[Cryptech Tech] arm

[Bernd Paysan]

Am Dienstag, 13. Januar 2015, 08:50:16 schrieb Leif Johansson:
> > 13 jan 2015 kl. 03:30 skrev Bernd Paysan <bernd at net2o.de>:
> > I would advocate against parsing more complex data types (think of ASN1)
> > inside the ultra-secure boundary, because with bugs in the parser, you can
> > 0wn the HSM.
> 
> I'm wondering how much security-fu you get by just having a library for
> doing simple offset byte-range checks wo actually parsing stuff inside the
> boundary. Extra checks w parsing done outside the boundary...

You get very little.  Assume I want to get you to sign a ASN1 cert with a time 
span that is much longer.  Then I pretend the time span is somewhere else in 
the ASN1 and produce something valid there, and the byte-range check will 
succeed.  You have a number of free-text fields in ANS1, where you can put 
stuff that might look funny when someone actually examines the certificate, 
but that doesn't really matter ;-). You could try to generate a public key 
that contains something that looks like a valid ASN1 time range; that may take 
a bit longer than the usual key generation time, but should be doable.

I suppose it's easier the other way round: The HSM inserts the signature times 
into the fields pointed to by the signing request (you only have to check that 
the fields are indeed inside the supplied blob), and then hashes and signs the 
certificate, if that's easily doable.  However, I don't think it is.  ASN1 is 
clearly a format from hell.

-- 
Bernd Paysan
"If you want it done right, you have to do it yourself"
http://bernd-paysan.de/
net2o ID: kQusJzA;7*?t=uy at X}1GWr!+0qqp_Cn176t4(dQ*