Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-8254

Check and possibly fix public key AlgorithmIdentifier parameters when issuing certificates

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 7.2.0
    • Component/s: None
    • Labels:
      None
    • Issue discovered during:
      Customer
    • Sprint:
      EJBCA Team Bob - 2019 w21

      Description

      Encoding of the public key in the SubjectPublicKeyInfo field is defined in RFC3279.

      // SubjectPublicKeyInfo ::= SEQUENCE

      { // algorithm AlgorithmIdentifier, // subjectPublicKey BIT STRING }

      //
      // AlgorithmIdentifier ::= SEQUENCE

      { // algorithm OBJECT IDENTIFIER, // parameters ANY DEFINED BY algorithm OPTIONAL }

      //
      // RFC3279 section 2.3.1 (null is not ok):
      // The rsaEncryption OID is intended to be used in the algorithm field
      // of a value of type AlgorithmIdentifier. The parameters field MUST
      // have ASN.1 type NULL for this algorithm identifier.
      //
      // RFC3279 section 2.3.2 (null is ok):
      // The id-dsa algorithm syntax includes optional domain parameters.
      // These parameters are commonly referred to as p, q, and g. When
      // omitted, the parameters component MUST be omitted entirely. That is,
      // the AlgorithmIdentifier MUST be a SEQUENCE of one component: the
      // OBJECT IDENTIFIER id-dsa.
      //
      // RFC3279 section 2.3.5 (null is not ok):
      // EcpkParameters ::= CHOICE

      { // ecParameters ECParameters, // namedCurve OBJECT IDENTIFIER, // implicitlyCA NULL }

      // When the parameters are inherited, the parameters field SHALL contain
      // implictlyCA, which is the ASN.1 value NULL.

       

      Some client software has been known to generate CSRs with RSA keys where the parameters are missing (which is not invalid ASN.1 encoding, but violates RFC5280/RFC3279).

      We should test for this andfill in AlgorithmIdentifier parameters for RSA keys where this is missing. According to RFC 3279 we need to add DERNull
      instead of just leaving out the AlgorithmID parameters. The params are not used but must be ASN.1 encoded correctly in order to comply with RFC5280.

      The same goes for EC keys, but there parameters are an absolute must, so a public key without it would not be useful. We can check for this and reject invalid ones in any case.

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tomas Tomas Gustavsson
              Reporter:
              tomas Tomas Gustavsson
              Verified by:
              Samuel Lidén Borell
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 3 hours Original Estimate - 3 hours
                  3h
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 5 hours
                  5h