signature-params: Reject schemes other than RSASSA-PSS with parameters

NULL parameters (for classic PKCS#1 signature schemes) are explicitly
allowed (for any schemes for now), but we only expect parameters for
RSASSA-PSS.  Before enforcing this, it was possible to modify the
parameters in the signatureAlgorithm field of the outer X.509 Certificate
structure to something different than the signature field of the signed,
inner tbsCertificate structure, allowing generating infinite versions
of valid certificates with different binary encodings.  Now we accept at
most two (NULL and absent parameters).

diff --git a/src/libstrongswan/credentials/keys/signature_params.c b/src/libstrongswan/credentials/keys/signature_params.c
index 837de8443d439470e1b93044103646f5d2df95c3..0916bd49933ee6cf8888ce8f84a2e7541f474561 100644 (file)
--- a/src/libstrongswan/credentials/keys/signature_params.c
+++ b/src/libstrongswan/credentials/keys/signature_params.c
@@ -190,6 +190,7 @@ bool signature_params_parse(chunk_t asn1, int level0,
 
        oid = asn1_parse_algorithmIdentifier(asn1, level0, &parameters);
        params->scheme = signature_scheme_from_oid(oid);
+       params->params = NULL;
        switch (params->scheme)
        {
                case SIGN_UNKNOWN:
@@ -208,7 +209,13 @@ bool signature_params_parse(chunk_t asn1, int level0,
                        break;
                }
                default:
-                       params->params = NULL;
+                       if (parameters.len &&
+                               !chunk_equals(parameters, chunk_from_chars(0x05, 0x00)))
+                       {
+                               DBG1(DBG_IKE, "unexpected parameters for %N",
+                                        signature_scheme_names, params->scheme);
+                               return FALSE;
+                       }
                        break;
        }
        return TRUE;

diff --git a/src/libstrongswan/tests/suites/test_signature_params.c b/src/libstrongswan/tests/suites/test_signature_params.c
index 3b946a4e18359e1002a39d369684f2c9c6755a2b..d9ac84ea52d821fed82ed2c423449435c94a81a6 100644 (file)
--- a/src/libstrongswan/tests/suites/test_signature_params.c
+++ b/src/libstrongswan/tests/suites/test_signature_params.c
@@ -393,6 +393,8 @@ static struct {
          { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }},
        { TRUE, chunk_from_chars(0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02),
          { .scheme = SIGN_ECDSA_WITH_SHA256_DER, }},
+       { FALSE, chunk_from_chars(0x30,0x0d,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02,0x02,0x01,0x01),
+         { .scheme = SIGN_ECDSA_WITH_SHA256_DER, }},
        { FALSE, chunk_from_chars(0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0xff), },
 };