1
0
mirror of https://github.com/golang/go synced 2024-11-20 09:34:52 -07:00

crypto/x509: get hash information from signatureAlgorithmDetails and check that it matches

signatureAlgorithmDetails already knows the hash function for each
signature algorithm so there's no point in duplicating that. Also, check
that the public key type of the signature algorithm actually matches the
given public key.

Change-Id: I7aab4ea71691fb815d67ba790b721ce02de11b85
Reviewed-on: https://go-review.googlesource.com/57211
Reviewed-by: Adam Langley <agl@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
This commit is contained in:
Adam Langley 2017-08-18 13:51:07 -07:00
parent 0f9a2cf2c4
commit 083ad28622
2 changed files with 46 additions and 12 deletions

View File

@ -836,24 +836,28 @@ func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature
return checkSignature(algo, signed, signature, c.PublicKey)
}
func signaturePublicKeyAlgoMismatchError(expectedPubKeyAlgo PublicKeyAlgorithm, pubKey interface{}) error {
return fmt.Errorf("x509: signature algorithm specifies an %s public key, but have public key of type %T", expectedPubKeyAlgo.String(), pubKey)
}
// CheckSignature verifies that signature is a valid signature over signed from
// a crypto.PublicKey.
func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey crypto.PublicKey) (err error) {
var hashType crypto.Hash
var pubKeyAlgo PublicKeyAlgorithm
switch algo {
case SHA1WithRSA, DSAWithSHA1, ECDSAWithSHA1:
hashType = crypto.SHA1
case SHA256WithRSA, SHA256WithRSAPSS, DSAWithSHA256, ECDSAWithSHA256:
hashType = crypto.SHA256
case SHA384WithRSA, SHA384WithRSAPSS, ECDSAWithSHA384:
hashType = crypto.SHA384
case SHA512WithRSA, SHA512WithRSAPSS, ECDSAWithSHA512:
hashType = crypto.SHA512
case MD2WithRSA, MD5WithRSA:
return InsecureAlgorithmError(algo)
default:
for _, details := range signatureAlgorithmDetails {
if details.algo == algo {
hashType = details.hash
pubKeyAlgo = details.pubKeyAlgo
}
}
switch hashType {
case crypto.Hash(0):
return ErrUnsupportedAlgorithm
case crypto.MD5:
return InsecureAlgorithmError(algo)
}
if !hashType.Available() {
@ -866,12 +870,18 @@ func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey
switch pub := publicKey.(type) {
case *rsa.PublicKey:
if pubKeyAlgo != RSA {
return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub)
}
if algo.isRSAPSS() {
return rsa.VerifyPSS(pub, hashType, digest, signature, &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash})
} else {
return rsa.VerifyPKCS1v15(pub, hashType, digest, signature)
}
case *dsa.PublicKey:
if pubKeyAlgo != DSA {
return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub)
}
dsaSig := new(dsaSignature)
if rest, err := asn1.Unmarshal(signature, dsaSig); err != nil {
return err
@ -886,6 +896,9 @@ func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey
}
return
case *ecdsa.PublicKey:
if pubKeyAlgo != ECDSA {
return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub)
}
ecdsaSig := new(ecdsaSignature)
if rest, err := asn1.Unmarshal(signature, ecdsaSig); err != nil {
return err

View File

@ -288,6 +288,27 @@ func TestCertificateParse(t *testing.T) {
}
}
func TestMismatchedSignatureAlgorithm(t *testing.T) {
der, _ := pem.Decode([]byte(rsaPSSSelfSignedPEM))
if der == nil {
t.Fatal("Failed to find PEM block")
}
cert, err := ParseCertificate(der.Bytes)
if err != nil {
t.Fatal(err)
}
if err = cert.CheckSignature(ECDSAWithSHA256, nil, nil); err == nil {
t.Fatal("CheckSignature unexpectedly return no error")
}
const expectedSubstring = " but have public key of type "
if !strings.Contains(err.Error(), expectedSubstring) {
t.Errorf("Expected error containing %q, but got %q", expectedSubstring, err)
}
}
var certBytes = "308203223082028ba00302010202106edf0d9499fd4533dd1297fc42a93be1300d06092a864886" +
"f70d0101050500304c310b3009060355040613025a4131253023060355040a131c546861777465" +
"20436f6e73756c74696e67202850747929204c74642e311630140603550403130d546861777465" +