Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: RSA certs with PSS signatures cannot be verified #15958

Closed
lwithers opened this issue Jun 4, 2016 · 5 comments
Closed

crypto/x509: RSA certs with PSS signatures cannot be verified #15958

lwithers opened this issue Jun 4, 2016 · 5 comments
Assignees
Milestone

Comments

@lwithers
Copy link

@lwithers lwithers commented Jun 4, 2016

Attempting to verify an RSA certificate which has been signed using PSS will fail with an error x509: cannot verify signature: algorithm unimplemented.

This can be observed with this (self-signed) certificate, which can be validated with e.g. openssl verify -CAfile root.pem root.pem.

There is also a simple demonstration program at https://play.golang.org/p/bO_qiPmi9k

I have tried this with both:

go version go1.5.4 linux/amd64
go version go1.6 linux/amd64

on this machine:

GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/lwithers/y/go"
GORACE=""
GOROOT="/opt/go"
GOTOOLDIR="/opt/go/pkg/tool/linux_amd64"
GO15VENDOREXPERIMENT=""
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0"
CXX="g++"
CGO_ENABLED="1"
@quentinmit
Copy link
Contributor

@quentinmit quentinmit commented Jun 17, 2016

/cc @agl @ianlancetaylor
Should this go in 1.8? How important are RSA-PSS certificates? Are they used in the wild?

@quentinmit quentinmit added this to the Go1.8 milestone Jun 17, 2016
@lwithers
Copy link
Author

@lwithers lwithers commented Jun 17, 2016

I don't believe that any of the big-name certificate authorities are currently issuing RSA-PSS certificates, so they are likely to be quite uncommon in the wild.

However, there are some applications that use them. The certificate I attached is part of a list curated and published by the ICAO (International Civil Aviation Organisation) in what it calls the PKD (public key directory; see http://www.icao.int/security/mrtd/pages/ICAOPKD.aspx). These are basically the certificates used to verify the signatures in ePassports.

@agl agl self-assigned this Jul 5, 2016
@gopherbot
Copy link

@gopherbot gopherbot commented Jul 5, 2016

CL https://golang.org/cl/24743 mentions this issue.

@lwithers
Copy link
Author

@lwithers lwithers commented Jul 7, 2016

As requested in the CL, here is a set of test certificates, along with some tools to verify the signatures:
RSA-PSS.tar.gz

@agl
Copy link
Contributor

@agl agl commented Jul 7, 2016

Thank you very much for the test set. I've updated the CL with the following changes:

  1. Either NULL or empty parameters are accepted.
  2. The salt length in the parameters is ignored and auto-detected.
  3. The salt length when signing is now fixed at 32 bytes.

With that, all the test certificates validate.

@gopherbot gopherbot closed this in e41b0e2 Aug 18, 2016
@golang golang locked and limited conversation to collaborators Aug 18, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.