Yawning
commented
3 years ago Looking into this again, the only remaining use of these crates should be runtime/src/common/sgx/avr.rs. So with that in mind we will need:
- [x] A x.509 certificate parser (Probably https://github.com/rusticata/x509-parser)
- [x] Something that can verify RSA signatures (2048->8192 bit keys), with PKCS#1.5 padding, and SHA-256 (https://github.com/RustCrypto/RSA).
- [x] Something that implements certificate path validation (See: RFC 5280 6.1 for the basic algorithm) (#4021).
~Of all of these things, certificate path validation is non-trivial, and hard to get exactly correct so my preference is for us to not do it ourselves, but as far as I can tell unless we can use something like openssl, we don't have a choice here if we want to shed the webpki dependency.~
I am still not totally thrilled by the idea of implementing this ourselves, but because the certificate chain that IAS uses is very explicitly defined, we can just validate against what we expect IAS to provide, which is considerably easier.
In an ideal world, we would not have a mess of Rust crypto libraries used by our system. Having to depend on someone else's branch of the library (because upstream refuses to merge a trivial branch to support the SGX target) is suboptimal to begin with. When said branch doesn't build with recent versions of the compiler, it's an even bigger issue (#2666).
This should be easy to do apart from where we use the libraries to validate AVR signatures. I'm not sure what options there are for doing X.509 certificate validation, especially with RSA in the mix, but in the medium to long term we should switch if at all possible.