View Issue Details

IDProjectCategoryView StatusLast Update
0001255Main CAcert Websitecertificate issuingpublic2014-06-29 10:20
ReporterINOPIAE Assigned Towytze  
PriorityimmediateSeverityblockReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2014 Q1 
Target Version2014 Q1Fixed in Version2014 Q1 
Summary0001255: DSA certificate issuing ignores key strength
DescriptionThe problem is that there is no check for the key stregth when signing with a DSA key. So any key strength can be used. The police requires a minimum of at least 1024 bit.
Additional Informationsee also http://www.golem.de/news/diffie-hellman-unsinnige-krypto-parameter-1403-104970.html
TagsNo tags attached.
Reviewed byNEOatNHNG, BenBE
Test Instructions

Relationships

related to 0000918 closedNEOatNHNG Weak keys in certificates 
related to 0000954 closedTed script to bulk revoke weak keys 
related to 0000964 closed VBscript, Weak Keys script 4.php, 17.php to combine / select box key size and lower limit to 2048 

Activities

NEOatNHNG

2014-03-07 14:50

administrator   ~0004617

Our policy doesn't require a minimum key length. To the contrary it says in https://www.cacert.org/policy/CertificationPracticeStatement.php#p4.3.1 that members may request certificates for keys of any size. It writes that only RSA is supported though.

CAB forum baseline requirements https://cabforum.org/wp-content/uploads/Baseline_Requirements_V1_1_6.pdf on the other hand prescribes some restrictions.

Additionally one should take into account that DSA is completely compromised if bad random generators are used (not only for key generation but also for normal signatures)

I would go for a) forbid DSA completely, which is a bit inflexible if ever a problem in major RSA implementations is found but would match our CPS or b) put up a warning screen when trying to issue a DSA certificate, but allow it when acknowledging the warning.

MartinGummi

2014-03-07 22:35

updater   ~0004618

Last edited: 2014-03-09 09:55

View 10 revisions

test before patch

legend

bold == unacceptable
done == sign by signer
fail == sign failed by signer

Signing Certificate bf-1255-org-server-class1-dsa-512 ...	done
Signing Certificate bf-1255-org-server-class1-dsa-768 ...	done
Signing Certificate bf-1255-org-server-class1-dsa-1024 ...	done
Signing Certificate bf-1255-org-server-class1-dsa-1536 ...	done
Signing Certificate bf-1255-org-server-class1-dsa-2047 ...	done
Signing Certificate bf-1255-org-server-class1-dsa-2048 ...	fail
Signing Certificate bf-1255-org-server-class1-dsa-3072 ...	fail
Signing Certificate bf-1255-org-server-class1-dsa-4096 ...	fail
Signing Certificate bf-1255-org-server-class1-dsa-8192 ...	fail
Signing Certificate bf-1255-org-server-class1-ec-c2pnb163v1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-c2pnb163v2 ...	done
Signing Certificate bf-1255-org-server-class1-ec-c2pnb163v3 ...	done
Signing Certificate bf-1255-org-server-class1-ec-c2pnb176v1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-c2pnb208w1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-c2pnb272w1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-c2pnb304w1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-c2pnb368w1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-c2tnb191v1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-c2tnb191v2 ...	done
Signing Certificate bf-1255-org-server-class1-ec-c2tnb191v3 ...	done
Signing Certificate bf-1255-org-server-class1-ec-c2tnb239v1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-c2tnb239v2 ...	done
Signing Certificate bf-1255-org-server-class1-ec-c2tnb239v3 ...	done
Signing Certificate bf-1255-org-server-class1-ec-c2tnb359v1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-c2tnb431r1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-prime192v1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-prime192v2 ...	done
Signing Certificate bf-1255-org-server-class1-ec-prime192v3 ...	done
Signing Certificate bf-1255-org-server-class1-ec-prime239v1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-prime239v2 ...	done
Signing Certificate bf-1255-org-server-class1-ec-prime239v3 ...	done
Signing Certificate bf-1255-org-server-class1-ec-prime256v1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-secp224r1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-secp384r1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-secp521r1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-sect163k1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-sect163r2 ...	done
Signing Certificate bf-1255-org-server-class1-ec-sect233k1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-sect233r1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-sect283k1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-sect283r1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-sect409k1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-sect409r1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-sect571k1 ...	done
Signing Certificate bf-1255-org-server-class1-ec-sect571r1 ...	done
Signing Certificate bf-1255-org-server-class1-rsa-512 ...	fail
Signing Certificate bf-1255-org-server-class1-rsa-768 ...	fail
Signing Certificate bf-1255-org-server-class1-rsa-1024 ...	fail
Signing Certificate bf-1255-org-server-class1-rsa-1536 ...	fail
Signing Certificate bf-1255-org-server-class1-rsa-2047 ...	fail
Signing Certificate bf-1255-org-server-class1-rsa-2048 ...	done
Signing Certificate bf-1255-org-server-class1-rsa-4096 ...	done
Signing Certificate bf-1255-org-server-class1-rsa-8192 ...	done


done in 15m10.334s


=> fail

Eva

2014-03-08 09:27

updater   ~0004619

Pre-Patch Test

Client-Certs
------------
RSA
512, 1024, 2047 not accepted
2048, 4096 created
-> ok

DSA
512, 1024, 2047 created
2048, 4096 pending

EC
prime192v1 created

Server-Certs
------------
RSA
512, 1024, 2047 not accepted
2048, 4096 created

DSA
512, 1024, 2047 created
2048, 4096 pending

EC
prime192v1 created

Org-certs
---------
RSA
512, 1024, 2047 not accepted
2048, 4096 created

DSA
512, 1024, 2047 created
2048, 4096 pending

EC
prime192v1 created

From my point of view one should test more ECs, but I just do not have a lot of time, currently.

NEOatNHNG

2014-03-09 03:09

administrator   ~0004620

Implemented a patch and put it on the test server. Please test and review.

MartinGummi

2014-03-09 09:09

updater   ~0004621

Last edited: 2014-03-09 09:56

View 6 revisions

test after patch

legend

bold == unacceptable
done == sign by signer
fail == sign failed by signer

Signing Certificate af-1255-org-server-class1-dsa-512 ...	fail
Signing Certificate af-1255-org-server-class1-dsa-768 ...	fail
Signing Certificate af-1255-org-server-class1-dsa-1024 ...	fail
Signing Certificate af-1255-org-server-class1-dsa-1536 ...	fail
Signing Certificate af-1255-org-server-class1-dsa-2047 ...	fail
Signing Certificate af-1255-org-server-class1-dsa-2048 ...	fail
Signing Certificate af-1255-org-server-class1-dsa-3072 ...	fail
Signing Certificate af-1255-org-server-class1-dsa-4096 ...	fail
Signing Certificate af-1255-org-server-class1-dsa-8192 ...	fail
Signing Certificate af-1255-org-server-class1-ec-c2pnb163v1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-c2pnb163v2 ...	fail
Signing Certificate af-1255-org-server-class1-ec-c2pnb163v3 ...	fail
Signing Certificate af-1255-org-server-class1-ec-c2pnb176v1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-c2pnb208w1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-c2pnb272w1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-c2pnb304w1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-c2pnb368w1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-c2tnb191v1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-c2tnb191v2 ...	fail
Signing Certificate af-1255-org-server-class1-ec-c2tnb191v3 ...	fail
Signing Certificate af-1255-org-server-class1-ec-c2tnb239v1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-c2tnb239v2 ...	fail
Signing Certificate af-1255-org-server-class1-ec-c2tnb239v3 ...	fail
Signing Certificate af-1255-org-server-class1-ec-c2tnb359v1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-c2tnb431r1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-prime192v1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-prime192v2 ...	fail
Signing Certificate af-1255-org-server-class1-ec-prime192v3 ...	fail
Signing Certificate af-1255-org-server-class1-ec-prime239v1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-prime239v2 ...	fail
Signing Certificate af-1255-org-server-class1-ec-prime239v3 ...	fail
Signing Certificate af-1255-org-server-class1-ec-prime256v1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-secp224r1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-secp384r1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-secp521r1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-sect163k1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-sect163r2 ...	fail
Signing Certificate af-1255-org-server-class1-ec-sect233k1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-sect233r1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-sect283k1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-sect283r1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-sect409k1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-sect409r1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-sect571k1 ...	fail
Signing Certificate af-1255-org-server-class1-ec-sect571r1 ...	fail
Signing Certificate af-1255-org-server-class1-rsa-512 ...	fail
Signing Certificate af-1255-org-server-class1-rsa-768 ...	fail
Signing Certificate af-1255-org-server-class1-rsa-1024 ...	fail
Signing Certificate af-1255-org-server-class1-rsa-1536 ...	fail
Signing Certificate af-1255-org-server-class1-rsa-2047 ...	fail
Signing Certificate af-1255-org-server-class1-rsa-2048 ...	done
Signing Certificate af-1255-org-server-class1-rsa-4096 ...	done
Signing Certificate af-1255-org-server-class1-rsa-8192 ...	done


done in 1m49.300s

=> OK

INOPIAE

2014-03-09 09:58

updater   ~0004623

Please review as there are at least two successful tests.

BenBE

2014-03-09 19:36

updater   ~0004624

Modifications to initial draft of the patch accepted, which slipped by when the initial sketch of the patch was written. Restructuring to cause fall-through to the end of the function being considered failure of key verification are okay and enhance readability. Complete rejection of DSA (explicit, even though implemented) and ECDSA (implicit) is in accordance with policy/CPS as well as decision of the responsible software assessors due to time constraints to get this initial fix out. Further adjustments as well as refinements to allow more types of keys as well as more specific checks for the key material can follow. The aim for this patch was to resolve the issue at hand when handling certificate signing requests.

2nd review OK. Good to go!

wytze

2014-03-10 17:05

developer   ~0004625

The patch has been installed on the production server on March 10, 2014. See also: https://lists.cacert.org/wws/arc/cacert-systemlog/2014-03/msg00002.html and https://lists.cacert.org/wws/arc/cacert-systemlog/2014-03/msg00003.html

Issue History

Date Modified Username Field Change
2014-03-07 12:33 INOPIAE New Issue
2014-03-07 12:34 INOPIAE Relationship added related to 0000918
2014-03-07 12:35 INOPIAE Relationship added related to 0000954
2014-03-07 12:35 INOPIAE Relationship added related to 0000964
2014-03-07 14:50 NEOatNHNG Note Added: 0004617
2014-03-07 22:35 MartinGummi Note Added: 0004618
2014-03-07 23:08 MartinGummi Note Edited: 0004618 View Revisions
2014-03-07 23:08 MartinGummi Note Edited: 0004618 View Revisions
2014-03-07 23:09 MartinGummi Note Edited: 0004618 View Revisions
2014-03-07 23:12 MartinGummi Note Edited: 0004618 View Revisions
2014-03-07 23:18 MartinGummi Note Edited: 0004618 View Revisions
2014-03-07 23:18 MartinGummi Note Edited: 0004618 View Revisions
2014-03-07 23:20 MartinGummi Note Edited: 0004618 View Revisions
2014-03-07 23:21 MartinGummi Note Edited: 0004618 View Revisions
2014-03-07 23:21 MartinGummi Note View State: 0004618: private
2014-03-08 09:27 Eva Note Added: 0004619
2014-03-09 03:05 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 03497bc8
2014-03-09 03:05 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 2ea7e322
2014-03-09 03:05 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable f8a00d63
2014-03-09 03:05 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 91f4bf72
2014-03-09 03:05 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 7b251cbd
2014-03-09 03:09 NEOatNHNG Reviewed by => NEOatNHNG
2014-03-09 03:09 NEOatNHNG Note Added: 0004620
2014-03-09 03:09 NEOatNHNG Status new => needs review & testing
2014-03-09 03:09 NEOatNHNG View Status private => public
2014-03-09 09:09 MartinGummi Note Added: 0004621
2014-03-09 09:10 MartinGummi Note Edited: 0004621 View Revisions
2014-03-09 09:11 MartinGummi Note Edited: 0004621 View Revisions
2014-03-09 09:13 MartinGummi Note Edited: 0004621 View Revisions
2014-03-09 09:13 MartinGummi Note Edited: 0004621 View Revisions
2014-03-09 09:55 MartinGummi Note Edited: 0004618 View Revisions
2014-03-09 09:56 MartinGummi Note Edited: 0004621 View Revisions
2014-03-09 09:58 INOPIAE Note Added: 0004623
2014-03-09 09:58 INOPIAE Assigned To => BenBE
2014-03-09 09:58 INOPIAE Status needs review & testing => needs review
2014-03-09 19:36 BenBE Reviewed by NEOatNHNG => NEOatNHNG, BenBE
2014-03-09 19:36 BenBE Note Added: 0004624
2014-03-09 19:36 BenBE Assigned To BenBE => wytze
2014-03-09 19:36 BenBE Status needs review => ready to deploy
2014-03-09 22:05 BenBE Source_changeset_attached => cacert-devel release 43882c78
2014-03-10 17:05 wytze Note Added: 0004625
2014-03-10 17:05 wytze Status ready to deploy => solved?
2014-03-10 17:05 wytze Fixed in Version => 2014 Q1
2014-03-10 17:05 wytze Resolution open => fixed
2014-03-11 22:59 MartinGummi Note View State: 0004618: public
2014-06-29 10:20 INOPIAE Status solved? => closed