search

cose-wg / CBOR-certificates

Other
11 stars 7 forks source link

Location of signature algorithm in C509CertificateRequest #167

Closed xipki closed 5 months ago

xipki commented 7 months ago

In the newest document (https://github.com/cose-wg/CBOR-certificates/blob/master/draft-ietf-cose-cbor-encoded-cert.md), the location of signature algorithm in C509Certificate has been changed as discussed in https://github.com/cose-wg/CBOR-certificates/issues/149).

@authors: What about the same change to C509CertificateRequest?

gselander commented 7 months ago

Thanks @xipki!

emanjon commented 7 months ago

Unclear to me what "the same change" is in CSR

xipki commented 7 months ago

Please refer to https://github.com/cose-wg/CBOR-certificates/pull/170 for more details.

emanjon commented 7 months ago

There are no details in #170 except mine.

My understanding is that a DER CSR has a single signature algorithm (correct me if I am wrong). Moving that clearly increases code complexity in some settings. There is no analysis of this. I think such analysis is needed before doing any changes.

xipki commented 7 months ago

The idea is to put the signatureAlgorithm field at the beginning of the CertificateRequest so that we can verify the signature by one pass.

Yes, the DER (ASN.1) CSR has only signatureAlgorithm, and so have the C509 one. My suggestion is not to add a second signatureAlgorithm field, but just to change the location of this field.

About additional complexity, could you add more details, or examples?

xipki commented 6 months ago

ASN.1 syntax of X.509 CSR

   CertificationRequest ::= SEQUENCE {
        certificationRequestInfo CertificationRequestInfo,
        signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
        signature          BIT STRING
   }

   CertificationRequestInfo ::= SEQUENCE {
        version       INTEGER { v1(0) } (v1,...),
        subject       Name,
        subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
        attributes    [0] Attributes{{ CRIAttributes }}
   }

While converting X.509 CSR to C.509 CSR, moving the field signatureAlgorithmto the beginning may requires to parse the X.509 CSR in two steps. The first step is to read the signatureAlgorithm of X.509 CSR, and the second step to read all other fields of X.509 CSR.

This, however, can be optimized as follows:

  1. Read the length, say t bytes, of SEQUENCE of certificationRequestInfo
  2. Skip tbytes to reach the position of signatureAlgorithm.
  3. Move back to the start position of certificationRequestInfo, and parsing the remaining fields.