Add lint for checking that the 'critical' field is properly DER-encoded in extensions

v3/lints/rfc/lint_cert_ext_invalid_der.go

@@ -0,0 +1,119 @@
+/*
+ * ZLint Copyright 2024 Regents of the University of Michigan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+/*
+ * Contributed by Adriano Santoni <asantoni64@gmail.com>
+ */
+
+package rfc
+
+import (
+	"github.com/zmap/zcrypto/x509"
+	"github.com/zmap/zlint/v3/lint"
+	"github.com/zmap/zlint/v3/util"
+
+	"crypto/x509/pkix"
+	"encoding/asn1"
+	"fmt"
+	"math/big"
+)
+
+func init() {
+	lint.RegisterCertificateLint(&lint.CertificateLint{
+		LintMetadata: lint.LintMetadata{
+			Name:          "e_cert_ext_invalid_der",
+			Description:   "Checks that the 'critical' flag of extensions is not FALSE when present (as per DER encoding)",
+			Citation:      "RFC 5280 $4.2",
+			Source:        lint.RFC5280,
+			EffectiveDate: util.RFC5280Date,
+		},
+		Lint: NewCertExtensionInvalidDER,
+	})
+}
+
+type certExtensionInvalidDER struct{}
+
+/*
+ * Modified syntax w/respect to RFC 5280, so we can detect whether
+ * the critical field is actually present in the DER encoding
+ */
+type Extension struct {
+	Id asn1.ObjectIdentifier
+	// This is either the 'critical' or the 'extnValue' field (see RFC 5280 section 4.1)
+	// We can discriminate based on tag, since the two fields are of different ASN.1 types
+	Field2 asn1.RawValue
+	// If this is present, it can only be the 'extnValue' field
+	// We need to be able to capture it, but we do not deal with it
+	Field3 asn1.RawValue `asn1:"optional"`
+}
+
+// This is just plain RFC 5280
+type Certificate struct {
+	TbsCertificate     TBSCertificate
+	SignatureAlgorithm pkix.AlgorithmIdentifier
+	SignatureValue     asn1.BitString
+}
+
+// Simplified with respect to RFC 5280, as we are not interested in most fields here
+type TBSCertificate struct {
+	Version         int `asn1:"optional,explicit,default:0,tag:0"`
+	SerialNumber    *big.Int
+	SignatureAlgo   pkix.AlgorithmIdentifier
+	Issuer          asn1.RawValue
+	Validity        asn1.RawValue
+	Subject         asn1.RawValue
+	PublicKey       asn1.RawValue
+	IssuerUniqueId  asn1.BitString `asn1:"optional,tag:1"`
+	SubjectUniqueId asn1.BitString `asn1:"optional,tag:2"`
+	Extensions      []Extension    `asn1:"omitempty,optional,explicit,tag:3"`
+}
+
+func NewCertExtensionInvalidDER() lint.LintInterface {
+	return &certExtensionInvalidDER{}
+}
+
+func (l *certExtensionInvalidDER) CheckApplies(c *x509.Certificate) bool {
+	// This lint applies to any kind of certificate
+	return true
+}
+
+func (l *certExtensionInvalidDER) Execute(c *x509.Certificate) *lint.LintResult {
+
+	// Re-decode certificate based on an ad-hoc target struct
+	var cert Certificate
+	_, err := asn1.Unmarshal(c.Raw, &cert)
+
+	// This should never happen
+	if err != nil {
+		return &lint.LintResult{
+			Status:  lint.Fatal,
+			Details: "Failed to decode certificate",
+		}
+	}
+
+	for _, ext := range cert.TbsCertificate.Extensions {
+		if ext.Field2.Tag == asn1.TagBoolean {
+			// This is the 'critical' flag
+			if ext.Field2.Bytes[0] == 0 {
+				// This a BOOLEAN FALSE
+				return &lint.LintResult{
+					Status:  lint.Error,
+					Details: fmt.Sprintf("The %v extension is not properly DER-encoded ('critical' must be absent when FALSE)", ext.Id),
+				}
+			}
+		}
+	}
+
+	return &lint.LintResult{Status: lint.Pass}
+}

v3/lints/rfc/lint_cert_ext_invalid_der_test.go

@@ -0,0 +1,42 @@
+/*
+ * ZLint Copyright 2024 Regents of the University of Michigan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package rfc
+
+import (
+	"testing"
+
+	"github.com/zmap/zlint/v3/lint"
+	"github.com/zmap/zlint/v3/test"
+)
+
+func TestCertExtensionInvalidDEROK(t *testing.T) {
+	// Regular certificate in proper DER encoding all over
+	inputPath := "cert_ext_invalid_der_ok_01.pem"
+	expected := lint.Pass
+	out := test.TestLint("e_cert_ext_invalid_der", inputPath)
+	if out.Status != expected {
+		t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status)
+	}
+}
+
+func TestCertExtensionInvalidDERKO(t *testing.T) {
+	// Certificate with improperly DER-encoded SAN extension
+	inputPath := "cert_ext_invalid_der_ko_01.pem"
+	expected := lint.Error
+	out := test.TestLint("e_cert_ext_invalid_der", inputPath)
+	if out.Status != expected {
+		t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status)
+	}
+}

v3/testdata/cert_ext_invalid_der_ko_01.pem

@@ -0,0 +1,100 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            7b:7f:53:2d:75:09:15:8d:0a:81:17:0f:c6:79:d4:5d
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = XX, O = Some CA, CN = Fake CA for zlint testing
+        Validity
+            Not Before: May  1 11:20:27 2024 GMT
+            Not After : May  1 11:20:27 2025 GMT
+        Subject: C = IT, ST = Some State or Province, L = Somewhere, O = Some Company Ltd., CN = example.org
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:ae:c4:6d:71:3d:45:0a:2f:39:d5:dc:9d:0b:11:
+                    9f:6e:c2:0b:26:6b:e9:1d:9e:a0:8d:51:48:7f:0f:
+                    08:63:fc:fb:01:75:68:a1:dd:fc:a5:7b:3c:c5:c2:
+                    b2:f2:15:7a:24:cd:c0:f3:d5:6b:5b:d8:97:9d:ab:
+                    01:80:05:06:07:bc:0d:89:30:2d:f7:4f:75:33:12:
+                    23:f5:35:9a:ac:bd:c4:80:1f:ba:e2:17:e8:3a:22:
+                    99:0f:14:f8:68:08:3a:fc:99:eb:67:8a:63:57:fb:
+                    de:1f:64:15:bb:25:91:ee:c2:0e:36:7a:c8:88:f5:
+                    35:09:b5:a8:83:c4:8e:32:f7:9a:c8:05:40:bb:81:
+                    6f:1f:c9:a3:b7:19:12:f4:b7:44:bb:8b:4a:51:de:
+                    05:ca:54:37:f4:7a:f2:c0:67:0f:92:0f:85:f4:b9:
+                    f3:d3:33:d1:54:f5:9f:5f:77:f6:ee:48:1b:57:d9:
+                    fa:ac:5a:28:3d:fe:32:a3:37:1f:3e:29:10:f1:72:
+                    24:90:19:84:cf:70:30:21:3b:bf:5b:cf:a3:f0:e1:
+                    0a:13:cd:0d:6b:b0:42:a7:e4:1a:67:71:b2:49:64:
+                    46:81:1f:d3:2e:a9:5b:f9:46:b6:7e:01:af:a7:cb:
+                    79:de:9a:f9:0c:f8:c1:a5:47:1e:a7:d7:7b:0a:82:
+                    75:91
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication, TLS Web Server Authentication
+            X509v3 Subject Key Identifier: 
+                CD:88:D5:FB:92:31:3B:17:A1:6F:DA:1F:55:D5:A1:FE:56:FE:0E:21
+            X509v3 Authority Key Identifier: 
+                keyid:E8:B6:F6:76:4B:D0:3B:E5:46:A5:F9:54:D4:7E:07:B3:DE:0D:60:3E
+
+            Authority Information Access: 
+                OCSP - URI:http://ca.someca-inc.com/ocsp
+                CA Issuers - URI:http://ca.someca-inc.com/root
+
+            X509v3 Certificate Policies: 
+                Policy: 2.23.140.1.2.2
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://ca.someca-inc.com/crl
+
+            X509v3 Subject Alternative Name: 
+                DNS:example.org
+    Signature Algorithm: sha256WithRSAEncryption
+         59:19:cf:67:22:d4:c7:d3:9f:57:bd:7c:d2:49:d0:6a:31:84:
+         fe:3c:31:09:5a:36:5c:e7:63:0c:0c:68:e0:ef:18:f9:c6:24:
+         4f:c0:55:d0:b9:c6:6a:63:5c:fc:1d:27:23:15:b1:59:2f:0c:
+         73:d1:d1:18:98:46:06:c1:05:ca:38:15:2d:26:7e:77:32:5e:
+         b6:83:72:ba:dc:33:15:54:6b:58:db:c1:a1:60:46:ec:de:8e:
+         d9:3b:00:de:6f:90:fa:c3:52:50:6d:1c:dd:46:ed:30:77:a8:
+         af:d1:b9:42:e7:2a:ff:46:9d:ca:b1:5a:b9:d3:81:13:37:4a:
+         47:7b:97:ea:15:f6:ca:9a:0b:24:31:e4:a7:6c:74:db:e5:8a:
+         7b:cf:7f:00:b6:9e:22:90:06:7f:78:f9:79:ed:71:ee:f0:f2:
+         47:18:98:6e:d7:1c:d8:74:a3:c0:84:13:3d:7e:4d:af:9d:21:
+         4f:ce:7d:a8:70:88:f6:b3:76:ca:72:ea:ff:7a:32:e0:4c:4a:
+         3a:46:4d:fe:6b:94:4e:32:28:d6:c0:c3:37:6b:20:b1:79:cd:
+         e0:ee:cc:1e:ac:e2:a9:48:ad:7a:24:14:e2:a9:16:9a:93:a0:
+         da:a6:47:81:c7:dc:7c:d4:30:e9:6a:78:ab:ee:ce:77:98:57:
+         71:1b:ed:51
+-----BEGIN CERTIFICATE-----
+MIIEezCCA2OgAwIBAgIQe39TLXUJFY0KgRcPxnnUXTANBgkqhkiG9w0BAQsFADBD
+MQswCQYDVQQGEwJYWDEQMA4GA1UEChMHU29tZSBDQTEiMCAGA1UEAxMZRmFrZSBD
+QSBmb3IgemxpbnQgdGVzdGluZzAeFw0yNDA1MDExMTIwMjdaFw0yNTA1MDExMTIw
+MjdaMHQxCzAJBgNVBAYTAklUMR8wHQYDVQQIExZTb21lIFN0YXRlIG9yIFByb3Zp
+bmNlMRIwEAYDVQQHEwlTb21ld2hlcmUxGjAYBgNVBAoTEVNvbWUgQ29tcGFueSBM
+dGQuMRQwEgYDVQQDEwtleGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAK7EbXE9RQovOdXcnQsRn27CCyZr6R2eoI1RSH8PCGP8+wF1aKHd
+/KV7PMXCsvIVeiTNwPPVa1vYl52rAYAFBge8DYkwLfdPdTMSI/U1mqy9xIAfuuIX
+6DoimQ8U+GgIOvyZ62eKY1f73h9kFbslke7CDjZ6yIj1NQm1qIPEjjL3msgFQLuB
+bx/Jo7cZEvS3RLuLSlHeBcpUN/R68sBnD5IPhfS589Mz0VT1n1939u5IG1fZ+qxa
+KD3+MqM3Hz4pEPFyJJAZhM9wMCE7v1vPo/DhChPNDWuwQqfkGmdxsklkRoEf0y6p
+W/lGtn4Br6fLed6a+Qz4waVHHqfXewqCdZECAwEAAaOCATgwggE0MA4GA1UdDwEB
+/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYE
+FM2I1fuSMTsXoW/aH1XVof5W/g4hMB8GA1UdIwQYMBaAFOi29nZL0DvlRqX5VNR+
