0001255: DSA certificate issuing ignores key strength

ID	Project	Category	View Status	Date Submitted	Last Update

0001255	Main CAcert Website	certificate issuing	public	2014-03-07 12:33	2014-06-29 10:20

Reporter	INOPIAE	Assigned To	wytze
Priority	immediate	Severity	block	Reproducibility	have not tried
Status	closed	Resolution	fixed
Product Version	2014 Q1
Target Version	2014 Q1	Fixed in Version	2014 Q1

Summary	0001255: DSA certificate issuing ignores key strength
Description	The problem is that there is no check for the key stregth when signing with a DSA key. So any key strength can be used. The police requires a minimum of at least 1024 bit.
Additional Information	see also http://www.golem.de/news/diffie-hellman-unsinnige-krypto-parameter-1403-104970.html
Tags	No tags attached.

Reviewed by	NEOatNHNG, BenBE
Test Instructions

NEOatNHNG 2014-03-07 14:50 administrator ~0004617	Our policy doesn't require a minimum key length. To the contrary it says in https://www.cacert.org/policy/CertificationPracticeStatement.php#p4.3.1 that members may request certificates for keys of any size. It writes that only RSA is supported though. CAB forum baseline requirements https://cabforum.org/wp-content/uploads/Baseline_Requirements_V1_1_6.pdf on the other hand prescribes some restrictions. Additionally one should take into account that DSA is completely compromised if bad random generators are used (not only for key generation but also for normal signatures) I would go for a) forbid DSA completely, which is a bit inflexible if ever a problem in major RSA implementations is found but would match our CPS or b) put up a warning screen when trying to issue a DSA certificate, but allow it when acknowledging the warning.

MartinGummi 2014-03-07 22:35 updater ~0004618 Last edited: 2014-03-09 09:55	test before patch legend bold == unacceptable done == sign by signer fail == sign failed by signer Signing Certificate bf-1255-org-server-class1-dsa-512 ... done Signing Certificate bf-1255-org-server-class1-dsa-768 ... done Signing Certificate bf-1255-org-server-class1-dsa-1024 ... done Signing Certificate bf-1255-org-server-class1-dsa-1536 ... done Signing Certificate bf-1255-org-server-class1-dsa-2047 ... done Signing Certificate bf-1255-org-server-class1-dsa-2048 ... fail Signing Certificate bf-1255-org-server-class1-dsa-3072 ... fail Signing Certificate bf-1255-org-server-class1-dsa-4096 ... fail Signing Certificate bf-1255-org-server-class1-dsa-8192 ... fail Signing Certificate bf-1255-org-server-class1-ec-c2pnb163v1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2pnb163v2 ... done Signing Certificate bf-1255-org-server-class1-ec-c2pnb163v3 ... done Signing Certificate bf-1255-org-server-class1-ec-c2pnb176v1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2pnb208w1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2pnb272w1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2pnb304w1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2pnb368w1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2tnb191v1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2tnb191v2 ... done Signing Certificate bf-1255-org-server-class1-ec-c2tnb191v3 ... done Signing Certificate bf-1255-org-server-class1-ec-c2tnb239v1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2tnb239v2 ... done Signing Certificate bf-1255-org-server-class1-ec-c2tnb239v3 ... done Signing Certificate bf-1255-org-server-class1-ec-c2tnb359v1 ... done Signing Certificate bf-1255-org-server-class1-ec-c2tnb431r1 ... done Signing Certificate bf-1255-org-server-class1-ec-prime192v1 ... done Signing Certificate bf-1255-org-server-class1-ec-prime192v2 ... done Signing Certificate bf-1255-org-server-class1-ec-prime192v3 ... done Signing Certificate bf-1255-org-server-class1-ec-prime239v1 ... done Signing Certificate bf-1255-org-server-class1-ec-prime239v2 ... done Signing Certificate bf-1255-org-server-class1-ec-prime239v3 ... done Signing Certificate bf-1255-org-server-class1-ec-prime256v1 ... done Signing Certificate bf-1255-org-server-class1-ec-secp224r1 ... done Signing Certificate bf-1255-org-server-class1-ec-secp384r1 ... done Signing Certificate bf-1255-org-server-class1-ec-secp521r1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect163k1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect163r2 ... done Signing Certificate bf-1255-org-server-class1-ec-sect233k1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect233r1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect283k1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect283r1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect409k1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect409r1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect571k1 ... done Signing Certificate bf-1255-org-server-class1-ec-sect571r1 ... done Signing Certificate bf-1255-org-server-class1-rsa-512 ... fail Signing Certificate bf-1255-org-server-class1-rsa-768 ... fail Signing Certificate bf-1255-org-server-class1-rsa-1024 ... fail Signing Certificate bf-1255-org-server-class1-rsa-1536 ... fail Signing Certificate bf-1255-org-server-class1-rsa-2047 ... fail Signing Certificate bf-1255-org-server-class1-rsa-2048 ... done Signing Certificate bf-1255-org-server-class1-rsa-4096 ... done Signing Certificate bf-1255-org-server-class1-rsa-8192 ... done done in 15m10.334s => fail

