autograph icon indicating copy to clipboard operation
autograph copied to clipboard
verified publisher icon mozilla-services

check mar private and public key lengths match

Open g-k opened this issue 7 years ago • 3 comments

As @jvehent pointed out, mismatched private and public key lengths break mar /sign/file as follows:

  1. the autograph mar signer passes a pub key of the wrong size to margo.PrepareSignature: https://github.com/mozilla-services/autograph/blob/2bc1af88b684316e9dca7501f3f910c3b128329d/signer/mar/mar.go#L143
  2. margo.PrepareSignature saves the wrong signature size (similarly for ecdsa a few lines later) https://github.com/mozilla-services/margo/blob/c04cb30b8757c5a246d2d2a3600ade962c94b725/sign.go#L44-L46
  3. margo.Marshal writes the incorrect sig.size to the output buffer https://github.com/mozilla-services/margo/blob/c04cb30b8757c5a246d2d2a3600ade962c94b725/mar.go#L452
  4. we return an inscrutable and invalid mar file

g-k avatar Sep 10 '18 22:09 g-k

Maybe we don't even care about the public key and we just use the private key to do everything? https://github.com/mozilla-services/margo/blob/c04cb30b8757c5a246d2d2a3600ade962c94b725/examples/sign.go#L41

jvehent avatar Sep 10 '18 22:09 jvehent

Maybe we don't even care about the public key and we just use the private key to do everything?

Yeah, we really shouldn't need the public key to sign things.

So we can:

  • [ ] patch crypto11 to add GetPrivateKey methods instead of fetching key pairs (after the idle timeout thing is resolved) or possibly use the libhandle crypto11.Configure returns and call a pkcs11 findkey method ourselves and wrap or inject the private key into a crypto11 crypto.PrivateKey interface
  • [ ] in margo, hardcode expected signature sizes in bytes for each mar algorithm (if these aren't in there already)
  • [ ] in margo, change File.Marshal to write expected signature sizes for the algorithm ID
  • [ ] in margo, change Marfile.FinalizeSignatures to check sigData is the expected size and return an error if it isn't
  • [ ] remove public keys from the mar signer and HSM, update HSM key handling procedures

This will also marginally improve boot or signing request perf (since we're making one fewer FindKey call to the HSM per key pair).

g-k avatar Sep 10 '18 22:09 g-k

Discussed with @jvehent and we'll just add a check that private and pub key lengths match.

g-k avatar Sep 18 '18 20:09 g-k