diff options
author | William Woodruff <william@trailofbits.com> | 2024-01-31 19:26:49 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-31 19:26:49 -0500 |
commit | e80f3eed8e6cf0cee32c05ac5e1d7145902a2aaf (patch) | |
tree | 84cc7cca29099642ce783315ee7915b6ca6dd7fa | |
parent | b39190140facaedf133648b74a968b4eb5e3c83d (diff) | |
download | pyca-cryptography-e80f3eed8e6cf0cee32c05ac5e1d7145902a2aaf.zip pyca-cryptography-e80f3eed8e6cf0cee32c05ac5e1d7145902a2aaf.tar.gz pyca-cryptography-e80f3eed8e6cf0cee32c05ac5e1d7145902a2aaf.tar.bz2 |
verification/policy: tweak key checks (#10311)
* verification/policy: tweak key checks
Needs https://github.com/C2SP/x509-limbo/pull/185.
Signed-off-by: William Woodruff <william@trailofbits.com>
* bump limbo
Signed-off-by: William Woodruff <william@trailofbits.com>
---------
Signed-off-by: William Woodruff <william@trailofbits.com>
-rw-r--r-- | .github/actions/fetch-vectors/action.yml | 2 | ||||
-rw-r--r-- | src/rust/cryptography-x509-verification/src/policy/mod.rs | 9 | ||||
-rw-r--r-- | tests/x509/verification/test_limbo.py | 7 |
3 files changed, 14 insertions, 4 deletions
diff --git a/.github/actions/fetch-vectors/action.yml b/.github/actions/fetch-vectors/action.yml index f971543..f9d21c8 100644 --- a/.github/actions/fetch-vectors/action.yml +++ b/.github/actions/fetch-vectors/action.yml @@ -17,4 +17,4 @@ runs: repository: "C2SP/x509-limbo" path: "x509-limbo" # Latest commit on the x509-limbo main branch, as of Jan 31, 2024. - ref: "481b5d595b00ce55824607e1e8c2f1174539f3f8" # x509-limbo-ref + ref: "e7b8885bb20e532392e1f7c4be0d54c39b17c58b" # x509-limbo-ref diff --git a/src/rust/cryptography-x509-verification/src/policy/mod.rs b/src/rust/cryptography-x509-verification/src/policy/mod.rs index 3d8bc86..41a4e72 100644 --- a/src/rust/cryptography-x509-verification/src/policy/mod.rs +++ b/src/rust/cryptography-x509-verification/src/policy/mod.rs @@ -476,9 +476,11 @@ impl<'a, B: CryptoOps> Policy<'a, B> { self.permits_ca(issuer.certificate(), current_depth, issuer_extensions)?; // CA/B 7.1.3.1 SubjectPublicKeyInfo + // NOTE: We check the issuer's SPKI here, since the issuer is + // definitionally a CA and thus subject to CABF key requirements. if !self .permitted_public_key_algorithms - .contains(&child.tbs_cert.spki.algorithm) + .contains(&issuer.certificate().tbs_cert.spki.algorithm) { return Err(ValidationError::Other(format!( "Forbidden public key algorithm: {:?}", @@ -487,6 +489,11 @@ impl<'a, B: CryptoOps> Policy<'a, B> { } // CA/B 7.1.3.2 Signature AlgorithmIdentifier + // NOTE: We check the child's signature here, since the issuer's + // signature is not necessarily subject to signature checks (e.g. + // if it's a root). This works out transitively, as any non root-issuer + // will be checked in its recursive step (where it'll be in the child + // position). if !self .permitted_signature_algorithms .contains(&child.signature_alg) diff --git a/tests/x509/verification/test_limbo.py b/tests/x509/verification/test_limbo.py index 57c4298..edcb0fc 100644 --- a/tests/x509/verification/test_limbo.py +++ b/tests/x509/verification/test_limbo.py @@ -27,7 +27,10 @@ LIMBO_UNSUPPORTED_FEATURES = { # Our support for custom EKUs is limited, and we (like most impls.) don't # handle all EKU conditions under CABF. "pedantic-webpki-eku", - # Similarly: contains tests that fail based on a strict reading of RFC 5280 + # Most CABF validators do not enforce the CABF key requirements on + # subscriber keys (i.e., in the leaf certificate). + "pedantic-webpki-subscriber-key", + # Tests that fail based on a strict reading of RFC 5280 # but are widely ignored by validators. "pedantic-rfc5280", # In rare circumstances, CABF relaxes RFC 5280's prescriptions in @@ -64,7 +67,7 @@ LIMBO_SKIP_TESTCASES = { "webpki::aki::root-with-aki-ski-mismatch", # We allow RSA keys that aren't divisible by 8, which is technically # forbidden under CABF. No other implementation checks this either. - "webpki::forbidden-rsa-key-not-divisable-by-8", + "webpki::forbidden-rsa-not-divisable-by-8-in-root", # We disallow CAs in the leaf position, which is explicitly forbidden # by CABF (but implicitly permitted under RFC 5280). This is consistent # with what webpki and rustls do, but inconsistent with Go and OpenSSL. |