From 9bba7b7e572cd92a5b6d74ad0520522f45277ffc Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 6 Jan 2020 13:56:08 -0500 Subject: [PATCH] lints: warn for RSA-PSS sigalg in cabf lint, not err. (#342) The `e_signature_algorithm_not_supported` lint enforces Section 6.1.5 of the baseline requirements by checking certificate signature algorithms against a fixed set. Previously this set did not include the RSA-PSS signature algorithms and would mistakenly flag certificates signed with a RSA-PSS algorithm with an error result. The BRs do not forbid using RSA-PSS signature algorithms (provided the associated digest algorithm is one of the three approved in 6.1.5). The Mozilla root program requirements do forbid RSA-PSS in v2.7+ but that should be checked in a separate Mozilla scoped lint. This commit adjusts the `e_signature_algorithm_not_supported` lint to return `lint.Warn` for RSA-PSS with SHA256, SHA384 or SHA512. See #326 for more background. --- .../lint_signature_algorithm_not_supported.go | 46 +++++++++++++++++-- ..._signature_algorithm_not_supported_test.go | 9 ++++ .../sha256WithRSAPSSSignatureAlgorithm.pem | 37 +++++++++++++++ 3 files changed, 87 insertions(+), 5 deletions(-) create mode 100644 testlint/testCerts/sha256WithRSAPSSSignatureAlgorithm.pem diff --git a/lints/cabf_br/lint_signature_algorithm_not_supported.go b/lints/cabf_br/lint_signature_algorithm_not_supported.go index 65fb079cc..efcc95013 100644 --- a/lints/cabf_br/lint_signature_algorithm_not_supported.go +++ b/lints/cabf_br/lint_signature_algorithm_not_supported.go @@ -20,6 +20,38 @@ import ( "github.com/zmap/zlint/util" ) +var ( + // Any of the following x509.SignatureAlgorithms are acceptable per §6.1.5 of + // the BRs. + passSigAlgs = map[x509.SignatureAlgorithm]bool{ + x509.SHA256WithRSA: true, + x509.SHA384WithRSA: true, + x509.SHA512WithRSA: true, + x509.DSAWithSHA256: true, + x509.ECDSAWithSHA256: true, + x509.ECDSAWithSHA384: true, + x509.ECDSAWithSHA512: true, + // NOTE: BRs section §6.1.5 does not include SHA1 digest algorithms in the + // current version. We allow these here for historic reasons and check for + // SHA1 usage after the deprecation date in the separate + // `e_sub_cert_or_sub_ca_using_sha1` lint. + x509.SHA1WithRSA: true, + x509.DSAWithSHA1: true, + x509.ECDSAWithSHA1: true, + } + // The BRs do not forbid the use of RSA-PSS as a signature scheme in + // certificates but it is not broadly supported by user-agents. Since + // the BRs do not forbid the practice we return a warning result. + // NOTE: The Mozilla root program policy *does* forbid their use since v2.7. + // This should be covered by a lint scoped to the Mozilla source instead of in + // this CABF lint. + warnSigAlgs = map[x509.SignatureAlgorithm]bool{ + x509.SHA256WithRSAPSS: true, + x509.SHA384WithRSAPSS: true, + x509.SHA512WithRSAPSS: true, + } +) + type signatureAlgorithmNotSupported struct{} func (l *signatureAlgorithmNotSupported) Initialize() error { @@ -31,11 +63,15 @@ func (l *signatureAlgorithmNotSupported) CheckApplies(c *x509.Certificate) bool } func (l *signatureAlgorithmNotSupported) Execute(c *x509.Certificate) *lint.LintResult { - - if c.SignatureAlgorithm == x509.SHA1WithRSA || c.SignatureAlgorithm == x509.SHA256WithRSA || c.SignatureAlgorithm == x509.SHA384WithRSA || c.SignatureAlgorithm == x509.SHA512WithRSA || c.SignatureAlgorithm == x509.DSAWithSHA1 || c.SignatureAlgorithm == x509.DSAWithSHA256 || c.SignatureAlgorithm == x509.ECDSAWithSHA1 || c.SignatureAlgorithm == x509.ECDSAWithSHA256 || c.SignatureAlgorithm == x509.ECDSAWithSHA384 || c.SignatureAlgorithm == x509.ECDSAWithSHA512 { - return &lint.LintResult{Status: lint.Pass} - } else { - return &lint.LintResult{Status: lint.Error} + sigAlg := c.SignatureAlgorithm + status := lint.Error + if passSigAlgs[sigAlg] { + status = lint.Pass + } else if warnSigAlgs[sigAlg] { + status = lint.Warn + } + return &lint.LintResult{ + Status: status, } } diff --git a/lints/cabf_br/lint_signature_algorithm_not_supported_test.go b/lints/cabf_br/lint_signature_algorithm_not_supported_test.go index 1bbe916a9..61cf6d529 100644 --- a/lints/cabf_br/lint_signature_algorithm_not_supported_test.go +++ b/lints/cabf_br/lint_signature_algorithm_not_supported_test.go @@ -38,3 +38,12 @@ func TestSignatureAlgorithmSHA1Supported(t *testing.T) { t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status) } } + +func TestSignatureAlgorithmRSAPSSWarn(t *testing.T) { + inputPath := "../../testlint/testCerts/sha256WithRSAPSSSignatureAlgorithm.pem" + expected := lint.Warn + out := lint.Lints["e_signature_algorithm_not_supported"].Execute(util.ReadCertificate(inputPath)) + if out.Status != expected { + t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status) + } +} diff --git a/testlint/testCerts/sha256WithRSAPSSSignatureAlgorithm.pem b/testlint/testCerts/sha256WithRSAPSSSignatureAlgorithm.pem new file mode 100644 index 000000000..1c47793d9 --- /dev/null +++ b/testlint/testCerts/sha256WithRSAPSSSignatureAlgorithm.pem @@ -0,0 +1,37 @@ +Adopted from: +https://github.com/golang/go/blob/d5967a710094b4e901175948727bbda7a197565c/src/crypto/x509/x509_test.go#L1021-L1055 +-----BEGIN CERTIFICATE----- +MIIGHjCCA9KgAwIBAgIBdjBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUA +oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAwbjELMAkGA1UEBhMC +SlAxHDAaBgNVBAoME0phcGFuZXNlIEdvdmVybm1lbnQxKDAmBgNVBAsMH1RoZSBN +aW5pc3RyeSBvZiBGb3JlaWduIEFmZmFpcnMxFzAVBgNVBAMMDmUtcGFzc3BvcnRD +U0NBMB4XDTEzMDUxNDA1MDczMFoXDTI5MDUxNDA1MDczMFowbjELMAkGA1UEBhMC +SlAxHDAaBgNVBAoME0phcGFuZXNlIEdvdmVybm1lbnQxKDAmBgNVBAsMH1RoZSBN +aW5pc3RyeSBvZiBGb3JlaWduIEFmZmFpcnMxFzAVBgNVBAMMDmUtcGFzc3BvcnRD +U0NBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx/E3WRVxcCDXhoST +8nVSLjW6hwM4Ni99AegWzcGtfGFo0zjFA1Cl5URqxauvYu3gQgQHBGA1CovWeGrl +yVSRzOL1imcYsSgLOcnhVYB3Xcrof4ebv9+W+TwNdc9YzAwcj8rNd5nP6PKXIQ+W +PCkEOXdyb80YEnxuT+NPjkVfFSPBS7QYZpvT2fwy4fZ0eh48253+7VleSmTO0mqj +7TlzaG56q150SLZbhpOd8jD8bM/wACnLCPR88wj4hCcDLEwoLyY85HJCTIQQMnoT +UpqyzEeupPREIm6yi4d8C9YqIWFn2YTnRcWcmMaJLzq+kYwKoudfnoC6RW2vzZXn +defQs68IZuK+uALu9G3JWGPgu0CQGj0JNDT8zkiDV++4eNrZczWKjr1YnAL+VbLK +bApwL2u19l2WDpfUklimhWfraqHNIUKU6CjZOG31RzXcplIj0mtqs0E1r7r357Es +yFoB28iNo4cz1lCulh0E4WJzWzLZcT4ZspHHRCFyvYnXoibXEV1nULq8ByKKG0FS +7nn4SseoV+8PvjHLPhmHGMvi4mxkbcXdV3wthHT1/HXdqY84A4xHWt1+sB/TpTek +tDhFlEfcUygvTu58UtOnysomOVVeERmi7WSujfzKsGJAJYeetiA5R+zX7BxeyFVE +qW0zh1Tkwh0S8LRe5diJh4+6FG0CAwEAAaNfMF0wHQYDVR0OBBYEFD+oahaikBTV +Urk81Uz7kRS2sx0aMA4GA1UdDwEB/wQEAwIBBjAYBgNVHSAEETAPMA0GCyqDCIaP +fgYFAQEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwQQYJKoZIhvcNAQEKMDSgDzANBglg +hkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4IC +AQAaxWBQn5CZuNBfyzL57mn31ukHUFd61OMROSX3PT7oCv1Dy+C2AdRlxOcbN3/n +li0yfXUUqiY3COlLAHKRlkr97mLtxEFoJ0R8nVN2IQdChNQM/XSCzSGyY8NVa1OR +TTpEWLnexJ9kvIdbFXwUqdTnAkOI0m7Rg8j+E+lRRHg1xDAA1qKttrtUj3HRQWf3 +kNTu628SiMvap6aIdncburaK56MP7gkR1Wr/ichOfjIA3Jgw2PapI31i0GqeMd66 +U1+lC9FeyMAJpuSVp/SoiYzYo+79SFcVoM2yw3yAnIKg7q9GLYYqzncdykT6C06c +15gWFI6igmReAsD9ITSvYh0jLrLHfEYcPTOD3ZXJ4EwwHtWSoO3gq1EAtOYKu/Lv +C8zfBsZcFdsHvsSiYeBU8Oioe42mguky3Ax9O7D805Ek6R68ra07MW/G4YxvV7IN +2BfSaYy8MX9IG0ZMIOcoc0FeF5xkFmJ7kdrlTaJzC0IE9PNxNaH5QnOAFB8vxHcO +FioUxb6UKdHcPLR1VZtAdTdTMjSJxUqD/35Cdfqs7oDJXz8f6TXO2Tdy6G++YUs9 +qsGZWxzFvvkXUkQSl0dQQ5jO/FtUJcAVXVVp20LxPemfatAHpW31WdJYeWSQWky2 ++f9b5TXKXVyjlUL7uHxowWrT2AtTchDH22wTEtqLEF9Z3Q== +-----END CERTIFICATE-----