search

Scille / parsec-cloud

Open source Dropbox-like file sharing with full client encryption !
https://parsec.cloud
Other
270 stars 40 forks source link

[🐛 | Bug]: `SequesterServiceCertificate`'s `unsecure_load` is invalid #5493

Open TimeEngineer opened 1 year ago

TimeEngineer commented 1 year ago

Version

2.16.0

What platforms you were running our software when the bug happened ?

Linux

What happened ?

The problem is that cryptography keys don't use the same signature. For example, we use RSA for sequester and ED25519 for internal, so we can maybe have others...

In our case, we sign the SequesterServiceCertificates with the SequesterAuthority's RSA key and others are signed with the root_signing_key, so we can't load with the same key.

Another problem is that RSA' signature depends on the key size (which is external of Parsec).

See the following snippet: The unsecure_unwrap of SequesterVerifyKeyDer should be implemented like this. 

pub fn unsecure_unwrap(
    signed: &[u8],
    size_in_bytes: usize,
) -> Result<(&[u8], &[u8]), CryptoError> {
    let signature_size = Self::ALGORITHM.len() + 1 + size_in_bytes;
    if signed.len() < signature_size {
        return Err(CryptoError::Signature);
    }
    Ok(signed.split_at(signature_size))
}

Hence AnyCertificate::unsecure_load is invalid See this PR: https://github.com/Scille/parsec-cloud/pull/5387 which mentions the problem.

Relevant output

No response

FirelightFlagboy commented 1 year ago

For the fix: Try the de-serialization like before but on fail try deserializing with the hypothesis that signature was generated using RSA