Re: [TLS] Possible TLS 1.3 erratum

Hubert Kario <hkario@redhat.com> Tue, 20 July 2021 19:37 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 782733A2F7C for <tls@ietfa.amsl.com>; Tue, 20 Jul 2021 12:37:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.25
X-Spam-Level:
X-Spam-Status: No, score=-3.25 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15pu2sYkOnjn for <tls@ietfa.amsl.com>; Tue, 20 Jul 2021 12:37:38 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A1DA3A2F80 for <tls@ietf.org>; Tue, 20 Jul 2021 12:37:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626809856; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oq0NIR8UTOjhU3FtK0meljIqAnkwmMK1ucjXcK/K5rQ=; b=EAXdsSySJbCXHnwAzJPBQird/RBIKJoMRgx4GQJVgTyKb6SCqox0ViWLsWpqTiAKM154Ym +/j/XUYT1y4K/cvCWMsvJQS8vLToyiPE+OFmDBPP5D6k1jYiCNxsDeGhdHqepOxTEjAlOq pXMuWf+AqXiW8JZ71IGiW2ar0Ij0Pd8=
Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-295-n0IPszv8Pt6DX4sBhMouCw-1; Tue, 20 Jul 2021 15:37:35 -0400
X-MC-Unique: n0IPszv8Pt6DX4sBhMouCw-1
Received: by mail-wm1-f71.google.com with SMTP id j141-20020a1c23930000b0290212502cb19aso116415wmj.0 for <tls@ietf.org>; Tue, 20 Jul 2021 12:37:35 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:mime-version:message-id :in-reply-to:references:organization:user-agent :content-transfer-encoding; bh=oGsgQtmtaik01MEHXx/A47cV51KRtuNzR5/DCU1ndkU=; b=Je4HeXa8muQXo8BVLq4tnjxoo0lA/Qc4oe37v9vtdjl3tNitqg4B4diVEDt7I01UP7 SU7awrr7LoHDlkkhLOo31oKKuPoiKUz3AZPRm9/VctO7Iqxls+beYMU9eM9i4iWRHEx5 7hlfNvS99N6yQebm7Hvv6leQWwfnwqbiKDycIelTp0BEh8MZvJyBJxLz3NZseZWGZapQ KBc2d0H566gt9HNzmBpNaVYdbJoD7fVyXWxVA6x/9OJqFquP4ZockwO8OVIrEth73yVT HV39jTwAtuBjHqP+mkt7wxgOSOiv7vIklrGIJGcSUgcSLVvlHTQO0NwiYHtcbA4/7W6C xj0Q==
X-Gm-Message-State: AOAM531fPQchj8bOMutW64NUWMuFe27xYitrCkneaocuLEeYfSnGhPNR 6rRRb3fDtZMlew/IoISLRnITNnWJYfBJ4I71BWiDxbG+x9KnPQRSmz6ktcNh/ye8oQGpx5VcT+G IOaI=
X-Received: by 2002:a5d:4086:: with SMTP id o6mr37111864wrp.379.1626809854100; Tue, 20 Jul 2021 12:37:34 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxf9W2pD1urQ/+fLhlMd/tPzjbeHitlNe63LCTC5E9I4oikoNAGB+ajiGoPQkhDP1DrnlOBmg==
X-Received: by 2002:a5d:4086:: with SMTP id o6mr37111853wrp.379.1626809853951; Tue, 20 Jul 2021 12:37:33 -0700 (PDT)
Received: from localhost (ip-94-112-13-200.net.upcbroadband.cz. [94.112.13.200]) by smtp.gmail.com with ESMTPSA id y6sm20221610wma.48.2021.07.20.12.37.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jul 2021 12:37:33 -0700 (PDT)
From: Hubert Kario <hkario@redhat.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: Ilari Liusvaara <ilariliusvaara@welho.com>, tls@ietf.org
Date: Tue, 20 Jul 2021 21:37:32 +0200
MIME-Version: 1.0
Message-ID: <818eb8d3-7de7-4d54-8734-10855a4ceeba@redhat.com>
In-Reply-To: <SY4PR01MB6251FA6EACDD9D2991E9C4A1EEE29@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <SY4PR01MB6251FA6EACDD9D2991E9C4A1EEE29@SY4PR01MB6251.ausprd01.prod.outlook.com>
Organization: Red Hat
User-Agent: Trojita/0.7-git; Qt/5.15.2; xcb; Linux; Fedora release 33 (Thirty Three)
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=hkario@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/n5I7urR9GyobbRBxiHFZbmDxYKE>
Subject: Re: [TLS] Possible TLS 1.3 erratum
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jul 2021 19:37:41 -0000

On Tuesday, 20 July 2021 16:18:38 CEST, Peter Gutmann wrote:
> Hubert Kario <hkario@redhat.com> writes:
>
>> I suggest you go back to the RFCs and check exactly what is 
>> needed for proper
>> handling of RSA-PSS Subject Public Key type in X.509. 
>> Specifically when the
>> "parameters" field is present.
>
> Looking at the code I'm using, it's four lines of extra code for PSS when
> reading sigs and four lines extra when writing (OK, technically seven if you
> include the "if" statement and curly braces lines).

And that code will reject a SHA-512 signature if it was made by a 
certificate
with hash algorithm of SHA-256?
What about MGF? Salt length?

Will it reject PKCS#1 v1.5 signatures made with such a key?

It's one thing to be able to read a certificate with those parameters,
it's completely different to actually implement the standard.
-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic