search

martinisecurity / zlint

X.509 Certificate Linter focused on Web PKI standards and requirements.
https://zmap.io
Apache License 2.0
0 stars 0 forks source link

Add ECDSA P-384 and SHA-384 to signature algorithm check #6

Open mandelj7 opened 1 year ago

mandelj7 commented 1 year ago

Both CP 1.3 and CP 1.4 allow for this value in the field. Could you expand the code to check for this value as well?

microshine commented 1 year ago

Our current implementation uses ATIS1000080.v004 rule

https://github.com/martinisecurity/zlint/blob/e20402cea85769825aa43bc8a307d3a3817991c0/v3/lints/shaken/lint_signature_algorithm.go#L13-L23

Would it be better to add a SHAKEN rule for this check and implement different checks for different CP versions?

ATIS1000080.v004

ATIS-1000080.v004  30 STI certificates shall contain a Signature Algorithm field with the value "ecdsa-with-SHA256".

CP v1.3

6.1.5 Key Sizes
CAs that generate STI certificates under this policy shall use at a minimum Elliptic Curve Digital Signature Algorithm
(ECDSA) using P-256 and SHA-256algorithm strength for generating digital signatures.

CP v1.4

6.1.5 Key Sizes
CAs that issue STI Certificates under this CP shall generate digital signatures with the Elliptic Curve Digital
Signature Algorithm (ECDSA) with Curve P-256 and SHA-256 or ECDSA with Curve P-384 and SHA-384.
microshine commented 1 year ago

ECDSA-with-SHA256 algorithm exists since CP v1.0

https://cstga.ca/wp-content/uploads/2020/11/CSTGA-Certificate-Policy-v1.0-Final-Clean.pdf

tw-secureg commented 11 months ago

note that since CP 1.2 section 1.5 was changed to "...shall use at a minimum Elliptic Curve...". this should make use of SHA-384 acceptable from CP 1.2 forward. in 1.4 it was explicitly changed again to include an OR, but the requirement seems to be the same.