Re: [TLS] TLSv1.2 - Is zero signature allowed in client CertificateVerify message?

M K Saravanan <mksarav@gmail.com> Tue, 03 September 2019 15:27 UTC

Return-Path: <mksarav@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED9B61208DF for <tls@ietfa.amsl.com>; Tue, 3 Sep 2019 08:27:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.592
X-Spam-Level:
X-Spam-Status: No, score=-0.592 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_IMAGE_ONLY_28=1.404, HTML_IMAGE_RATIO_06=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kJXJjMU4alh3 for <tls@ietfa.amsl.com>; Tue, 3 Sep 2019 08:27:43 -0700 (PDT)
Received: from mail-yb1-xb2a.google.com (mail-yb1-xb2a.google.com [IPv6:2607:f8b0:4864:20::b2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65D0D1208AF for <tls@ietf.org>; Tue, 3 Sep 2019 08:27:42 -0700 (PDT)
Received: by mail-yb1-xb2a.google.com with SMTP id u68so6006822ybg.1 for <tls@ietf.org>; Tue, 03 Sep 2019 08:27:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eec8Ojn3gGMJzkanxeoTO2agfszhgvY+0nLmY7+5lHY=; b=Fh7daF/trnxMh2mm6sIOtldMmxLaOI6CjkvfMP9hjAAML5exinWQWmCrM4E2BlBhTl WlV6FS1iDkq5q9zMMldQoY3JMW5ySLTyesIlARWOWE/DfWeeCm/Hrr8sLH+ISLXiephF yIVN2vcDcx/zseT/+AYMoAzB9GoavSuQu/spTRKNTD0BI1NMaDxzlZk5xyO+hiBATuzW P9iPsvmRv+k+U3zq5JR4U7PxBW/G6BWhkXV/g8ZOQ4UGedXRzrp3g0HRgCKxNxdOQopT jSBrzatxu2EJZuWsjl89WMy0rwrkIMO/51X3j84aCuoj67Cq+6aW4WJZ2ka9QPFHDaOC hPzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eec8Ojn3gGMJzkanxeoTO2agfszhgvY+0nLmY7+5lHY=; b=ZBiLBkgvqdXumFNtKsFxtPAgsfjMNM/XwtgAhb2H3/jRElzwfXeX1iLJABnZwoLMP8 XotNOIs/LMdVbfGHZ8SA4RX8XNYOPCNpPHbcnaLAiA9GFjvRmi4dHT/LPmq4i1znDnTu mkhnypy9hNOFoEdSiqcH0alT9oC/eL1g2UnfBorv34/a6twPZMKCDXL15HZlo4T2/CSK Z1eoANoI4n1aidh7ps04IqLGRF3cek7KOWbpMfxayONFBrkAmCYk9rUr9UTNlT1cGlP4 d8Fsv5Rf0UDYxw7uv3o5sKUvKwRMVlh+bPq9gLWwanAft4IysL9L5AlgRqs1Wckox+AT XDag==
X-Gm-Message-State: APjAAAWne+DHUdTqKsVcRaqD2YVFtPrYcnKohGSYkkD8+YngXbiBVL1c eAa+vzo//D35YwqNxJwnxvRnFxtPxfwty++CV1pOWA==
X-Google-Smtp-Source: APXvYqxhsASYM+1aK9ub+b27aY2F1aj4WSC+8emBVpsBcvzRQZ89wbXVmP6rKpYKdqRSo7ZMfje4SS80i1MHOQNyNyI=
X-Received: by 2002:a25:7301:: with SMTP id o1mr25554618ybc.497.1567524461319; Tue, 03 Sep 2019 08:27:41 -0700 (PDT)
MIME-Version: 1.0
References: <CAG5P2e8eHYimbgJQZYrJYTJHxijbNMGto66uzmcY6KDDJM_xbg@mail.gmail.com> <CAL02cgS0OsUxXz2ht=4uY-ZYqOdmYYCc6VqrHo5LrEusATwEtA@mail.gmail.com>
In-Reply-To: <CAL02cgS0OsUxXz2ht=4uY-ZYqOdmYYCc6VqrHo5LrEusATwEtA@mail.gmail.com>
From: M K Saravanan <mksarav@gmail.com>
Date: Tue, 3 Sep 2019 23:27:28 +0800
Message-ID: <CAG5P2e_6a_C_b9z8kWgJBGtqV7hoA03Q0mRkP5aMeOs83nqrzw@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/related; boundary="000000000000b39ef00591a7bacf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/S_lTOYuZQblgkUj99OzqBbNk3Dw>
Subject: Re: [TLS] TLSv1.2 - Is zero signature allowed in client CertificateVerify message?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Sep 2019 15:27:45 -0000

Thanks Richard for the reply.  Let me rephrase my question:

If a client encounter any error condition (e.g. does not have access to the
private key for whatever reason) in generating the signature, can it send
zero bytes in the signature field of CertificateVerify message to indicate
the error condition?  Is this allowed in TLS 1.2 RFC?

with regards,
Saravanan


On Tue, 3 Sep 2019 at 22:36, Richard Barnes <rlb@ipv.sx>; wrote:

> I don't believe that's a valid signature according to rsa_pkcs1_sha256, so
> yeah, this is probably an error.
> --Richard
>
> On Sun, Sep 1, 2019 at 11:33 PM M K Saravanan <mksarav@gmail.com>; wrote:
>
>> Hi,
>>
>> Is zero signature allowed in client CertificateVerify message (I am
>> guessing may be to indicate error condition??). I don't see any thing
>> related to zero signature in the TLS 1.2 RFC (or may be I am not looking
>> into the right section?)
>>
>> Today I saw a packet like this and server was terminating the connection
>> due to the failure of client cert auth. (because of zero signature in
>> client cert verify message).
>>
>> [image: image.png]
>>
>> Under what circumstances a client can send a zero signature in the client
>> CertificateVerify message?  Is this behaviour TLS 1.2 RFC compliant?
>>
>> with regards,
>> Saravanan
>>
>>
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
>