Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal: crypto/x509: expose hash algorithm for SignatureAlgorithm #33317

Closed
bodgit opened this issue Jul 27, 2019 · 12 comments
Closed

proposal: crypto/x509: expose hash algorithm for SignatureAlgorithm #33317

bodgit opened this issue Jul 27, 2019 · 12 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Projects
Proposals (old)
Milestone
Proposal

Comments

@bodgit
Copy link

bodgit commented Jul 27, 2019

What version of Go are you using (go version)?

$ go version
go version go1.12.7 darwin/amd64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/matt/Library/Caches/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/matt/Documents/work"
GOPROXY=""
GORACE=""
GOROOT="/opt/local/lib/go"
GOTMPDIR=""
GOTOOLDIR="/opt/local/lib/go/pkg/tool/darwin_amd64"
GCCGO="gccgo"
CC="/usr/bin/clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/_k/xdj1vdy51gb4pbncgvq0p03w0000gn/T/go-build134256866=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

As part of generating TLS channel bindings (RFC 5929) it is necessary to generate a hash of a given certificate using the hashing algorithm used in its SignatureAlgorithm, (with some exceptions documented in the RFC). So for example a SignatureAlgorithm of x509.SHA256WithRSA should use crypto.SHA256 to generate its tls-server-end-point channel binding type, etc.

What did you expect to see?

I was hoping to have a method on SignatureAlgorithm to return its associated crypto.Hash. This information is available in the unexported signatureAlgorithmDetails struct.

What did you see instead?

For now, I have made my own map[x509.SignatureAlgorithm]crypto.Hash but as new algorithms are added this needs to be kept in sync, (x509.PureEd25519 for example has been added to the source since 1.12.7).

I propose adding a simple method along the lines of:

func (algo SignatureAlgorithm) Hash() crypto.Hash {                                 
        for _, details := range signatureAlgorithmDetails {                         
                if details.algo == algo {                                           
                        return details.hash                                         
                }                                                                   
        }                                                                           
        return crypto.Hash(0)                                                       
}
bodgit added a commit to bodgit/go that referenced this issue Jul 27, 2019
@bodgit
crypto/x509: add SignatureAlgorithm.Hash()
4a4c23d 
Add method to return the hashing algorithm associated with a
certificates signature algorithm. This is useful when generating TLS
channel bindings as documented in RFC 5929.

Fixes golang#33317
@bodgit bodgit mentioned this issue Jul 27, 2019
Closed
@gopherbot
Copy link

Change https://golang.org/cl/187778 mentions this issue: crypto/x509: add SignatureAlgorithm.Hash()

@julieqiu
Copy link
Member

/cc @FiloSottile

@julieqiu julieqiu added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Jul 27, 2019
@odeke-em odeke-em changed the title crypto/x509: expose hash algorithm for SignatureAlgorithm proposal: crypto/x509: expose hash algorithm for SignatureAlgorithm Sep 1, 2019
@gopherbot gopherbot added this to the Proposal milestone Sep 1, 2019
@odeke-em
Copy link
Member

odeke-em commented Sep 1, 2019

Thank you for this request @bodgit and welcome to the Go project!
Thank you @julieqiu for the triage and tag.

While this request and its corresponding CL are simple and straight forward, and it follows pretty much what we did for (SignatureAlgorithm).String() https://golang.org/pkg/crypto/x509/#SignatureAlgorithm.String, I have tagged it as a proposal because it increases the API surface.

@ianlancetaylor ianlancetaylor added the Proposal-Crypto Proposal related to crypto packages or other security issues label Sep 3, 2019
@FiloSottile
Copy link
Contributor

What are we supposed to return for Ed25519? What does channel binding end up using with it?

@bodgit
Copy link
Author

bodgit commented Feb 6, 2020

This is what the RFC says:

if the certificate's signatureAlgorithm uses no hash functions or
uses multiple hash functions, then this channel binding type's
channel bindings are undefined at this time (updates to is channel
binding type may occur to address this issue if it ever arises).

So as you would be returning crypto.Hash(0) for Ed25519 that would seem to be perfectly valid.

@FiloSottile
Copy link
Contributor

IIRC tls-unique was mostly dropped following the SLOTH attacks, and is not even supported in TLS 1.3.

Would this API have any other use case than RFC 5929 channel bindings?

@bodgit
Copy link
Author

bodgit commented Mar 11, 2020

IIRC tls-unique was mostly dropped following the SLOTH attacks, and is not even supported in TLS 1.3.

I wasn't using tls-unique, only tls-server-end-point that I was required to use, which IIRC is used to guard against MITM attacks.

Would this API have any other use case than RFC 5929 channel bindings?

No idea TBH. As it stands the implementation literally just returns the associated struct member; the logic documented in the RFC for using SHA256 in place of MD5 or SHA1 remains the responsibility of the calling code, it's not part of this PR.

@ianlancetaylor ianlancetaylor added this to Incoming in Proposals (old) Feb 17, 2021
@snqk
Copy link

snqk commented Jul 7, 2021

It'd be nice to see this merged.

This would be useful in environments that implement custom TLS verification based on a Hash block list. At the moment we're just using a rudimentary strings.Contains(..., "SHA-1")

@rsc
Copy link
Contributor

rsc commented Aug 17, 2022

Adding to proposal minutes. Is this something people still need?

@rsc
Copy link
Contributor

rsc commented Aug 17, 2022

This proposal has been added to the active column of the proposals project
and will now be reviewed at the weekly proposal review meetings.
— rsc for the proposal review group

@rsc
Copy link
Contributor

rsc commented Sep 21, 2022

Based on the discussion above, this proposal seems like a likely decline.
— rsc for the proposal review group

@rsc
Copy link
Contributor

rsc commented Sep 28, 2022

No change in consensus, so declined.
— rsc for the proposal review group

@rsc rsc closed this as completed Sep 28, 2022
@golang golang locked and limited conversation to collaborators Sep 28, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Projects
No open projects
Proposals (old)
Incoming
Milestone
Proposal
Development

Successfully merging a pull request may close this issue.

crypto/x509: add SignatureAlgorithm.Hash() bodgit/go
8 participants
@rsc @bodgit @FiloSottile @ianlancetaylor @odeke-em @julieqiu @gopherbot @snqk