search

mozilla-services / autograph

Mozilla's digital signature service
https://hub.docker.com/r/mozilla/autograph/
Mozilla Public License 2.0
151 stars 35 forks source link

check mar private and public key lengths match #139

Open g-k opened 6 years ago

g-k commented 6 years ago

As @jvehent pointed out, mismatched private and public key lengths break mar /sign/file as follows:

  1. the autograph mar signer passes a pub key of the wrong size to margo.PrepareSignature: https://github.com/mozilla-services/autograph/blob/2bc1af88b684316e9dca7501f3f910c3b128329d/signer/mar/mar.go#L143
  2. margo.PrepareSignature saves the wrong signature size (similarly for ecdsa a few lines later) https://github.com/mozilla-services/margo/blob/c04cb30b8757c5a246d2d2a3600ade962c94b725/sign.go#L44-L46
  3. margo.Marshal writes the incorrect sig.size to the output buffer https://github.com/mozilla-services/margo/blob/c04cb30b8757c5a246d2d2a3600ade962c94b725/mar.go#L452
  4. we return an inscrutable and invalid mar file
jvehent commented 6 years ago

Maybe we don't even care about the public key and we just use the private key to do everything? https://github.com/mozilla-services/margo/blob/c04cb30b8757c5a246d2d2a3600ade962c94b725/examples/sign.go#L41

g-k commented 6 years ago

Maybe we don't even care about the public key and we just use the private key to do everything?

Yeah, we really shouldn't need the public key to sign things.

So we can:

This will also marginally improve boot or signing request perf (since we're making one fewer FindKey call to the HSM per key pair).

g-k commented 6 years ago

Discussed with @jvehent and we'll just add a check that private and pub key lengths match.