+B7PeDWA+MGQGCCsGAQUFBwEBBFgwVjApBggrBgEFBQcwAYYdaHR0cDovL2NhLnNv
+bWVjYS1pbmMuY29tL29jc3AwKQYIKwYBBQUHMAKGHWh0dHA6Ly9jYS5zb21lY2Et
+aW5jLmNvbS9yb290MBMGA1UdIAQMMAowCAYGZ4EMAQICMC0GA1UdHwQmMCQwIqAg
+oB6GHGh0dHA6Ly9jYS5zb21lY2EtaW5jLmNvbS9jcmwwGQYDVR0RAQEABA8wDYIL
+ZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADggEBAFkZz2ci1MfTn1e9fNJJ0Gox
+hP48MQlaNlznYwwMaODvGPnGJE/AVdC5xmpjXPwdJyMVsVkvDHPR0RiYRgbBBco4
+FS0mfncyXraDcrrcMxVUa1jbwaFgRuzejtk7AN5vkPrDUlBtHN1G7TB3qK/RuULn
+Kv9GncqxWrnTgRM3Skd7l+oV9sqaCyQx5KdsdNvlinvPfwC2niKQBn94+Xntce7w
+8kcYmG7XHNh0o8CEEz1+Ta+dIU/OfahwiPazdspy6v96MuBMSjpGTf5rlE4yKNbA
+wzdrILF5zeDuzB6s4qlIrXokFOKpFpqToNqmR4HH3HzUMOlqeKvuzneYV3Eb7VE=
+-----END CERTIFICATE-----

v3/testdata/cert_ext_invalid_der_ok_01.pem

@@ -0,0 +1,100 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            89:01:de:57:1b:88:8c:65:db:bc:b2:cd:b9:dd:9c:37
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = XX, O = Some CA, CN = Fake CA for zlint testing
+        Validity
+            Not Before: May  1 11:25:59 2024 GMT
+            Not After : May  1 11:25:59 2025 GMT
+        Subject: C = IT, ST = Some State or Province, L = Somewhere, O = Some Company Ltd., CN = example.org
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:eb:66:77:b4:a3:c1:71:4c:28:a6:7c:52:e3:cd:
+                    d2:04:68:fa:cf:52:59:d5:af:7b:90:6e:7d:ce:51:
+                    d7:39:f0:f1:42:c8:8b:bc:8d:d0:7b:bb:7f:a2:e0:
+                    3f:bf:af:58:e7:c5:f4:19:d3:36:2b:ba:95:17:2e:
+                    76:bf:4f:69:71:a6:0b:0a:ea:67:fd:80:fb:7b:9d:
+                    ac:da:93:d2:96:eb:69:66:f8:cf:6c:c1:61:c4:6f:
+                    9d:6d:11:9f:68:1a:c0:ae:7d:79:60:89:f3:e0:3c:
+                    8d:6c:45:55:78:27:0b:e8:4c:81:13:72:7d:fa:f8:
+                    bd:ba:87:db:99:e2:f4:87:c1:a2:a9:3f:fc:41:e1:
+                    4e:ca:92:67:11:18:23:ae:43:e9:e8:c4:2a:d4:22:
+                    40:03:1f:46:ec:c6:07:b1:aa:a7:9e:a4:ee:90:5b:
+                    22:af:bb:87:26:0b:5a:5e:6d:be:54:5d:b8:e6:99:
+                    9e:0c:a8:aa:74:b0:db:90:65:d4:7f:23:8c:12:e7:
+                    b9:b6:57:90:3e:64:a2:ee:e0:46:79:f3:1c:97:be:
+                    1a:b3:77:5c:84:a5:5e:fd:fb:1e:0f:c6:2f:a3:0f:
+                    bf:0f:30:bd:50:0a:35:7f:65:b6:05:d9:1d:82:a3:
+                    7c:d3:e5:f6:1b:bc:50:8d:8d:b6:67:f5:bb:17:bf:
+                    7f:57
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication, TLS Web Server Authentication
+            X509v3 Subject Key Identifier: 
+                C3:B8:E3:E7:7C:A5:AE:48:78:0D:4D:82:06:D1:28:88:B5:66:BB:E7
+            X509v3 Authority Key Identifier: 
+                keyid:E8:B6:F6:76:4B:D0:3B:E5:46:A5:F9:54:D4:7E:07:B3:DE:0D:60:3E
+
+            Authority Information Access: 
+                OCSP - URI:http://ca.someca-inc.com/ocsp
+                CA Issuers - URI:http://ca.someca-inc.com/root
