Recently discovered an encoding issue in ECDSA certificates.
Using a validation tool, we're seeing the following errors:
-- Certificate: TBSCertificate: signature: Error: Parameters field must be absent for DSA or ECDSA. Certificate: signatureAlgorithm: Error: Parameters field must be absent for DSA or ECDSA. --
RFC 5758 says
When the ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or ecdsa-with-SHA512 algorithm identifier appears in the algorithm field as an AlgorithmIdentifier, the encoding MUST omit the parameters field. That is, the AlgorithmIdentifier SHALL be a SEQUENCE of one component, the OID ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or ecdsa-with-SHA512. Digging into the encoding, in both places where the AlgID is included, we see 679 12: . SEQUENCE { 681 8: . . OBJECT IDENTIFIER ecdsaWithSHA256 (1 2 840 10045 4 3 2) : . . . (ANSI X9.62 ECDSA algorithm with SHA256) 691 0: . . NULL : . . } This means the CA, instead of omitting the field as prescribed by RFC 5758, is including a second item that just has as its contents a NULL. This second item should likely not be there per RFC specification.
per IRC with cfu on 04/14/2016: 10.4
determined during discussions in TPS meeting
Per Offline Triage of 11/30/2016-12/01/2016: 10.4 - major
Correction: 10.4 -> 10.3
commit 76ca6d1691e56274945b6f03760273208fafd791 Author: Christina Fu cfu@dhcp-16-189.sjc.redhat.com Date: Fri Jan 20 16:01:17 2017 -0800
Ticket #1741 ECDSA certs Alg IDs contian parameter field Per rfc5758, When the ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or ecdsa-with-SHA512 algorithm identifier appears in the algorithm field as an AlgorithmIdentifier, the encoding MUST omit the parameters field. Note: Since we do not support DSA, this patch does not attempt to address them. Also, while we do not claim to support sha224, the patch adds enough code to process the OID just for completeness. However, it does not attempt to offer it as part of the signing algorithms.
Replying to [comment:11 cfu]:
commit 76ca6d1691e56274945b6f03760273208fafd791 Author: Christina Fu cfu@dhcp-16-189.sjc.redhat.com Date: Fri Jan 20 16:01:17 2017 -0800 Ticket #1741 ECDSA certs Alg IDs contian parameter field Per rfc5758, When the ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or ecdsa-with-SHA512 algorithm identifier appears in the algorithm field as an AlgorithmIdentifier, the encoding MUST omit the parameters field. Note: Since we do not support DSA, this patch does not attempt to address them. Also, while we do not claim to support sha224, the patch adds enough code to process the OID just for completeness. However, it does not attempt to offer it as part of the signing algorithms.
Cherry-picked to DOGTAG_10_3_BRANCH:
Metadata Update from @dsirrine: - Issue assigned to cfu - Issue set to the milestone: 10.3.10
Issue occurs with ECC CMC response. Reopening.
Metadata Update from @cfu: - Custom field feature adjusted to None - Custom field proposedmilestone adjusted to None - Custom field proposedpriority adjusted to None - Custom field reviewer adjusted to None - Custom field version adjusted to None - Issue status updated to: Open (was: Closed)
Metadata Update from @mharmsen: - Issue set to the milestone: 10.5 (was: 10.3.10)
Metadata Update from @mharmsen: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1547802 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1222557)
Per 10.5.x/10.6 Triage: 10.5
Metadata Update from @mharmsen: - Issue priority set to: critical (was: major)
https://review.gerrithub.io/#/c/dogtagpki/pki/+/411346/
also see: https://pagure.io/jss/issue/3
commit 37d6e3ae5ce21d330fa52fadf461e160bd38210c Author: Christina Fu cfu@redhat.com Date: Tue May 15 19:06:48 2018 -0700
Ticket 1741 ECDSA Signature Algorithm encoding This patch addresses part of the issue where params were in the AlgorithmIdentifier of the ECDSA signature algorithm. The JSS portion is addressed by https://pagure.io/jss/issue/3 Fixes https://pagure.io/dogtagpki/issue/1741 Change-Id: I5dfea6eb2ca4711da2a983382c3f6607d95f3e0d
Metadata Update from @cfu: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @mharmsen: - Issue set to the milestone: 10.5.8 (was: 10.5)
Metadata Update from @mharmsen: - Custom field fixedinversion adjusted to pki-core-10.5.8-1.fc27 (was: https://koji.fedoraproject.org/koji/buildinfo?buildID=837471)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2299
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.