Crypto-grade hashing for resource sharing · envoyproxy/envoy#11967

(6 comments) (0 reactions) (0 assignees)C++ (27,997 stars) (5,373 forks)batch import

area/securityarea/xdsbughelp wanted

Description

Currently, we use MesasgeUtil::hash in various places, e.g. SDS, to hash a config source (https://github.com/envoyproxy/envoy/blob/master/source/common/secret/secret_manager_impl.h#L82).

Since our threat model has the control plane as trusted, this isn't a huge issue. But if we make the control plane untrusted in the future, this can be somewhat scary. As an example, imagine an Envoy that has delegated listener config (with SDS) to TrustedControlPlane and another listener config (with SDS) to SuperScaryControlPlane. It's plausible that SuperScaryControlPlane is able to engineer a collision and steal secrets via the dynamic prover's dedupe algorithm, since we're only using the weak xxhash.

This is something we probably should fix before considering Envoy robust to untrusted control plane or ready for arbitrary federation.

CC @antoniovicente @kyessenov

Contributor guide

Tech stack: cpp
Domain: security
Issue type: security
Difficulty: 4
Estimated time: 3-5 days
Activity status: stale
Clarity: clear
Prerequisites: C++Cryptographic hash functionsEnvoy internals
Newbie friendliness: 20
Research direction: Research the current usage of MessageUtil::hash in SDS and other places. Evaluate cryptographic hash functions such as SHA 256 or BLAKE2. Modify the hash function in source/common/secret/secret manager impl.h and other relevant files. Ensure no performance regression. Discuss with maintainers for preferred hash algorithm.