Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict ECDSA/NIST P-Curve hash function sizes for cert signing #12872

Merged
merged 7 commits into from
Nov 12, 2021
Merged

Restrict ECDSA/NIST P-Curve hash function sizes for cert signing #12872

merged 7 commits into from
Nov 12, 2021

Commits on Nov 12, 2021

  1. Restrict ECDSA signatures with NIST P-Curve hashes 

    When using an ECDSA signature with a NIST P-Curve, we should follow
recommendations from BIS (Section 4.2) and Mozilla's root store policy
(section 5.1.2) to ensure that arbitrary selection of signature_bits
does not exceed what the curve is capable of signing.

Related: hashicorp#11245

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Nov 12, 2021
    Configuration menu
    Copy the full SHA
    7ca3053 View commit details
    Browse the repository at this point in the history

  2. Switch to certutil.ValidateKeyTypeSignatureLength(...) 

    Replaces previous calls to certutil.ValidateKeyTypeLength(...) and
certutil.ValidateSignatureLength(...) with a single call, allowing for
curve<->hash validation.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Nov 12, 2021
    Configuration menu
    Copy the full SHA
    46278e1 View commit details
    Browse the repository at this point in the history

  3. Switch to autodetection of signature_bits 

    This enables detection of whether the caller manually specified a value
for signature_bits or not; when not manually specified, we can provision
a value that complies with new NIST P-Curve policy.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Nov 12, 2021
    Configuration menu
    Copy the full SHA
    e0913cc View commit details
    Browse the repository at this point in the history

  4. Select hash function length automatically 

    Due to our change in behavior (to default to -1 as the value to
signature_bits to allow for automatic hash selection), switch
ValidateKeyTypeSignatureLength(...) to accept a pointer to hashBits and
provision it with valid default values.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Nov 12, 2021
    Configuration menu
    Copy the full SHA
    838caa9 View commit details
    Browse the repository at this point in the history

  5. Prevent invalid Curve size lookups 

    Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Nov 12, 2021
    Configuration menu
    Copy the full SHA
    95f1530 View commit details
    Browse the repository at this point in the history

  6. Switch from -1 to 0 as default SignatureBits 

    Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Nov 12, 2021
    Configuration menu
    Copy the full SHA
    2d8cf91 View commit details
    Browse the repository at this point in the history

  7. Add changelog entry 

    Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Nov 12, 2021
    Configuration menu
    Copy the full SHA
    8686b03 View commit details
    Browse the repository at this point in the history