DRAFT: ratls: drop self-referential init_policy_hash cert extension#883
Draft
sgrams wants to merge 1 commit into
Draft
DRAFT: ratls: drop self-referential init_policy_hash cert extension#883sgrams wants to merge 1 commit into
sgrams wants to merge 1 commit into
Conversation
The rebinding-old RA-TLS cert carried two extensions populated from the same peer's initial TDINFO: * EXTNID_MIGTD_TDREPORT_INIT (OID .1.7) - full TDINFO_STRUCT * EXTNID_MIGTD_INIT_POLICY_HASH (OID .1.9) - mrowner (TDINFO[112..160]) verify_rebinding_old_cert then compared the second against bytes 112..160 of the first, i.e. the peer attesting to itself. The check has no security value: a malicious peer chooses both halves freely. Mirror commit ff049f7 (which removed the equivalent check from the SPDM rebind path) on the RA-TLS path: * drop the EXTNID_MIGTD_INIT_POLICY_HASH cert extension from create_certificate_for_rebinding_old * drop the find_extension + byte compare from verify_rebinding_old_cert * drop the init_policy_hash parameter from client_rebinding and from rebinding_old_prepare * remove the now-unused OID constant from ratls/mod.rs The peer's TDINFO_STRUCT continues to be carried in EXTNID_MIGTD_TDREPORT_INIT and consumed by mig_policy::authenticate_rebinding_old. NB: anti-downgrade binding of the locally-loaded INIT data against the local MigTD's own TDINFO (verify_init_migtd_data_policy_binding) belongs in start_rebinding and is tracked separately (GAPS.md T1 / G1). Signed-off-by: Stanislaw Grams <stanislaw.grams@intel.com>
Contributor
Author
|
This should be merged only once pull/869 is checked-in AND verify_init_migtd_data_policy_binding is wired into start_rebinding. |
sgrams
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The rebinding-old RA-TLS cert carried two extensions populated from the same peer's initial TDINFO:
EXTNID_MIGTD_TDREPORT_INIT(OID...1.7) — full TDINFO_STRUCTEXTNID_MIGTD_INIT_POLICY_HASH(OID...1.9) —mrowner(TDINFO[112..160])verify_rebinding_old_certthen compared the second against bytes112..160of the first — i.e. the peer attesting to itself. A malicious peer chooses both halves freely, so the check has no security value.Change
Mirror commit
ff049f7(which removed the equivalent check from the SPDM rebind path) on the RA-TLS path:EXTNID_MIGTD_INIT_POLICY_HASHfromcreate_certificate_for_rebinding_oldfind_extension+ byte-compare fromverify_rebinding_old_certinit_policy_hashparameter fromclient_rebindingandrebinding_old_prepareratls/mod.rsThe peer's TDINFO_STRUCT continues to be carried in
EXTNID_MIGTD_TDREPORT_INITand consumed bymig_policy::authenticate_rebinding_old.Test
Both feature sets build cleanly (no new warnings).
Note
Anti-downgrade binding of the locally-loaded INIT data against the local MigTD's own TDINFO (
verify_init_migtd_data_policy_binding) belongs instart_rebindingand is tracked separately.