Eva 2014-03-08 09:27 updater ~0004619	Pre-Patch Test Client-Certs ------------ RSA 512, 1024, 2047 not accepted 2048, 4096 created -> ok DSA 512, 1024, 2047 created 2048, 4096 pending EC prime192v1 created Server-Certs ------------ RSA 512, 1024, 2047 not accepted 2048, 4096 created DSA 512, 1024, 2047 created 2048, 4096 pending EC prime192v1 created Org-certs --------- RSA 512, 1024, 2047 not accepted 2048, 4096 created DSA 512, 1024, 2047 created 2048, 4096 pending EC prime192v1 created From my point of view one should test more ECs, but I just do not have a lot of time, currently.

NEOatNHNG 2014-03-09 03:09 administrator ~0004620	Implemented a patch and put it on the test server. Please test and review.

MartinGummi 2014-03-09 09:09 updater ~0004621 Last edited: 2014-03-09 09:56	test after patch legend bold == unacceptable done == sign by signer fail == sign failed by signer Signing Certificate af-1255-org-server-class1-dsa-512 ... fail Signing Certificate af-1255-org-server-class1-dsa-768 ... fail Signing Certificate af-1255-org-server-class1-dsa-1024 ... fail Signing Certificate af-1255-org-server-class1-dsa-1536 ... fail Signing Certificate af-1255-org-server-class1-dsa-2047 ... fail Signing Certificate af-1255-org-server-class1-dsa-2048 ... fail Signing Certificate af-1255-org-server-class1-dsa-3072 ... fail Signing Certificate af-1255-org-server-class1-dsa-4096 ... fail Signing Certificate af-1255-org-server-class1-dsa-8192 ... fail Signing Certificate af-1255-org-server-class1-ec-c2pnb163v1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2pnb163v2 ... fail Signing Certificate af-1255-org-server-class1-ec-c2pnb163v3 ... fail Signing Certificate af-1255-org-server-class1-ec-c2pnb176v1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2pnb208w1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2pnb272w1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2pnb304w1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2pnb368w1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2tnb191v1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2tnb191v2 ... fail Signing Certificate af-1255-org-server-class1-ec-c2tnb191v3 ... fail Signing Certificate af-1255-org-server-class1-ec-c2tnb239v1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2tnb239v2 ... fail Signing Certificate af-1255-org-server-class1-ec-c2tnb239v3 ... fail Signing Certificate af-1255-org-server-class1-ec-c2tnb359v1 ... fail Signing Certificate af-1255-org-server-class1-ec-c2tnb431r1 ... fail Signing Certificate af-1255-org-server-class1-ec-prime192v1 ... fail Signing Certificate af-1255-org-server-class1-ec-prime192v2 ... fail Signing Certificate af-1255-org-server-class1-ec-prime192v3 ... fail Signing Certificate af-1255-org-server-class1-ec-prime239v1 ... fail Signing Certificate af-1255-org-server-class1-ec-prime239v2 ... fail Signing Certificate af-1255-org-server-class1-ec-prime239v3 ... fail Signing Certificate af-1255-org-server-class1-ec-prime256v1 ... fail Signing Certificate af-1255-org-server-class1-ec-secp224r1 ... fail Signing Certificate af-1255-org-server-class1-ec-secp384r1 ... fail Signing Certificate af-1255-org-server-class1-ec-secp521r1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect163k1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect163r2 ... fail Signing Certificate af-1255-org-server-class1-ec-sect233k1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect233r1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect283k1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect283r1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect409k1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect409r1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect571k1 ... fail Signing Certificate af-1255-org-server-class1-ec-sect571r1 ... fail Signing Certificate af-1255-org-server-class1-rsa-512 ... fail Signing Certificate af-1255-org-server-class1-rsa-768 ... fail Signing Certificate af-1255-org-server-class1-rsa-1024 ... fail Signing Certificate af-1255-org-server-class1-rsa-1536 ... fail Signing Certificate af-1255-org-server-class1-rsa-2047 ... fail Signing Certificate af-1255-org-server-class1-rsa-2048 ... done Signing Certificate af-1255-org-server-class1-rsa-4096 ... done Signing Certificate af-1255-org-server-class1-rsa-8192 ... done done in 1m49.300s => OK

INOPIAE 2014-03-09 09:58 updater ~0004623	Please review as there are at least two successful tests.

BenBE 2014-03-09 19:36 updater ~0004624	Modifications to initial draft of the patch accepted, which slipped by when the initial sketch of the patch was written. Restructuring to cause fall-through to the end of the function being considered failure of key verification are okay and enhance readability. Complete rejection of DSA (explicit, even though implemented) and ECDSA (implicit) is in accordance with policy/CPS as well as decision of the responsible software assessors due to time constraints to get this initial fix out. Further adjustments as well as refinements to allow more types of keys as well as more specific checks for the key material can follow. The aim for this patch was to resolve the issue at hand when handling certificate signing requests. 2nd review OK. Good to go!

wytze 2014-03-10 17:05 developer ~0004625	The patch has been installed on the production server on March 10, 2014. See also: https://lists.cacert.org/wws/arc/cacert-systemlog/2014-03/msg00002.html and https://lists.cacert.org/wws/arc/cacert-systemlog/2014-03/msg00003.html

Date Modified	Username	Field	Change
2014-03-07 12:33	INOPIAE	New Issue
2014-03-07 12:34	INOPIAE	Relationship added	related to 0000918
2014-03-07 12:35	INOPIAE	Relationship added	related to 0000954
2014-03-07 12:35	INOPIAE	Relationship added	related to 0000964
2014-03-07 14:50	NEOatNHNG	Note Added: 0004617
2014-03-07 22:35	MartinGummi	Note Added: 0004618
2014-03-07 23:08	MartinGummi	Note Edited: 0004618
2014-03-07 23:08	MartinGummi	Note Edited: 0004618
2014-03-07 23:09	MartinGummi	Note Edited: 0004618
2014-03-07 23:12	MartinGummi	Note Edited: 0004618
2014-03-07 23:18	MartinGummi	Note Edited: 0004618
2014-03-07 23:18	MartinGummi	Note Edited: 0004618
2014-03-07 23:20	MartinGummi	Note Edited: 0004618
2014-03-07 23:21	MartinGummi	Note Edited: 0004618
2014-03-07 23:21	MartinGummi	Note View State: 0004618: private
2014-03-08 09:27	Eva	Note Added: 0004619
2014-03-09 03:05	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver-stable 03497bc8
2014-03-09 03:05	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver-stable 2ea7e322
2014-03-09 03:05	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver-stable f8a00d63
2014-03-09 03:05	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver-stable 91f4bf72
2014-03-09 03:05	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver-stable 7b251cbd
2014-03-09 03:09	NEOatNHNG	Reviewed by	=> NEOatNHNG
2014-03-09 03:09	NEOatNHNG	Note Added: 0004620
2014-03-09 03:09	NEOatNHNG	Status	new => needs review & testing
2014-03-09 03:09	NEOatNHNG	View Status	private => public
2014-03-09 09:09	MartinGummi	Note Added: 0004621
2014-03-09 09:10	MartinGummi	Note Edited: 0004621
2014-03-09 09:11	MartinGummi	Note Edited: 0004621
2014-03-09 09:13	MartinGummi	Note Edited: 0004621
2014-03-09 09:13	MartinGummi	Note Edited: 0004621
2014-03-09 09:55	MartinGummi	Note Edited: 0004618
2014-03-09 09:56	MartinGummi	Note Edited: 0004621
2014-03-09 09:58	INOPIAE	Note Added: 0004623
2014-03-09 09:58	INOPIAE	Assigned To	=> BenBE
2014-03-09 09:58	INOPIAE	Status	needs review & testing => needs review
2014-03-09 19:36	BenBE	Reviewed by	NEOatNHNG => NEOatNHNG, BenBE
2014-03-09 19:36	BenBE	Note Added: 0004624
2014-03-09 19:36	BenBE	Assigned To	BenBE => wytze
2014-03-09 19:36	BenBE	Status	needs review => ready to deploy
2014-03-09 22:05	BenBE	Source_changeset_attached	=> cacert-devel release 43882c78
2014-03-10 17:05	wytze	Note Added: 0004625
2014-03-10 17:05	wytze	Status	ready to deploy => solved?
2014-03-10 17:05	wytze	Fixed in Version	=> 2014 Q1
2014-03-10 17:05	wytze	Resolution	open => fixed
2014-03-11 22:59	MartinGummi	Note View State: 0004618: public
2014-06-29 10:20	INOPIAE	Status	solved? => closed

View Issue Details

Relationships

Activities

Issue History

related to	0000918	closed	NEOatNHNG	Weak keys in certificates
related to	0000954	closed	Ted	script to bulk revoke weak keys
related to	0000964	closed		VBscript, Weak Keys script 4.php, 17.php to combine / select box key size and lower limit to 2048