Fix certificate cache key malleability#35
Open
leanthebean wants to merge 1 commit into
Open
Conversation
leanthebean
force-pushed
the
security/cert-cache-canonical-id
branch
from
e2604cd to
c649735
Compare
Key non-root certificate verification cache entries by the signed tbsCertificate instead of the full DER bytes so ECDSA signature malleability cannot create shadow cache identities. Keep the pinned root under ROOT_CA_CERT_HASH and reject malleable aliases of that trust anchor. Add regression coverage for malleated certificate signatures and update docs/scripts to use the returned cache key.
leanthebean
force-pushed
the
security/cert-cache-canonical-id
branch
from
c649735 to
3242d80
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
keccak256(tbsCertificate)instead of full DER bytes.ROOT_CA_CERT_HASHand reject malleable root aliases.Security issue
CertManager.verifyCACertWithHintspreviously usedkeccak256(raw cert bytes)as the verification cache key. The outer X.509 certificate signature is ECDSA P-384, and low-S is intentionally not enforced because AWS Nitro signatures may not be low-S. That means a valid certificate can have a byte-distinct(r, n-s)signature twin with the same signed TBS, subject, and public key.Because
verifiedParentis write-once, a caller could cache a shadow parent under the malleated full-DER hash, then pin a genuine child certificate to that alternate parent. Honest warm validation using the canonical certificate chain would later hitparent cert mismatch, producing a persistent denial of service for the hinted Nitro attestation path.Fix
Non-root certificate cache identity now derives from the signed
tbsCertificatebytes. ECDSA signature malleability only changes the outer signature bytes, so canonical and malleated encodings of the same certificate resolve to the same cache entry. The pinned root remains keyed byROOT_CA_CERT_HASH; if a malleated root encoding verifies under the root key,CertManagerrejects it asroot cert aliasso it cannot become a second trusted parent cache key.This preserves support for AWS Nitro P-384 signatures without adding a low-S requirement, while removing the malleable bytes from the cache identity used by
verifiedParent.Tests
forge fmtforge testAdded regression coverage showing that:
root cert alias.Addresses CAT finding
15bf935b-8ecd-4cd6-aba6-40123684840c.