search

veraison / ccatoken

A library for Confidential Computing Architecture (CCA) Attestation Token
Apache License 2.0
1 stars 0 forks source link

BUG: TestEvidence_sign_and_verify_platform_key_mismatch panic with go 1.19 #16

Closed mathias-arm closed 2 years ago

mathias-arm commented 2 years ago

What version of the package are you using?

Commit https://github.com/veraison/ccatoken/commit/244f4b5060ad518eda193f462e4d80cd26c531ba

Does this issue reproduce with the latest release?

It is the latest commit when raising this issue.

What OS and CPU architecture are you using (go env)?

GOARCH="arm64"
GOHOSTARCH="arm64"
GOHOSTOS="darwin"
GOVERSION="go1.19.3"

What did you do?

% make test

What did you expect to see?

A successful test run

What did you see instead?

go test -v -race github.com/veraison/ccatoken
=== RUN   TestEvidence_sign_and_verify_ok
CCA evidence : d9018fa219accad28443a10126a0590146a9190109781c687474703a2f2f61726d2e636f6d2f4343412d5353442f312e302e300a58401a261139aab676c2632243839a598a17e64a801f97737106a7093fe48963ef5b3fc9ce00d9666c800f0c2607dd744ded49f6ab4408652bbd483f4ccaac4e9a8819095c5820000000000000000000000000000000000000000000000000000000000000000019010058210102020202020202020202020202020202020202020202020202020202020202021909614301020319095b19300019095f81a202582003030303030303030303030303030303030303030303030303030303030303030558200404040404040404040404040404040404040404040404040404040404040404190960782e68747470733a2f2f7665726169736f6e2e6578616d706c652f76312f6368616c6c656e67652d726573706f6e7365190962677368612d3235365840137805aff57e2e6444503457ad23f5c94c38758447a2f7690b3e2faf7256d849d907cfcc44e7aba8e8302c9c79402382b3b93c38e61650413fb909a02f71d78a19acd1d28444a1013822a0590256a70a58404142414241424142414241424142414241424142414241424142414241424142414241424142414241424142414241424142414241424142414241424142414219accb58404144414441444144414441444144414441444144414441444144414441444144414441444144414441444144414441444144414441444144414441444144414419acce58404343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434319accf8458404343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434358404343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434358404343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434358404343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434319accc677368612d32353619accd58610481195880a2207fb956032a3cb97f5da5af726ffcb715ee164784a7fb16c06096bdd9462a32650b2912a8551570d6ea1f3b2d1f7da8a275fa00330f0078618bc3e149549c8170d32ec55890a7f9ec789f1f18ae92eb15d222af971d971c965af119acd0677368612d3531325860f9c264c63dc86fae07b21238af9000004a216ce4e0793e0e02384b0357c026c695daf504bd2bb4df34d507c3d0d0804ff685167adf69b22c5e07b2be5b3649cd84b46956a9284d74ffad6d368e6aabad03979545ea466a1eede0018469183942
--- PASS: TestEvidence_sign_and_verify_ok (0.03s)
=== RUN   TestEvidence_sign_and_verify_bad_binder
CCA evidence : d9018fa219accad28443a10126a0590126a9190109781c687474703a2f2f61726d2e636f6d2f4343412d5353442f312e302e300a582074616d70657265642062696e6465722174616d70657265642062696e6465722119095c5820000000000000000000000000000000000000000000000000000000000000000019010058210102020202020202020202020202020202020202020202020202020202020202021909614301020319095b19300019095f81a202582003030303030303030303030303030303030303030303030303030303030303030558200404040404040404040404040404040404040404040404040404040404040404190960782e68747470733a2f2f7665726169736f6e2e6578616d706c652f76312f6368616c6c656e67652d726573706f6e7365190962677368612d3235365840dba512b09f5fc960805b642f358d2c96772fbc3e35faf37504edd72df45ba0064f7f229345985aabf780afbba6d0e3f11757dd0d39e4343318065f556b3a916a19acd1d28444a1013822a0590256a70a58404142414241424142414241424142414241424142414241424142414241424142414241424142414241424142414241424142414241424142414241424142414219accb58404144414441444144414441444144414441444144414441444144414441444144414441444144414441444144414441444144414441444144414441444144414419acce58404343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434319accf8458404343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434358404343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434358404343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434358404343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434319accc677368612d32353619accd58610481195880a2207fb956032a3cb97f5da5af726ffcb715ee164784a7fb16c06096bdd9462a32650b2912a8551570d6ea1f3b2d1f7da8a275fa00330f0078618bc3e149549c8170d32ec55890a7f9ec789f1f18ae92eb15d222af971d971c965af119acd0677368612d3531325860a7a787ee03ab8e3a7e1e19dfc17b3f981caa0a4a898412494d20c0372aea58fd26d6616c78cae8cae13926cdf23dcf664f80c85361673150807dafe22ebecf2357852b138b0feacbc754bb2bbe07e808da74b2e956e2d630a469f4932e7d8ec4
--- PASS: TestEvidence_sign_and_verify_bad_binder (0.01s)
=== RUN   TestEvidence_sign_and_verify_platform_key_mismatch
CCA evidence : d9018fa219accad28443a10126a0590146a9190109781c687474703a2f2f61726d2e636f6d2f4343412d5353442f312e302e300a58401a261139aab676c2632243839a598a17e64a801f97737106a7093fe48963ef5b3fc9ce00d9666c800f0c2607dd744ded49f6ab4408652bbd483f4ccaac4e9a8819095c5820000000000000000000000000000000000000000000000000000000000000000019010058210102020202020202020202020202020202020202020202020202020202020202021909614301020319095b19300019095f81a202582003030303030303030303030303030303030303030303030303030303030303030558200404040404040404040404040404040404040404040404040404040404040404190960782e68747470733a2f2f7665726169736f6e2e6578616d706c652f76312f6368616c6c656e67652d726573706f6e7365190962677368612d3235365840cdb572b71bb3192835efc882f4b72fa6cfe279703f37ad8b40438bc7482b85becdac6f4607a359e7d14b69e4d49927dd5e2950b42e0a2943e20cf04ac8e8c0f719acd1d28444a1013822a0590256a70a58404142414241424142414241424142414241424142414241424142414241424142414241424142414241424142414241424142414241424142414241424142414219accb58404144414441444144414441444144414441444144414441444144414441444144414441444144414441444144414441444144414441444144414441444144414419acce58404343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434319accf8458404343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434358404343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434358404343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434358404343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434343434319accc677368612d32353619accd58610481195880a2207fb956032a3cb97f5da5af726ffcb715ee164784a7fb16c06096bdd9462a32650b2912a8551570d6ea1f3b2d1f7da8a275fa00330f0078618bc3e149549c8170d32ec55890a7f9ec789f1f18ae92eb15d222af971d971c965af119acd0677368612d3531325860d2db243bd262bdc646c1cba5fbb5cdedf48b82f07819240e9fd534ef939fa06305734f7808d94467fde49f9788a7dfb212b345118b2fce794b40b7636a5967d131e2e3c1586f2b0ae183063003d8c71a33e1dcde962debcdce7d3b65a3d8f6db
--- FAIL: TestEvidence_sign_and_verify_platform_key_mismatch (0.00s)
panic: crypto/elliptic: CombinedMult was called on an invalid point [recovered]
    panic: crypto/elliptic: CombinedMult was called on an invalid point

