Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lint for Mozilla PKI Policy for ECDSA encoding requirements #358

Closed
cpu opened this issue Jan 15, 2020 · 1 comment
Closed

Lint for Mozilla PKI Policy for ECDSA encoding requirements #358

cpu opened this issue Jan 15, 2020 · 1 comment
Labels
new-lint

Comments

@cpu
Copy link
Member

cpu commented Jan 15, 2020

See https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md#512-ecdsa

When ECDSA keys are encoded in a SubjectPublicKeyInfo structure, the algorithm field MUST be one of the following, as specified by RFC 5480, Section 2.1.1:

The encoded AlgorithmIdentifier for a P-256 key MUST match the following hex-encoded bytes: > 301306072a8648ce3d020106082a8648ce3d030107.

The encoded AlgorithmIdentifier for a P-384 key MUST match the following hex-encoded bytes: > 301006072a8648ce3d020106052b81040022.

The above encodings consist of an ecPublicKey OID (1.2.840.10045.2.1) with a named curve parameter of the correponding curve OID. Certificates MUST NOT use the implicit or specified curve forms.

When a root or intermediate certificate's ECDSA key is used to produce a signature, only the following algorithms may be used, and with the following encoding requirements:

If the signing key is P-256, the signature MUST use ECDSA with SHA-256. The encoded AlgorithmIdentifier MUST match the following hex-encoded bytes: 300a06082a8648ce3d040302.

If the signing key is P-384, the signature MUST use ECDSA with SHA-384. The encoded AlgorithmIdentifier MUST match the following hex-encoded bytes: 300a06082a8648ce3d040303.

The above encodings consist of the corresponding OID with the parameters field omitted, as specified by RFC 5758, Section 3.2. Certificates MUST NOT include a NULL parameter. Note this differs from RSASSA-PKCS1-v1_5, which includes an explicit NULL.
@cpu cpu added the new-lint label Jan 15, 2020
@cpu cpu mentioned this issue Jan 15, 2020
Open
13 tasks
mtgag pushed a commit to mtgag/zlint that referenced this issue Feb 4, 2020
Implementation of zmap#355 and zmap#358
2ccc3a8
@mtgag mtgag mentioned this issue Feb 4, 2020
Merged
cpu pushed a commit that referenced this issue May 11, 2020
@mtgag
lints: enforce Mozilla PKI policy for ECDSA pubkey/sig alg curves/enc…
3bf4bbf 
…oding. (#378)

`e_mp_ecdsa_pub_key_encoding_correct`, enforces certificate ECDSA public key
algorithm identifiers are a byte-for-byte match to the required values from
Section 5.1.2 of the Mozilla root store policy or a `lint.Error` level finding
is returned. The `e_mp_ecdsa_signature_encoding_correct` lint applies similar
checks to certificate ECDSA signature algorithm identifiers. Both lints
require that the ECDSA curve in use be one of P-256 or P-384, per Moz.
policy.

To help implement the new lints (and to simplify one existing lint), a new
utility function `util.GetPublicKeyAidEncoded` is added. This function returns
the encoded tag/length ASN.1 bytes of a certificate's `SubjectPublicKeyInfo`
sequence's algorithm field (or an error if the field can not be extracted).

Resolves #355, #358
@cpu
Copy link
Member Author

cpu commented May 11, 2020
edited
Loading

Resolved by #378

@cpu cpu closed this as completed May 11, 2020
@clintwilson clintwilson mentioned this issue Jul 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new-lint
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cpu