+
+            X509v3 Subject Alternative Name: 
+                DNS:example.org
+            X509v3 Certificate Policies: 
+                Policy: 2.23.140.1.2.2
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://ca.someca-inc.com/crl
+
+    Signature Algorithm: sha256WithRSAEncryption
+         b1:40:68:3c:5e:32:0d:40:a0:7a:28:3f:fa:83:69:e5:06:0c:
+         25:7c:2f:71:8e:06:28:ff:e2:6d:be:5c:85:e5:e6:8b:77:0e:
+         89:74:33:a0:f5:bd:b3:f5:2f:04:52:f1:08:66:75:0f:0f:78:
+         64:6d:cc:94:36:e6:97:37:40:3f:4d:f2:73:59:66:01:fd:67:
+         da:12:23:99:dc:d4:fb:f9:f3:5e:39:42:a5:c7:4c:df:43:08:
+         2b:8b:db:65:34:ad:2f:99:f8:d6:9d:3b:ef:63:16:12:54:ec:
+         21:08:b9:0a:54:6c:0b:d0:4f:a2:7d:03:51:d3:6f:1f:6b:18:
+         e7:1b:59:81:25:a0:01:a3:ec:bf:62:ff:b8:39:ef:73:3f:df:
+         5b:04:2b:a1:ab:f8:6c:2e:f7:f7:93:d7:f9:41:51:98:6e:bf:
+         7c:3d:42:4c:34:32:26:ca:5d:60:dc:0f:fa:82:0e:35:fe:78:
+         da:94:73:be:07:51:13:8d:f2:51:6f:5b:67:e2:e7:e0:37:92:
+         9c:8d:85:a2:c1:88:c2:dd:4f:83:c6:f4:ac:20:f5:e5:fb:6e:
+         4d:ac:d5:8a:5b:23:65:5b:14:40:df:cf:57:20:fd:c4:9f:04:
+         02:02:c8:71:b9:82:ef:90:b5:ea:49:f5:5f:0d:e1:e5:6b:a8:
+         f0:44:93:27
+-----BEGIN CERTIFICATE-----
+MIIEeTCCA2GgAwIBAgIRAIkB3lcbiIxl27yyzbndnDcwDQYJKoZIhvcNAQELBQAw
+QzELMAkGA1UEBhMCWFgxEDAOBgNVBAoTB1NvbWUgQ0ExIjAgBgNVBAMTGUZha2Ug
+Q0EgZm9yIHpsaW50IHRlc3RpbmcwHhcNMjQwNTAxMTEyNTU5WhcNMjUwNTAxMTEy
+NTU5WjB0MQswCQYDVQQGEwJJVDEfMB0GA1UECBMWU29tZSBTdGF0ZSBvciBQcm92
+aW5jZTESMBAGA1UEBxMJU29tZXdoZXJlMRowGAYDVQQKExFTb21lIENvbXBhbnkg
+THRkLjEUMBIGA1UEAxMLZXhhbXBsZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDrZne0o8FxTCimfFLjzdIEaPrPUlnVr3uQbn3OUdc58PFCyIu8
+jdB7u3+i4D+/r1jnxfQZ0zYrupUXLna/T2lxpgsK6mf9gPt7nazak9KW62lm+M9s
+wWHEb51tEZ9oGsCufXlgifPgPI1sRVV4JwvoTIETcn36+L26h9uZ4vSHwaKpP/xB
+4U7KkmcRGCOuQ+noxCrUIkADH0bsxgexqqeepO6QWyKvu4cmC1pebb5UXbjmmZ4M
+qKp0sNuQZdR/I4wS57m2V5A+ZKLu4EZ58xyXvhqzd1yEpV79+x4Pxi+jD78PML1Q
+CjV/ZbYF2R2Co3zT5fYbvFCNjbZn9bsXv39XAgMBAAGjggE1MIIBMTAOBgNVHQ8B
+Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQW
+BBTDuOPnfKWuSHgNTYIG0SiItWa75zAfBgNVHSMEGDAWgBTotvZ2S9A75Ual+VTU
+fgez3g1gPjBkBggrBgEFBQcBAQRYMFYwKQYIKwYBBQUHMAGGHWh0dHA6Ly9jYS5z
+b21lY2EtaW5jLmNvbS9vY3NwMCkGCCsGAQUFBzAChh1odHRwOi8vY2Euc29tZWNh
+LWluYy5jb20vcm9vdDAWBgNVHREEDzANggtleGFtcGxlLm9yZzATBgNVHSAEDDAK
+MAgGBmeBDAECAjAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8vY2Euc29tZWNhLWlu
+Yy5jb20vY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCxQGg8XjINQKB6KD/6g2nlBgwl
+fC9xjgYo/+JtvlyF5eaLdw6JdDOg9b2z9S8EUvEIZnUPD3hkbcyUNuaXN0A/TfJz
+WWYB/WfaEiOZ3NT7+fNeOUKlx0zfQwgri9tlNK0vmfjWnTvvYxYSVOwhCLkKVGwL
+0E+ifQNR028faxjnG1mBJaABo+y/Yv+4Oe9zP99bBCuhq/hsLvf3k9f5QVGYbr98
+PUJMNDImyl1g3A/6gg41/njalHO+B1ETjfJRb1tn4ufgN5KcjYWiwYjC3U+DxvSs
+IPXl+25NrNWKWyNlWxRA389XIP3EnwQCAshxuYLvkLXqSfVfDeHla6jwRJMn
+-----END CERTIFICATE-----