Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: RSA certs with PSS signatures cannot be verified #15958

Closed
lwithers opened this issue Jun 4, 2016 · 5 comments
Closed

crypto/x509: RSA certs with PSS signatures cannot be verified #15958

lwithers opened this issue Jun 4, 2016 · 5 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Go1.8

Comments

@lwithers
Copy link

lwithers commented Jun 4, 2016

Attempting to verify an RSA certificate which has been signed using PSS will fail with an error x509: cannot verify signature: algorithm unimplemented.

This can be observed with this (self-signed) certificate, which can be validated with e.g. openssl verify -CAfile root.pem root.pem.

There is also a simple demonstration program at https://play.golang.org/p/bO_qiPmi9k

I have tried this with both:

go version go1.5.4 linux/amd64
go version go1.6 linux/amd64

on this machine:

GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/lwithers/y/go"
GORACE=""
GOROOT="/opt/go"
GOTOOLDIR="/opt/go/pkg/tool/linux_amd64"
GO15VENDOREXPERIMENT=""
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0"
CXX="g++"
CGO_ENABLED="1"
@adg adg added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Jun 6, 2016
@quentinmit
Copy link
Contributor

/cc @agl @ianlancetaylor
Should this go in 1.8? How important are RSA-PSS certificates? Are they used in the wild?

@quentinmit quentinmit added this to the Go1.8 milestone Jun 17, 2016
@lwithers
Copy link
Author

I don't believe that any of the big-name certificate authorities are currently issuing RSA-PSS certificates, so they are likely to be quite uncommon in the wild.

However, there are some applications that use them. The certificate I attached is part of a list curated and published by the ICAO (International Civil Aviation Organisation) in what it calls the PKD (public key directory; see http://www.icao.int/security/mrtd/pages/ICAOPKD.aspx). These are basically the certificates used to verify the signatures in ePassports.

@agl agl self-assigned this Jul 5, 2016
@gopherbot
Copy link

CL https://golang.org/cl/24743 mentions this issue.

@lwithers
Copy link
Author

lwithers commented Jul 7, 2016

As requested in the CL, here is a set of test certificates, along with some tools to verify the signatures:
RSA-PSS.tar.gz

@agl
Copy link
Contributor

agl commented Jul 7, 2016

Thank you very much for the test set. I've updated the CL with the following changes:

  1. Either NULL or empty parameters are accepted.
  2. The salt length in the parameters is ignored and auto-detected.
  3. The salt length when signing is now fixed at 32 bytes.

With that, all the test certificates validate.

@golang golang locked and limited conversation to collaborators Aug 18, 2017
@rsc rsc unassigned agl Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Go1.8
Development

No branches or pull requests
5 participants
@agl @quentinmit @adg @gopherbot @lwithers