08 06:32:14 +00:00
cache Fix linting issues 2024-08-18 16:25:13 +02:00
charset Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
container Add container.FilterSlice function (gitea#30339) 2024-04-16 11:49:44 +02:00
csv Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
emoji
eventsource [BUG] Make logout event non-blocking 2024-08-12 19:13:23 +02:00
forgefed style: reenable switch check 2024-08-18 15:19:01 +02:00
generate Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
git Merge pull request 'git-grep: refactor defaults' (#4964) from yoctozepto/git-grep-refactor-defaults into forgejo 2024-08-19 13:12:37 +00:00
gitgraph Add codespell support and fix a good number of typos with its help (#3270) 2024-05-09 13:49:37 +00:00
gitrepo [CHORE] Drop go-git support 2024-08-12 19:11:09 +02:00
graceful Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
hcaptcha
highlight Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
hostmatcher
html
httpcache
httplib Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
indexer Adjust codespell config + make it fix few typos which sneaked in since addition of codespell support (#4857) 2024-08-08 16:07:35 +00:00
issue/template Fix linting issues 2024-08-18 16:25:13 +02:00
json
keying [SEC] Add keying module 2024-08-21 16:06:17 +02:00
label
lfs [CHORE] Drop go-git support 2024-08-12 19:11:09 +02:00
log [CHORE] Fix darwin compatibility 2024-08-09 17:44:41 +02:00
markup revert: accidental change 2024-08-18 16:36:06 +02:00
mcaptcha
metrics Rename project board -> column to make the UI less confusing (#30170) 2024-06-02 09:42:39 +02:00
migration Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
nosql s/Gitea/Forgejo in various log messages and comments 2024-04-21 21:26:15 +05:00
optional Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
options
packages Fix linting issues 2024-08-18 16:25:13 +02:00
paginator
pprof
private fix(hook): ignore unknown push options instead of failing 2024-07-02 21:39:01 +02:00
process Add codespell support and fix a good number of typos with its help (#3270) 2024-05-09 13:49:37 +00:00
proxy
proxyprotocol
public
queue Fix linting issues 2024-08-18 16:25:13 +02:00
recaptcha
references Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
regexplru Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
repository style: reenable switch check 2024-08-18 15:19:01 +02:00
secret Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
session style: reenable switch check 2024-08-18 15:19:01 +02:00
setting [SEC] Add keying module 2024-08-21 16:06:17 +02:00
sitemap Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
ssh
storage Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
structs style: reenable switch check 2024-08-18 15:19:01 +02:00
svg
sync
system Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
templates Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
test test(util): MockProtect when mocking multiple times 2024-06-02 15:24:06 +02:00
testlogger Add codespell support and fix a good number of typos with its help (#3270) 2024-05-09 13:49:37 +00:00
timeutil
translation Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
turnstile
typesniffer Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
updatechecker Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
uri Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
user test: enforce tenv usage in tests 2024-07-17 23:07:41 +02:00
util Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
validation added validation fixes 2024-05-14 08:31:34 +02:00
web Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
webhook Add support for workflow_dispatch (#3334) 2024-06-28 05:17:11 +00:00
zstd Support compression for Actions logs (#31761) 2024-08-13 06:51:49 +02:00