goroutine 21 [running]:
testing.tRunner.func1.2({0x103249620, 0x1032a09a0})
    /opt/homebrew/Cellar/go/1.19.3/libexec/src/testing/testing.go:1396 +0x278
testing.tRunner.func1()
    /opt/homebrew/Cellar/go/1.19.3/libexec/src/testing/testing.go:1399 +0x41c
panic({0x103249620, 0x1032a09a0})
    /opt/homebrew/Cellar/go/1.19.3/libexec/src/runtime/panic.go:890 +0x258
crypto/elliptic.(*nistCurve[...]).CombinedMult(0x10345a030, 0xc0000dece0, 0x0?, {0xc0000decc0?, 0x20, 0x20}, {0xc0000dece0, 0x20, 0x20})
    /opt/homebrew/Cellar/go/1.19.3/libexec/src/crypto/elliptic/nistec.go:242 +0x334
crypto/ecdsa.verifyGeneric(0xc0001b8240, {0x1032a4048, 0x10345a030}, {0xc0000dec80, 0x20, 0x20}, 0xc0001ab000?, 0x103245517?)
    /opt/homebrew/Cellar/go/1.19.3/libexec/src/crypto/ecdsa/ecdsa.go:385 +0x1c8
crypto/ecdsa.verify(...)
    /opt/homebrew/Cellar/go/1.19.3/libexec/src/crypto/ecdsa/ecdsa_noasm.go:20
crypto/ecdsa.Verify(0xc0001b8240, {0xc0000dec80, 0x20, 0x20}, 0xc0000dbf40, 0xc0000dbf60)
    /opt/homebrew/Cellar/go/1.19.3/libexec/src/crypto/ecdsa/ecdsa.go:363 +0x18c
github.com/veraison/go-cose.(*ecdsaVerifier).Verify(0xc000135e00, {0xc0000dec80, 0x20, 0x20}, {0xc0001b4700, 0x40, 0x40})
    /Users/matbro02/go/pkg/mod/github.com/veraison/go-cose@v1.0.0-rc.1/ecdsa.go:151 +0x1a4
github.com/veraison/go-cose.(*Sign1Message).Verify(0xc0000e5c38, {0x1034969d8, 0x0, 0x0}, {0x1032a2930, 0xc000135e00})
    /Users/matbro02/go/pkg/mod/github.com/veraison/go-cose@v1.0.0-rc.1/sign1.go:182 +0x124
github.com/veraison/ccatoken.(*Evidence).verifyCOSEToken(0xc0001b8240?, {0xc0001229c0, 0x192, 0x192}, {0x10327b6e0, 0xc0001b8240})
    /Users/matbro02/git/cca/ccatoken/evidence.go:374 +0x4e4
github.com/veraison/ccatoken.(*Evidence).Verify(0xc0000e5e38, {0x10327b6e0, 0xc0001b8240})
    /Users/matbro02/git/cca/ccatoken/evidence.go:252 +0xc4
github.com/veraison/ccatoken.TestEvidence_sign_and_verify_platform_key_mismatch(0x0?)
    /Users/matbro02/git/cca/ccatoken/evidence_test.go:128 +0x264
testing.tRunner(0xc0001901a0, 0x1032a0088)
    /opt/homebrew/Cellar/go/1.19.3/libexec/src/testing/testing.go:1446 +0x18c
created by testing.(*T).Run
    /opt/homebrew/Cellar/go/1.19.3/libexec/src/testing/testing.go:1493 +0x560
FAIL    github.com/veraison/ccatoken    0.172s
thomas-fossati commented 2 years ago

Thanks @mathias-arm !

Excerpt from Go 1.19 release notes:

crypto/elliptic Operating on invalid curve points (those for which the IsOnCurve method returns false, and which are never returned by Unmarshal or by a Curve method operating on a valid point) has always been undefined behavior and can lead to key recovery attacks. If an invalid point is supplied to Marshal, MarshalCompressed, Add, Double, or ScalarMult, they will now panic.