Skip to content

update lingT_signature_algorithm_not_supported - support rsa-pss #913

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

update lingT_signature_algorithm_not_supported - support rsa-pss #913

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bfa2a44
update lingT_signature_algorithm_not_supported - support rsa-pss
Hagelkruys Jan 31, 2025
2c240cd
Merge branch 'master' into remove_rsapss_warning
christopher-henderson Feb 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 8 additions & 9 deletions v3/lints/cabf_br/lint_signature_algorithm_not_supported.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,17 +38,16 @@ var (
x509.SHA1WithRSA: true,
x509.DSAWithSHA1: true,
x509.ECDSAWithSHA1: true,
}
// The BRs do not forbid the use of RSA-PSS as a signature scheme in
// certificates but it is not broadly supported by user-agents. Since
// the BRs do not forbid the practice we return a warning result.
// NOTE: The Mozilla root program policy *does* forbid their use since v2.7.
// This should be covered by a lint scoped to the Mozilla source instead of in
// this CABF lint.
warnSigAlgs = map[x509.SignatureAlgorithm]bool{
// The BRs v2.1.2 allow the use of RSA-PSS as a signature scheme, see
// 7.1.3.2.1 RSA
// The Mozilla root program policy v2.9 allow RSA-PSS as a signature
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just double checking these references.

From Mozilla 5.1.1.

When a root or intermediate certificate's RSA key is used to produce a signature, only the following algorithms MAY be used, and with the following encoding requirements:

...

RSASSA-PSS with SHA-256, MGF-1 with SHA-256, and a salt length of 32 bytes.
The encoded AlgorithmIdentifier MUST match the following hex-encoded bytes:

304106092a864886f70d01010a3034a00f300d06096086480165030402010500a11c301a06092a864886f70d010108300d06096086480165030402010500a203020120

From CABF/Br 7.1.3.2.1

The CA SHALL use one of the following signature algorithms and encodings. When encoded, the
AlgorithmIdentifier MUST be byte‐for‐byte identical with the specified hex‐encoded bytes.

...

RSASSA‐PSS with SHA‐256, MGF‐1 with SHA‐256, and a salt length of 32 bytes:
Encoding:

304106092a864886f70d01010a3034a00f300d06096086480165030402010500a11c301a06092a864886f70d010108300d06096086480165030402010500a203020120

// scheme, see 5.1.1 RSA
x509.SHA256WithRSAPSS: true,
x509.SHA384WithRSAPSS: true,
x509.SHA512WithRSAPSS: true,
x509.SHA512WithRSAPSS: true,
}
// currently no warnings
warnSigAlgs = map[x509.SignatureAlgorithm]bool{
}
)

Expand Down
Loading