Certificate verification fails if the certificate being verified does not contain the relevant extensions #11042

kajinamit · 2024-05-31T04:18:43Z

Problem description

I'm trying to verify the VCEK certificate published by AMD. According to the document VCEK is supposed to be verified by ARK (root certificate) and ASK (intermediate certificate).
However verification consistently fails because of Certificate is missing required extension.

>>> import datetime
>>>
>>> from cryptography import x509
>>> from cryptography.x509 import verification
>>>
>>> with open('certs/vcek.pem', 'rb') as f:
...     vcek = x509.load_pem_x509_certificate(f.read())
...
>>> with open('certs/ark.pem', 'rb') as f:
...     ark = x509.load_pem_x509_certificates(f.read())
...
>>> with open('certs/ask.pem', 'rb') as f:
...     ask = x509.load_pem_x509_certificates(f.read())
...
>>> store = verification.Store(ark)
>>> builder = verification.PolicyBuilder().store(store)
>>> builder = builder.time(datetime.datetime.now())
>>> verifier = builder.build_client_verifier()
>>> chain = verifier.verify(vcek, ask)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
cryptography.hazmat.bindings._rust.x509.VerificationError: validation failed: Other("Certificate is missing required extension")

I suspect "the missing required extension" is Authority Key Identifier (or Subject Key Identifier) . RFC5280 states that To facilitate certification path construction, this extension MUST appear in all conforming CA certificates while it also states that Conforming CAs MUST mark this extension as non-critical. I'm wondering if it makes sense that cryptography would ignore missing Subject Key Identifier field, if the field is supposed to be always non-critical.

Versions

Python 3.10.12 (built-in version in Ubuntu 22.04)
cryptography 43.0.0.dev1 (hash: ee4b371 )
pip 22.0.2
setuptools 59.6.0

Certificate contents

certs/vcek.pem

certs/ask.pem

certs/ark.pem

The text was updated successfully, but these errors were encountered:

kajinamit · 2024-05-31T04:21:57Z

The certificate can be verified by openssl

# openssl verify -CAfile certs/ark.pem -untrusted certs/ask.pem certs/vcek.pem
certs/vcek.pem: OK

or pyOpenSSL

>>> from OpenSSL import crypto
>>> with open('certs/vcek.pem', 'rb') as f:
...     vcek = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
...
>>> with open('certs/ark.pem', 'rb') as f:
...     ark = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
...
>>> with open('certs/ask.pem', 'rb') as f:
...     ask = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
...
>>> store = crypto.X509Store()
>>> store.add_cert(ark)
>>> store.add_cert(ask)
>>> ctx = crypto.X509StoreContext(store, vcek)
>>> ctx.verify_certificate()
>>>

kajinamit · 2024-05-31T04:25:11Z

OK it turned out the verification fails even with openssl when strict mode is enabled ...

# openssl verify -CAfile certs/ark.pem -untrusted certs/ask.pem -x509_strict certs/vcek.pem
OU = Engineering, C = US, L = Santa Clara, ST = CA, O = Advanced Micro Devices, CN = SEV-VCEK
error 85 at 0 depth lookup: Missing Authority Key Identifier
error certs/vcek.pem: verification failed

kajinamit · 2024-05-31T04:29:07Z

Since the issue is also detected by openssl, I've reported the issue in virtee/snpguest#57 (comment) .
We have checked a few certificates available in web but some of these do not contain these fields, actually.

reaperhulk · 2024-05-31T06:56:53Z

Our verifier currently is based on the WebPKI, which requires AKIs. This doesn't prohibit us having alternate verification options in the future (e.g., our client verifier), although some API discussion would be needed to determine what makes sense.

One concern I have is that it's not clear to me that AMD did the diligence to understand X.509 and generate proper certificates as opposed to just doing some quick empirical checks against existing implementations.

Separately, our error message would be more useful if it explained what required extensions were missing.

cc @woodruffw for when he's back from vacation 😄

woodruffw · 2024-06-06T20:53:20Z

Thanks for the ping @reaperhulk!

100% agreed about improving the error message; I can take a poke at that sometime in the coming days.

See also #10276 (comment) for a similar request (Intel SGX instead of AMD SEV, but also caused by profile variants).

woodruffw · 2024-06-26T01:59:30Z

Looping back: #11162 improved the extension error messages here.

woodruffw mentioned this issue Jun 26, 2024

FR: Allow clients to set extension policies for x.509 verification #11165

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Certificate verification fails if the certificate being verified does not contain the relevant extensions #11042

Certificate verification fails if the certificate being verified does not contain the relevant extensions #11042

kajinamit commented May 31, 2024 •

edited

Loading

kajinamit commented May 31, 2024

kajinamit commented May 31, 2024

kajinamit commented May 31, 2024

reaperhulk commented May 31, 2024

woodruffw commented Jun 6, 2024

woodruffw commented Jun 26, 2024

Certificate verification fails if the certificate being verified does not contain the relevant extensions #11042

Certificate verification fails if the certificate being verified does not contain the relevant extensions #11042

Comments

kajinamit commented May 31, 2024 • edited Loading

Problem description

Versions

Certificate contents

kajinamit commented May 31, 2024

kajinamit commented May 31, 2024

kajinamit commented May 31, 2024

reaperhulk commented May 31, 2024

woodruffw commented Jun 6, 2024

woodruffw commented Jun 26, 2024

kajinamit commented May 31, 2024 •

edited

Loading