[SPARK-47318] AuthEngine key exchange needs additional KDF round - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.4.0, 3.5.0, 4.0.0
Fix Version/s: 4.0.0, 3.5.2, 3.4.3
Component/s: Security
Labels:
- pull-request-available

Target Version/s:

3.4.3

Description

AuthEngine implements a bespoke [key exchange protocol |https://github.com/apache/spark/tree/master/common/network-common/src/main/java/org/apache/spark/network/crypto|https://github.com/apache/spark/tree/master/common/network-common/src/main/java/org/apache/spark/network/crypto].] based on the NNpsk0 Noise pattern and using X25519.

The Spark code improperly uses the derived shared secret directly, which is an encoded X coordinate. This should be passed into a KDF rather than used directly.

Attachments

Issue Links

links to

GitHub Pull Request #45425

GitHub Pull Request #46014

GitHub Pull Request #46015

Activity

People

Assignee:: Steve Weis

Reporter:: Steve Weis

Shepherd:: Sean R. Owen

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Due:: 21/May/24

Created:: 07/Mar/24 17:27

Updated:: 14/Apr/24 13:09

Resolved:: 11/Apr/24 19:40