embedded-tls icon indicating copy to clipboard operation
embedded-tls copied to clipboard

Published 20 hours ago verified publisher icon drogue-iot

Add support for server certificate validation

Open lulf opened this issue 4 years ago • 6 comments

Add support for supplying a CA trust in the TlsConfig and use this to validate the Certificate presented by the server.

lulf avatar Jun 30 '21 20:06 lulf

Status update on this feature:

At present, the webpki crate is a compile time option for enabling certificate validation. However, the webpki crate does not work on embedded devices and has a few issues:

  1. C library dependencies and custom assembly code that makes supporting new targets very slow
  2. Random number generation is "owned" by webpki. This doesn't work well with the embedded ecosystem, because there are many different random number generators, and implementing them all in webpki is not feasible.

Therefore, I think it is useful to take a look at alternatives.

IMO the minimal feature set drogue-tls should support are:

  • Validating server certificate. One exception is the expiry range: most embedded devices does not have a clock, so this must be ignorable (This is done already for the webpki implementation, but requires a webpki patch)
  • Validating signature if the key exchange using the server certificate.

In the first instance I think supporting the elliptic curve signature algorithms should be sufficient:

  • EcdsaSecp256r1Sha256 (0x0403)
  • EcdsaSecp384r1Sha384 (0x0503)
  • EcdsaSecp521r1Sha512 (0x0603)
  • Ed25519 (0x0807)

RSA would be nice, but I don't know of any crates being able to do RSA without allocator.

There are several crates not requiring any allocators that could be used for this task (most developed under RustCrypto:

lulf avatar Nov 05 '21 08:11 lulf

Hey @lulf , I wonder what is the status of this feature? Is embedded-tls client support server certificate validation if the server provides a self-signed certificate?

yaoxin-jing avatar Mar 23 '23 10:03 yaoxin-jing

It's the same as the last status I'm afraid. Whether the server certificate is self-signed or not doesn't matter, the only difference would be that you'd have to use your own CA as the trust root.

lulf avatar Mar 23 '23 10:03 lulf

I feel like we should extract the webpki verifier to its own crate. rust-analyzer doesn't like that it's gated behind a feature (won't really work with the webpki.rs file), and we might want to encourage developing additional verifier backends if there is a standalone example of how to do it.

rustls has forked webpki. Since they also build on ring, I don't expect this fork would be any more useful for us, but it's something worth knowing about, and might be a good idea to support, too.

bugadani avatar Apr 19 '23 13:04 bugadani

I think we should just kill the webpki verifier, I don't think it's useful the way it is, and would rather see one that uses rust-only crates.

lulf avatar Apr 19 '23 14:04 lulf

A rust-only solution is a good idea, but killing webpki is harsh IMO. I'm considering using it myself in one form or another, though I haven't started yet.

bugadani avatar Apr 19 '23 14:04 bugadani