What is the areas you experience the issue in?
Go-COSE Library
What is not working as expected?
Signature.Sign validates that the protected parameter contains a wellformed bstr, but it misses to detect byte arrays with more bytes than defined in the bstr prelude.
For example, []byte{0x40, 0xa1, 0x00, 0x00} declares a bstr (major type 2) with 0 entries, but it contains 3 entries.
Notice that the validation happens inside deterministicBinaryString, which is also used in Sign1Message.toBeSigned, so it's possible that Sign1Message is also affected by this bug.
What did you expect to happen?
Signature.Sign should return an error if protected contains extraneous bytes.
How can we reproduce it?
package main
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"github.com/veraison/go-cose"
)
func main() {
priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
panic(err)
}
sig := cose.NewSignature()
signer, err := cose.NewSigner(cose.AlgorithmES256, priv)
if err != nil {
panic(err)
}
err = sig.Sign(rand.Reader, signer, []byte{0x40, 0xa1, 0x00, 0x00}, []byte("Hello, world!"), nil)
if err != nil {
panic(err)
}
}Describe your environment
Windows 11, go1.21
What is the version of your Go-COSE Library?
v1.1.0
What is the areas you experience the issue in?
Go-COSE Library
What is not working as expected?
Signature.Signvalidates that theprotectedparameter contains a wellformedbstr, but it misses to detect byte arrays with more bytes than defined in thebstrprelude.For example,
[]byte{0x40, 0xa1, 0x00, 0x00}declares abstr(major type 2) with 0 entries, but it contains 3 entries.Notice that the validation happens inside
deterministicBinaryString, which is also used inSign1Message.toBeSigned, so it's possible thatSign1Messageis also affected by this bug.What did you expect to happen?
Signature.Signshould return an error ifprotectedcontains extraneous bytes.How can we reproduce it?
Describe your environment
Windows 11, go1.21
What is the version of your Go-COSE Library?
v1.1.0