#1741 ECDSA Certificates Generated by Certificate System fail NIST validation test with parameter field.
Closed: fixed 3 years ago Opened 5 years ago by dsirrine.

Recently discovered an encoding issue in ECDSA certificates.

Using a validation tool, we're seeing the following errors:

--
Certificate:
TBSCertificate:
signature:
Error: Parameters field must be absent for DSA or ECDSA.

Certificate:
signatureAlgorithm:
Error: Parameters field must be absent for DSA or ECDSA.
--

RFC 5758 says

   When the ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or
ecdsa-with-SHA512 algorithm identifier appears in the algorithm field as an
AlgorithmIdentifier, the encoding MUST omit the parameters field.  That is, the
AlgorithmIdentifier SHALL be a SEQUENCE of one component, the OID
ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or ecdsa-with-SHA512.


Digging into the encoding, in both places where the AlgID is included, we see

 679   12: . SEQUENCE {
 681    8: . . OBJECT IDENTIFIER ecdsaWithSHA256 (1 2 840 10045 4 3 2)
         : . . . (ANSI X9.62 ECDSA algorithm with SHA256)
 691    0: . . NULL
         : . . }

This means the CA, instead of omitting the field as prescribed by RFC 5758, is
including a second item that just has as its contents a NULL. This second item
should likely not be there per RFC specification.

per IRC with cfu on 04/14/2016: 10.4

determined during discussions in TPS meeting

Per Offline Triage of 11/30/2016-12/01/2016: 10.4 - major

Correction: 10.4 -> 10.3

commit 76ca6d1691e56274945b6f03760273208fafd791
Author: Christina Fu cfu@dhcp-16-189.sjc.redhat.com
Date: Fri Jan 20 16:01:17 2017 -0800

Ticket #1741 ECDSA certs Alg IDs contian parameter field
Per rfc5758, When the ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or ecdsa-with-SHA512 algorithm identifier appears in the algorithm field as an AlgorithmIdentifier, the encoding MUST omit the parameters field.
Note: Since we do not support DSA, this patch does not attempt to address them.
Also, while we do not claim to support sha224, the patch adds enough code to process the OID just for completeness.  However, it does not attempt to offer it as part of the signing algorithms.

Replying to [comment:11 cfu]:

commit 76ca6d1691e56274945b6f03760273208fafd791
Author: Christina Fu cfu@dhcp-16-189.sjc.redhat.com
Date: Fri Jan 20 16:01:17 2017 -0800

Ticket #1741 ECDSA certs Alg IDs contian parameter field
Per rfc5758, When the ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or ecdsa-with-SHA512 algorithm identifier appears in the algorithm field as an AlgorithmIdentifier, the encoding MUST omit the parameters field.
Note: Since we do not support DSA, this patch does not attempt to address them.
Also, while we do not claim to support sha224, the patch adds enough code to process the OID just for completeness.  However, it does not attempt to offer it as part of the signing algorithms.

Cherry-picked to DOGTAG_10_3_BRANCH:

  • 1e567854e643f50a7ca1f24daac0e92359eafe81

Metadata Update from @dsirrine:
- Issue assigned to cfu
- Issue set to the milestone: 10.3.10

4 years ago

Issue occurs with ECC CMC response. Reopening.

Metadata Update from @cfu:
- Custom field feature adjusted to None
- Custom field proposedmilestone adjusted to None
- Custom field proposedpriority adjusted to None
- Custom field reviewer adjusted to None
- Custom field version adjusted to None
- Issue status updated to: Open (was: Closed)

3 years ago

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.5 (was: 10.3.10)

3 years ago
3 years ago

Per 10.5.x/10.6 Triage: 10.5

Metadata Update from @mharmsen:
- Issue priority set to: critical (was: major)

3 years ago

commit 37d6e3ae5ce21d330fa52fadf461e160bd38210c
Author: Christina Fu cfu@redhat.com
Date: Tue May 15 19:06:48 2018 -0700

Ticket 1741 ECDSA Signature Algorithm encoding

This patch addresses part of the issue where params were in the AlgorithmIdentifier of the ECDSA signature algorithm. The JSS portion is addressed by https://pagure.io/jss/issue/3

Fixes https://pagure.io/dogtagpki/issue/1741

Change-Id: I5dfea6eb2ca4711da2a983382c3f6607d95f3e0d

Metadata Update from @cfu:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.5.8 (was: 10.5)

3 years ago

Metadata Update from @mharmsen:
- Custom field fixedinversion adjusted to pki-core-10.5.8-1.fc27 (was: https://koji.fedoraproject.org/koji/buildinfo?buildID=837471)

3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2299

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata