mozilla-services / go-cose Goto Github PK

View Code? Open in Web Editor NEW

40.0 11.0 18.0 313 KB

go library for CBOR Object Signing and Encryption (COSE)

License: Mozilla Public License 2.0

Makefile 0.84% Go 99.16%

cose signing golang go

go-cose's Introduction

go-cose

Caution

⚠️ Please note that the repository is no longer actively maintained. No further development of any go-cose features will take place here. Please use veraison-go-cose if you need go-cose library for your project or wish to participate in go-cose development.

DANGER

☣️ This repository does not properly verify certain COSE signatures. While this does not affect Mozilla's internal use of the code, others are advised to use the veraison-go-cose implementation.

A COSE library for go.

It currently supports signing and verifying the SignMessage type with the ES{256,384,512} and PS256 algorithms.

API docs

Usage

Install

go get -u go.mozilla.org/cose

Signing a message

See example/sign.go and run it with:

$ go run example/sign.go
Bit lengths of integers r and s (256 and 256) do not match the key length 255
Message signature (ES256): 043685f99421f9e80c7c3c50d0fc8266161d3d614aaa3b63d2cdf581713fca62bb5d2e34d2352dbe41424b31d0b4a11d6b2d4764c18e2af04f4520fbe494d51c

Verifying a message

See example/verify.go and run it with:

$ go run example/verify.go
Bit lengths of integers r and s (256 and 254) do not match the key length 254
Message signature (ES256): 9411dc5200c1cb67ccd76424ade09ce89c4a8d8d2b66f2bbf70edf63beb2dc3cbde83250773e659b635d3715442a1efaa6b0c030ee8a2523c3e37a22ddb055fa
Message signature verified

Development

Running tests:

Install rust and cargo
On OSX: brew install nss nss then in sign_verify_cose_rust_cli_test.go add NSS_LIB_DIR to cmd or -L /usr/local/opt/nss/lib to RUSTFLAGS e.g. cmd.Env = append(os.Environ(), "NSS_LIB_DIR=/usr/local/opt/nss/lib", "RUSTFLAGS=-A dead_code -A unused_imports")
If you already have dep and golint commands installed, run make install-godep install-golint
Run go test

go-cose's People

Contributors

Stargazers

Watchers

Forkers

g-k etsangsplk hypatia-technologies mozilla-github-standards jimsch jonnycrunch fxamacker x448 10allday-services thomas-fossati masonforest eivel ponci-berlin lafriks-fork yogeshbdeshpande

go-cose's Issues

Pass io.Reader as payload for signature

Signing a message currently requires copying the payload as an []byte into the cose.SignMessage.Payload field. For large payloads, this means copying large amounts of data. It also means the max size of a payload is limited by available memory.

Payloads are hashed and this can be done in chunks to avoid loading all that data into memory. Passing an io.Reader as Payload, perhaps as a PayloadReader variable, would allow the Sign() function to use that instead of the large []byte

figure out why ECDSA bitlens don't match

refs

go-cose/core.go

Line 149 in 2ea0d62

// TODO: figure out why these lengths don't match

CODE_OF_CONDUCT.md file missing

As of January 1 2019, Mozilla requires that all GitHub projects include this CODE_OF_CONDUCT.md file in the project root. The file has two parts:

Required Text - All text under the headings Community Participation Guidelines and How to Report, are required, and should not be altered.
Optional Text - The Project Specific Etiquette heading provides a space to speak more specifically about ways people can work effectively and inclusively together. Some examples of those can be found on the Firefox Debugger project, and Common Voice. (The optional part is commented out in the raw template file, and will not be visible until you modify and uncomment that part.)

If you have any questions about this file, or Code of Conduct policies and procedures, please reach out to [email protected].

(Message COC001)

clean up commented out cose rust test cases

specifically in helpers_test.go

Unmarshal COSE_Sign messages with nil payload

Currently throws a cbor decode error, so add a test case to cbor_test.go and get it passing.

make sure COSE wg examples are up to date

It's OK if the test cases fail, but it'd be good to update them.

encode / decode benchmark tests

should be in terms of the overhead on top of the CBOR encoder and decoder and crypto ops

are we using the right RSAPSS salt padding?

The spec says to use a salt length matching the hash length (i.e. rsa.PSSSaltLengthEqualsHash)

However, go-jose uses the auto length salt padding for the PS256 and switching it fixes the RSA verify failure for #7.

Use codecgen?

Use http://ugorji.net/blog/go-codecgen

Support more algs

Specifically ES384, ES512 would be good to support

CLI helper

update golang versions in CI

add 1.13
drop 1.11?

CBOR library exhausts memory in 1 decode attempt of < 10 bytes of malformed CBOR data

@g-k 🔥 this CBOR security issue is already public knowledge and affects a library used by go-cose.

October 2013 - RFC 7049 (CBOR) is approved by IETF as an Internet Standard and RFC 7049 Section 8 describes security considerations such as malicious CBOR.

September 2019 - oasislabs finds tiny malformed CBOR data causes fatal out of memory error when decoded with latest releases of ugorji/go (CBOR library used by go-cose) and switched to fxamacker/cbor in early October 2019.

February 2020 - smartcontractkit/chainlink has a security issue with ugorji/go that is closed by switching to fxamacker/cbor. I don't have login access to view their security issue.

March 2020 - @fxamacker finds tiny malformed CBOR data that causes fatal out of memory error when decoded with any release of ugorji/go (1.1.0 - 1.1.7 as well as last commit 42bc974).

fxamacker/cbor comparisons to ugorji/go.

Click to expand:

CBOR Program Size Comparison

fxamacker/cbor can produce smaller programs.

CBOR Speed Comparison

fxamacker/cbor can be faster for CBOR data such as CBOR Web Tokens.

CBOR Memory Comparison

fxamacker/cbor can use less memory for CBOR data such as CBOR Web Tokens.

Benchmarks used example data from RFC 8392 Appendix A.1 and default options for CBOR libraries.

drop golang 1.13 support; add 1.15

1.13 is unsupported since 1.15 came out https://golang.org/doc/devel/release.html#policy so we should drop 13 and add 15 in the CircleCI config https://github.com/mozilla-services/go-cose/blob/master/.circleci/config.yml

Question: Is this library still maintained?

I've been looking for a Go implementation of COSE and this is the only one I could find.

Is it still maintained/supported? Some of the issues/PRs are quite stale, and I'm wondering if it would be worth contributing fixes/improvements back up here.

Support Sign1 messages

make I2OSP more constant time

see discussion around mozilla-services/autograph#76 (comment)

figure out how to run examples against local code

refs: #15

get lint job passing in CI and require it to land PRs

refs: #63

Unmarshal into with standard (data []byte, v interface{}) error fn signature

started in https://github.com/mozilla-services/go-cose/tree/decode-into

CI failing on TestI2OSPTiming

I think we can disable it and open an issue.

--- FAIL: TestI2OSPTiming

e.g. https://app.circleci.com/jobs/github/mozilla-services/go-cose/43

Use a "linter aggregator" for static analysis in pull requests

There are 20+ linters available ranging from format checks to security checks.

golangci-lint makes it easy to configure and run dozens of linters.

It was easy to use GitHub Actions Workflow (free feature from GitHub, Inc.) with golangci-lint.

Here's how it looks at fxamacker/cbor configured to run 18 required linters + 5 optional linters.

Auto-updated "linters" badge.svg on README.md indicates if any linter failed:

Screenshot of workflow results shown in pull request provided by @fxamacker

(click to expand) Screenshot with 4 workflow results

Using golangci-lint + GitHub Actions Workflow doesn't require signup with 3rd-party vendor. 😄

Fix badge in readme to reflect migration from Travis CI to Circle CI

fuzz tests

Using one of:

handle untagged and mistagged CBOR SignMessages

cose-rust round trip fails

Specifically:

go-cose/sign_verify_cose_rust_cli_test.go

Line 79 in ab7ab64

 // skip round trip verify since it might not do things like verify the cert that nss does 

Maybe NSS is doing additional validation on the CERT chain?

tests that modify a single byte of signature or payload can fail intermittently

These two tests use an XOR that causes them to fail intermittently.

test_cose_sign_verify_tampered_signature
test_cose_sign_verify_modified_payload

go-cose/sign_verify_cose_rust_cli_test.go

Lines 58 to 65 in 1ecf8f0

 if testCase.ModifySignature { 

 // tamper with the COSE signature. 

 sig1 := message.Signatures[0].SignatureBytes 

 sig1[len(sig1)-5] ^= sig1[len(sig1)-5] 

 } 

 if testCase.ModifyPayload { 

 message.Payload[0] ^= message.Payload[0] 

 }

This can be fixed by making the target byte XOR with 1, instead of itself.

Fix exact bit level checks leading to flakey tests

i.e.

    --- FAIL: TestRustCoseCli/test_cose_sign_verify_P521_no_other_certs (0.10s)
        sign_verify_cose_rust_cli_test.go:56: 
            	Error Trace:	sign_verify_cose_rust_cli_test.go:56
            	            				sign_verify_cose_rust_cli_test.go:98
            	Error:      	Expected nil, but got: Byte lengths of integers r and s (9 and 8) do not match the key length 9
            	Test:       	TestRustCoseCli/test_cose_sign_verify_P521_no_other_certs
            	Messages:   	test_cose_sign_verify_P521_no_other_certs: signing failed with err Byte lengths of integers r and s (9 and 8) do not match the key length 9
        sign_verify_cose_rust_cli_test.go:91: 
            	Error Trace:	sign_verify_cose_rust_cli_test.go:91
            	            				sign_verify_cose_rust_cli_test.go:98
            	Error:      	Expected nil, but got: &exec.ExitError{ProcessState:(*os.ProcessState)(0xc00042e5c0), Stderr:[]uint8(nil)}
            	Test:       	TestRustCoseCli/test_cose_sign_verify_P521_no_other_certs
            	Messages:   	test_cose_sign_verify_P521_no_other_certs: error verifying signature with cose-rust exit status 2

from https://circleci.com/gh/mozilla-services/go-cose/23

CI broken

Due to coverage error:

goveralls -coverprofile=coverage.out -service=travis-ci -repotoken 
flag needs an argument: -repotoken

https://travis-ci.org/mozilla-services/go-cose/builds/512314494

RFC8152 Section 7 COSE_Key public key serialization?

Hi,
I'm not sure if this is out of the scope for this library or it's implemented but I missed it in the docs.

I'm looking to serialize public keys in the COSE_Key format (https://tools.ietf.org/html/rfc8152#section-7), e.g., a ES256 public key would be serialized as the CBOR representation of {<kty>: 2, <alg>: -7, <crv>: ..., <x>: ..., <y>: ...}, with the specified integers replacing the keys.

Does this library support this? I noticed a general cose.Marshal function but this doesn't seem to encode it in COSE_Key format, but rather the CBOR encoding of the go/crypto ecdsa.PublicKey struct. (And if not, would a PR that does support this be appropriate for this repo?)

	if testCase.ModifySignature {
	// tamper with the COSE signature.
	sig1 := message.Signatures[0].SignatureBytes
	sig1[len(sig1)-5] ^= sig1[len(sig1)-5]
	}
	if testCase.ModifyPayload {
	message.Payload[0] ^= message.Payload[0]
	}