[Cryptech Tech] arm
Bernd Paysan
bernd at net2o.de
Tue Jan 13 15:08:21 UTC 2015
Am Dienstag, 13. Januar 2015, 08:50:16 schrieb Leif Johansson:
> > 13 jan 2015 kl. 03:30 skrev Bernd Paysan <bernd at net2o.de>:
> > I would advocate against parsing more complex data types (think of ASN1)
> > inside the ultra-secure boundary, because with bugs in the parser, you can
> > 0wn the HSM.
>
> I'm wondering how much security-fu you get by just having a library for
> doing simple offset byte-range checks wo actually parsing stuff inside the
> boundary. Extra checks w parsing done outside the boundary...
You get very little. Assume I want to get you to sign a ASN1 cert with a time
span that is much longer. Then I pretend the time span is somewhere else in
the ASN1 and produce something valid there, and the byte-range check will
succeed. You have a number of free-text fields in ANS1, where you can put
stuff that might look funny when someone actually examines the certificate,
but that doesn't really matter ;-). You could try to generate a public key
that contains something that looks like a valid ASN1 time range; that may take
a bit longer than the usual key generation time, but should be doable.
I suppose it's easier the other way round: The HSM inserts the signature times
into the fields pointed to by the signing request (you only have to check that
the fields are indeed inside the supplied blob), and then hashes and signs the
certificate, if that's easily doable. However, I don't think it is. ASN1 is
clearly a format from hell.
--
Bernd Paysan
"If you want it done right, you have to do it yourself"
http://bernd-paysan.de/
net2o ID: kQusJzA;7*?t=uy at X}1GWr!+0qqp_Cn176t4(dQ*
More information about the Tech
mailing list