From e80f3eed8e6cf0cee32c05ac5e1d7145902a2aaf Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 31 Jan 2024 19:26:49 -0500 Subject: [PATCH] verification/policy: tweak key checks (#10311) * verification/policy: tweak key checks Needs https://github.com/C2SP/x509-limbo/pull/185. Signed-off-by: William Woodruff * bump limbo Signed-off-by: William Woodruff --------- Signed-off-by: William Woodruff --- .github/actions/fetch-vectors/action.yml | 2 +- .../cryptography-x509-verification/src/policy/mod.rs | 9 ++++++++- tests/x509/verification/test_limbo.py | 7 +++++-- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/.github/actions/fetch-vectors/action.yml b/.github/actions/fetch-vectors/action.yml index f9715437f878..f9d21c8234d6 100644 --- a/.github/actions/fetch-vectors/action.yml +++ b/.github/actions/fetch-vectors/action.yml @@ -17,4 +17,4 @@ runs: repository: "C2SP/x509-limbo" path: "x509-limbo" # Latest commit on the x509-limbo main branch, as of Jan 31, 2024. - ref: "481b5d595b00ce55824607e1e8c2f1174539f3f8" # x509-limbo-ref + ref: "e7b8885bb20e532392e1f7c4be0d54c39b17c58b" # x509-limbo-ref diff --git a/src/rust/cryptography-x509-verification/src/policy/mod.rs b/src/rust/cryptography-x509-verification/src/policy/mod.rs index 3d8bc86b6b8b..41a4e722d5b7 100644 --- a/src/rust/cryptography-x509-verification/src/policy/mod.rs +++ b/src/rust/cryptography-x509-verification/src/policy/mod.rs @@ -476,9 +476,11 @@ impl<'a, B: CryptoOps> Policy<'a, B> { self.permits_ca(issuer.certificate(), current_depth, issuer_extensions)?; // CA/B 7.1.3.1 SubjectPublicKeyInfo + // NOTE: We check the issuer's SPKI here, since the issuer is + // definitionally a CA and thus subject to CABF key requirements. if !self .permitted_public_key_algorithms - .contains(&child.tbs_cert.spki.algorithm) + .contains(&issuer.certificate().tbs_cert.spki.algorithm) { return Err(ValidationError::Other(format!( "Forbidden public key algorithm: {:?}", @@ -487,6 +489,11 @@ impl<'a, B: CryptoOps> Policy<'a, B> { } // CA/B 7.1.3.2 Signature AlgorithmIdentifier + // NOTE: We check the child's signature here, since the issuer's + // signature is not necessarily subject to signature checks (e.g. + // if it's a root). This works out transitively, as any non root-issuer + // will be checked in its recursive step (where it'll be in the child + // position). if !self .permitted_signature_algorithms .contains(&child.signature_alg) diff --git a/tests/x509/verification/test_limbo.py b/tests/x509/verification/test_limbo.py index 57c429886809..edcb0fc9bda5 100644 --- a/tests/x509/verification/test_limbo.py +++ b/tests/x509/verification/test_limbo.py @@ -27,7 +27,10 @@ # Our support for custom EKUs is limited, and we (like most impls.) don't # handle all EKU conditions under CABF. "pedantic-webpki-eku", - # Similarly: contains tests that fail based on a strict reading of RFC 5280 + # Most CABF validators do not enforce the CABF key requirements on + # subscriber keys (i.e., in the leaf certificate). + "pedantic-webpki-subscriber-key", + # Tests that fail based on a strict reading of RFC 5280 # but are widely ignored by validators. "pedantic-rfc5280", # In rare circumstances, CABF relaxes RFC 5280's prescriptions in @@ -64,7 +67,7 @@ "webpki::aki::root-with-aki-ski-mismatch", # We allow RSA keys that aren't divisible by 8, which is technically # forbidden under CABF. No other implementation checks this either. - "webpki::forbidden-rsa-key-not-divisable-by-8", + "webpki::forbidden-rsa-not-divisable-by-8-in-root", # We disallow CAs in the leaf position, which is explicitly forbidden # by CABF (but implicitly permitted under RFC 5280). This is consistent # with what webpki and rustls do, but inconsistent with Go and OpenSSL.