Support ECDSA explicit curve parameters for ICAO 9303 certificates

zmap / zlint

X.509 Certificate Linter focused on Web PKI standards and requirements.

https://zmap.io

Apache License 2.0

358 stars 109 forks source link

Support ECDSA explicit curve parameters for ICAO 9303 certificates #885

Open JBeer0911 opened 2 weeks ago

JBeer0911 commented 2 weeks ago

When i try to analyze a pem certificate with Zlint i get this error.

time="2024-10-08T08:18:42+02:00" level=fatal msg="unable to parse certificate: asn1: structure error: tags don't match (6 vs {class:0 tag:16 length:320 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue: tag: stringType:0 timeType:0 set:false omitEmpty:false} ObjectIdentifier @4"

Someone can help me??

thanks in advance.

JBeer0911 commented 2 weeks ago

Hi again: We saw that erroneous certificate has explicit elliptic curve parameters: wrongCertificate vs successfull certificate, that has named elliptic curve parameters: successfulCertificate

The erroneous certificates can`t be parser by java standard security provider. If we try it, we obtain: java.security.cert.CertificateParsingException: java.io.IOException: Only named ECParameters supported at sun.security.x509.X509CertInfo.(Unknown Source)

In the other hand OpenSSL and Bouncy Castle Security provider parse both certificates.

I wish this info helps. Thanks again.

mcpherrinm commented 2 weeks ago

Explicit curve parameters aren’t supported by the Golang x509 parser. RFC 5280 also doesn’t allow them.

I think it is unlikely Zlint will add support for them.

Is there a reason you are using explicit curve parameters?

JBeer0911 commented 2 weeks ago

Hi, explicit curve parameters are a client requirement.

Thanks by your fast answer. Best regards, JB.

mcpherrinm commented 2 weeks ago

Can you expand on that any further? This is an effectively obsolete and unsupported feature, so I think it would be a big change to support it. Is there some ecosystem that uses this, and if so, why?

mduran65 commented 2 weeks ago

The use case is to validate the certificate profiles used for signature processes included in ICAO 9303 - PKI for eMRTDS. 9303_p12_cons_es.pdf

mcpherrinm commented 2 weeks ago

thanks. For my own reference, that document is available in English at https://www.icao.int/publications/Documents/9303_p12_cons_en.pdf

Specifically:

Those issuing States or organizations implementing ECDSA for signature generation or verification SHALL use [X9.62] or [ISO/IEC 15946]. The elliptic curve domain parameters used to generate the ECDSA key pair MUST be described explicitly in the parameters of the public key, i.e. parameters MUST be of type ECParameters (no named curves, no implicit parameters) and MUST include the optional co-factor. ECPoints MUST be in uncompressed format.

mcpherrinm commented 2 weeks ago

I've renamed the ticket to more accurately describe the issue at hand.

JBeer0911 commented 2 weeks ago

It's better so!

Thanks again

zakird commented 2 weeks ago

At some point, we're going to likely have our own more flexible ASN.1 parser (@dadrian is hacking on), but, for the time being, I think this is going to fall out of scope since the certificates violate 5280.