-
Notifications
You must be signed in to change notification settings - Fork 104
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(keys): JSON unmarshal hardening. (#275)
* feat(keys): JSON unmarshal hardening. * Add io.LimitReader to block public key content larger than 512Kb. * Fix Ed25519 signer constructor to be referenced as ECDSASigner. * Rename `NewEd25519Signer` to `NewEd25519SignerFromKey` to support the signer registry registration and prevent double declaration. * Add ECDSA unmarshaller tests. Signed-off-by: Thibault Normand <me@zenithar.org> * feat(key): add crypto related controls. Signed-off-by: Thibault Normand <me@zenithar.org> * feat(key): ecdsa unmarshal already check if point is on curve. Signed-off-by: Thibault Normand <me@zenithar.org> * fix(key): test all errors. Signed-off-by: Thibault Normand <me@zenithar.org> * fix(key): use appropriate type for random seed. Signed-off-by: Thibault Normand <me@zenithar.org> * fix(key): display ed25519 public key size on error. Signed-off-by: Thibault Normand <me@zenithar.org> * feat(keys): support unknown fields for json decoder. Signed-off-by: Thibault Normand <me@zenithar.org> * feat(types): support unknown fields for json decoder. Signed-off-by: Thibault Normand <me@zenithar.org> * style(go): convert switch to if. Signed-off-by: Thibault Normand <me@zenithar.org>
- Loading branch information
Showing
8 changed files
with
238 additions
and
40 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
package keys | ||
|
||
import ( | ||
"crypto/ecdsa" | ||
"crypto/elliptic" | ||
"crypto/rand" | ||
"encoding/hex" | ||
"encoding/json" | ||
"errors" | ||
"io" | ||
"strings" | ||
|
||
fuzz "github.com/google/gofuzz" | ||
"github.com/theupdateframework/go-tuf/data" | ||
. "gopkg.in/check.v1" | ||
) | ||
|
||
type ECDSASuite struct{} | ||
|
||
var _ = Suite(&ECDSASuite{}) | ||
|
||
func (ECDSASuite) TestUnmarshalECDSA(c *C) { | ||
priv, err := ecdsa.GenerateKey(elliptic.P256(), strings.NewReader("00001-deterministic-buffer-for-key-generation")) | ||
c.Assert(err, IsNil) | ||
|
||
// Marshall as non compressed point | ||
pub := elliptic.Marshal(elliptic.P256(), priv.X, priv.Y) | ||
|
||
publicKey, err := json.Marshal(map[string]string{ | ||
"public": hex.EncodeToString(pub), | ||
}) | ||
c.Assert(err, IsNil) | ||
|
||
badKey := &data.PublicKey{ | ||
Type: data.KeyTypeECDSA_SHA2_P256, | ||
Scheme: data.KeySchemeECDSA_SHA2_P256, | ||
Algorithms: data.HashAlgorithms, | ||
Value: publicKey, | ||
} | ||
verifier := NewEcdsaVerifier() | ||
c.Assert(verifier.UnmarshalPublicKey(badKey), IsNil) | ||
} | ||
|
||
func (ECDSASuite) TestUnmarshalECDSA_Invalid(c *C) { | ||
badKeyValue, err := json.Marshal(true) | ||
c.Assert(err, IsNil) | ||
|
||
badKey := &data.PublicKey{ | ||
Type: data.KeyTypeECDSA_SHA2_P256, | ||
Scheme: data.KeySchemeECDSA_SHA2_P256, | ||
Algorithms: data.HashAlgorithms, | ||
Value: badKeyValue, | ||
} | ||
verifier := NewEcdsaVerifier() | ||
c.Assert(verifier.UnmarshalPublicKey(badKey), ErrorMatches, "json: cannot unmarshal.*") | ||
} | ||
|
||
func (ECDSASuite) TestUnmarshalECDSA_FastFuzz(c *C) { | ||
verifier := NewEcdsaVerifier() | ||
for i := 0; i < 50; i++ { | ||
// Ensure no basic panic | ||
|
||
f := fuzz.New() | ||
var publicData data.PublicKey | ||
f.Fuzz(&publicData) | ||
|
||
verifier.UnmarshalPublicKey(&publicData) | ||
} | ||
} | ||
|
||
func (ECDSASuite) TestUnmarshalECDSA_TooLongContent(c *C) { | ||
randomSeed := make([]byte, MaxJSONKeySize) | ||
_, err := io.ReadFull(rand.Reader, randomSeed) | ||
c.Assert(err, IsNil) | ||
|
||
tooLongPayload, err := json.Marshal( | ||
&ed25519Verifier{ | ||
PublicKey: data.HexBytes(hex.EncodeToString(randomSeed)), | ||
}, | ||
) | ||
c.Assert(err, IsNil) | ||
|
||
badKey := &data.PublicKey{ | ||
Type: data.KeyTypeECDSA_SHA2_P256, | ||
Scheme: data.KeySchemeECDSA_SHA2_P256, | ||
Algorithms: data.HashAlgorithms, | ||
Value: tooLongPayload, | ||
} | ||
verifier := NewEcdsaVerifier() | ||
err = verifier.UnmarshalPublicKey(badKey) | ||
c.Assert(errors.Is(err, io.ErrUnexpectedEOF), Equals, true) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.