microsoft / CCF

Confidential Consortium Framework
https://microsoft.github.io/CCF/
Apache License 2.0
784 stars 211 forks source link

Fix symcrypt errors in crypto_test #6593

Open maxtropets opened 2 weeks ago

maxtropets commented 2 weeks ago
root [ /workspace/build ]# ./crypto_test
[doctest] doctest version is "2.4.11"
[doctest] run with "--help" for options
[ERROR] error:41080106:SCOSSL::passed invalid argument:Decoded content length does not fit in derField buffer. pbDerField [0x55ebfc892490, 0x55ebfc8924f8), pbContent [0x55ebfc892492, 0x55ebfc8924f9) at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.5.1/ScosslCommon/src/scossl_ecc.c, line 285
[ERROR] error:410C0107:SCOSSL::operation fail:scossl_ecdsa_remove_der failed at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.5.1/ScosslCommon/src/scossl_ecc.c, line 586
[ERROR] error:41080106:SCOSSL::passed invalid argument:Decoded content length does not fit in derField buffer. pbDerField [0x55ebfc85cc30, 0x55ebfc85cc77), pbContent [0x55ebfc85cc32, 0x55ebfc85cc78) at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.5.1/ScosslCommon/src/scossl_ecc.c, line 285
[ERROR] error:410C0107:SCOSSL::operation fail:scossl_ecdsa_remove_der failed at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.5.1/ScosslCommon/src/scossl_ecc.c, line 586
[ERROR] error:41080106:SCOSSL::passed invalid argument:cbR (48) or cbS (48) too big for cbSymCryptSignature (64) at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.5.1/ScosslCommon/src/scossl_ecc.c, line 400
[ERROR] error:410C0107:SCOSSL::operation fail:scossl_ecdsa_remove_der failed at /usr/src/azl/BUILD/SymCrypt-OpenSSL-1.5.1/ScosslCommon/src/scossl_ecc.c, line 586
maxtropets commented 6 days ago

Ok, seems like all the output is from these two testcases

TEST_CASE("Sign, fail to verify with bad signature")
TEST_CASE("Sign, fail to verify with wrong key on wrong curve")

Both test negative scenarios, one is corrupting a signature, another is using a wrong curve.

maxtropets commented 6 days ago

Both tests try out

static constexpr CurveID supported_curves[] = {
  CurveID::SECP384R1, CurveID::SECP256R1};

The corrupted signature produces error msgs for boths, however TEST_CASE("Sign, fail to verify with wrong key on wrong curve") only does it for SECP384R1

maxtropets commented 6 days ago

Errors from TEST_CASE("Sign, fail to verify with bad signature")

From TEST_CASE("Sign, fail to verify with wrong key on wrong curve")

From CCF perspective, all produced here.

That seems logical, now the question is - do we want them to be there in production or shall we look for suppression mechanisms?

My opinion - we don't failure scenarios, so we can keep those, as they may be useful and shall not be populated to often.

Would like to hear more opinions, @eddyashton, @achamayou

eddyashton commented 5 days ago

do we want them to be there in production or shall we look for suppression mechanisms?

We want to suppress these in production - we handle the failure ourselves and don't want to see symcrypt's internal logging. It's fine if they remain for debug builds, where there's a chance they're eventually useful.

maxtropets commented 4 days ago

Looked for ways to shut it up, seems like there's this function https://github.com/microsoft/SymCrypt-OpenSSL/blob/main/ScosslCommon/inc/scossl_helpers.h#L84

but I don't see a header under /usr/...

I wonder if there's a way to access it via symcrypt somehow?..

achamayou commented 4 days ago

@maxtropets might need to install a symcrypt-devel or similarly named to get the relevant header

maxtropets commented 4 days ago

SO far

We could've defined void SCOSSL_set_trace_level(int trace_level, int ossl_ERR_level); and call it, but linker doesn't find a symbol, obviously. Removing LINKER:--no-undefined doesn't solve the issue.

I wonder if there is a way to defer the linkage to runtime until symcrypt is loaded?.