Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

S.S.C.Cose: Add new MultiSign APIs and address API review feedback on existing ones #71390

Merged
merged 9 commits into from
Jul 7, 2022
Merged

S.S.C.Cose: Add new MultiSign APIs and address API review feedback on existing ones #71390

merged 9 commits into from
Jul 7, 2022

Conversation

jozkee
Copy link
Member

@jozkee jozkee commented Jun 28, 2022
edited
Loading

It also addresses all bullets on Checkpoint MVP+2 #62600.

Fixes #62599.
Fixes #69896.
Fixes #70189 (5fb06cc).

@jozkee jozkee added this to the 7.0.0 milestone Jun 28, 2022
@jozkee jozkee requested a review from bartonjs June 28, 2022 15:46
@jozkee jozkee self-assigned this Jun 28, 2022
@ghost
Copy link

ghost commented Jun 28, 2022

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

It also addresses all bullets on Checkpoint MVP+2 #62600.

Fixes #62599.
Fixes #69896.

TODO:

  • Extend tests to use Pkcs1.
  • Add tests for CoseHeaderValue type.
Author: Jozkee
Assignees: Jozkee
Labels:

area-System.Security
Milestone: 7.0.0

@jozkee jozkee mentioned this pull request Jun 29, 2022
Closed
bartonjs
bartonjs reviewed Jun 29, 2022
View reviewed changes
...aries/System.Security.Cryptography.Cose/src/System/Security/Cryptography/Cose/CoseMessage.cs
Comment on lines +266 to +269
if (signaturesLength.GetValueOrDefault() < 1)
{
throw new CryptographicException(SR.Format(SR.DecodeErrorWhileDecoding, SR.MultiSignMessageMustCarryAtLeastOneSignature));
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This exception doesn't make sense when there is at least one signature but it used an indefinite length array.

Assuming I recall correctly and that COSE forbids indefinite length arrays then there should be a check for !signaturesLength.HasValue, and a special throw, before this.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(Repeat for basically every place that calls ReadStartArray)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One thing to consider is making a struct wrapper over top of a CborReader (e.g. CoseCborReader) and have it enforce all of these policy things. E.g.

internal struct CoseCborReader
{
    private CborReader _reader;

    internal CoseCborReader(...)
    {
        ...;
    }

    internal int ReadStartArray()
    {
        int? len;

        try
        {
            len = _reader.ReadStartArray();
        }
        catch (CborContentException e)
        {
            ...
        }

        if (!len.HasValue)
        {
            throw new CryptographicException(SR.CoseForbidsIndefiniteArray);
        }

        return len.GetValueOrDefault();
    }
}

In core crypto I've done a similar thing. The AsnValueReader type is a variant of AsnReader, but it always wraps AsnContentException in a CryptographicException (because that's the exception type that the methods threw before we wrote AsnReader)

Copy link
Member Author

@jozkee jozkee Jun 29, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From https://datatracker.ietf.org/doc/html/rfc8152#section-14, it seems to me that indefinite length is only forbidden for Sig_Structure, the text on that section probably also means that we should use a CborWriter with Canonical conformance mode on CreateToBeSigned.

I can fix the exception messages stating that indefinite-length arrays are forbidden as part of this PR but I would prefer a separate PR to address/validate support of messages using indefinite length arrays, what do you think?

I can't find anything right now stating that indefinite length arrays are forbidden, so for example, can you receive a COSE_Sign message inside a indefinite-length array?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If indefinite length arrays are already inconsistently supported and you'd have to touch currently untouched code to fix it up, then a separate PR makes more sense. If everything that would have to be changed is in this PR already, then we shouldn't merge code we know is wrong.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current state of the code is the former, an example is CoseMessage.DecodeSign1, it requires a CBOR array of length 4 to successfully decode.

bartonjs
bartonjs reviewed Jun 30, 2022
View reviewed changes
...raries/System.Security.Cryptography.Cose/src/System/Security/Cryptography/Cose/CoseSigner.cs
throw new ArgumentNullException(nameof(key));

if (key is RSA)
throw new CryptographicException(SR.CoseSignerRSAKeyNeedsPadding);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
throw new CryptographicException(SR.CoseSignerRSAKeyNeedsPadding);
throw new ArgumentException(SR.CoseSignerRSAKeyNeedsPadding, nameof(key));

bartonjs
bartonjs reviewed Jun 30, 2022
View reviewed changes
src/libraries/System.Security.Cryptography.Cose/tests/CoseHeaderMapTests.cs
Comment on lines +348 to +349
map.TryGetValue(label, out CoseHeaderValue value);
return value.EncodedValue.ToArray();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
map.TryGetValue(label, out CoseHeaderValue value);
return value.EncodedValue.ToArray();
bool found = map.TryGetValue(label, out CoseHeaderValue value);
Assert.True(found, "TryGetValue on a known value");
return value.EncodedValue.ToArray();

@jozkee jozkee requested review from bartonjs and vcsjones July 7, 2022 15:32
@jozkee jozkee merged commit 97d96f2 into dotnet:main Jul 7, 2022
@jozkee jozkee deleted the cose_mvp+2 branch July 7, 2022 19:40
@ghost ghost locked as resolved and limited conversation to collaborators Aug 18, 2022
@bartonjs bartonjs added the needs-further-triage Issue has been initially triaged, but needs deeper consideration or reconsideration label Aug 30, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bartonjs bartonjs bartonjs approved these changes

@vcsjones vcsjones Awaiting requested review from vcsjones

Assignees

@jozkee jozkee

Labels
area-System.Security needs-further-triage Issue has been initially triaged, but needs deeper consideration or reconsideration
Projects
None yet
Milestone
7.0.0
3 participants
@jozkee @vcsjones @bartonjs