File: lint_key_usage_and_extended_key_usage_inconsistent.go

package info (click to toggle)
golang-github-zmap-zlint 3.6.2-4
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 10,008 kB
  • sloc: sh: 162; makefile: 38
file content (215 lines) | stat: -rw-r--r-- 8,162 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
 
package rfc

/*
 * ZLint Copyright 2024 Regents of the University of Michigan
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy
 * of the License at http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * permissions and limitations under the License.
 */

import (
	"fmt"
	"sort"

	"github.com/zmap/zcrypto/x509"
	"github.com/zmap/zlint/v3/lint"
	"github.com/zmap/zlint/v3/util"
)

type KUAndEKUInconsistent struct{}

func init() {
	lint.RegisterCertificateLint(&lint.CertificateLint{
		LintMetadata: lint.LintMetadata{
			Name:          "e_key_usage_and_extended_key_usage_inconsistent",
			Description:   "The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension.",
			Citation:      "RFC 5280, Section 4.2.1.12.",
			Source:        lint.RFC5280,
			EffectiveDate: util.RFC5280Date,
		},
		Lint: NewKUAndEKUInconsistent,
	})
}

func NewKUAndEKUInconsistent() lint.LintInterface {
	return &KUAndEKUInconsistent{}
}

func (l *KUAndEKUInconsistent) Initialize() error {
	return nil
}

// CheckApplies returns true when the certificate contains both a key usage
// extension and an extended key usage extension.
func (l *KUAndEKUInconsistent) CheckApplies(c *x509.Certificate) bool {
	return util.IsSubscriberCert(c) && util.IsExtInCert(c, util.EkuSynOid) && util.IsExtInCert(c, util.KeyUsageOID)
}

// Execute returns an Error level lint.LintResult if the purposes of the certificate
// being linted is not consistent with both extensions.
func (l *KUAndEKUInconsistent) Execute(c *x509.Certificate) *lint.LintResult {
	if len(c.ExtKeyUsage) > 1 {
		return l.multiPurpose(c)
	}
	return l.strictPurpose(c)
}

// RFC 5280 4.2.1.12 on multiple purposes:
//
//	If multiple purposes are indicated the application need not recognize all purposes
//	indicated, as long as the intended purpose is present.
func (l *KUAndEKUInconsistent) multiPurpose(c *x509.Certificate) *lint.LintResult {
	// Create a map with each KeyUsage combination that is authorized for the
	// included extKeyUsage(es).
	var mp = map[x509.KeyUsage]bool{}
	for _, extKeyUsage := range c.ExtKeyUsage {
		var i int
		if _, ok := eku[extKeyUsage]; !ok {
			return &lint.LintResult{Status: lint.Pass}
		}
		for ku := range eku[extKeyUsage] {
			// There is nothing to merge for the first EKU.
			if i > 0 {
				// We could see this EKU combined with any other EKU so
				// create that possibility.
				for mpku := range mp {
					mp[mpku|ku] = true
				}
			}

			mp[ku] = true
			i++
		}
	}
	if !mp[c.KeyUsage] {
		// Sort the included KeyUsage strings for consistent error messages
		// The order does not matter for this lint, but the consistency makes
		// it easier to identify common errors.
		keyUsage := util.GetKeyUsageStrings(c.KeyUsage)
		sort.Strings(keyUsage)

		return &lint.LintResult{
			Status:  lint.Error,
			Details: fmt.Sprintf("KeyUsage %v (%08b) inconsistent with multiple purpose ExtKeyUsage %v", keyUsage, c.KeyUsage, util.GetEKUStrings(c.ExtKeyUsage)),
		}
	}
	return &lint.LintResult{Status: lint.Pass}
}

// strictPurpose checks if the Key Usages (KU) included are permitted for each
// indicated Extended Key Usage (EKU)
func (l *KUAndEKUInconsistent) strictPurpose(c *x509.Certificate) *lint.LintResult {
	for _, extKeyUsage := range c.ExtKeyUsage {
		if _, ok := eku[extKeyUsage]; !ok {
			continue
		}
		if !eku[extKeyUsage][c.KeyUsage] {
			return &lint.LintResult{
				Status:  lint.Error,
				Details: fmt.Sprintf("KeyUsage %v (%08b) inconsistent with ExtKeyUsage %s", util.GetKeyUsageStrings(c.KeyUsage), c.KeyUsage, util.GetEKUString(extKeyUsage)),
			}
		}
	}
	return &lint.LintResult{Status: lint.Pass}
}

var eku = map[x509.ExtKeyUsage]map[x509.KeyUsage]bool{

	// KU combinations with Server Authentication EKU:
	//  RFC 5280 4.2.1.12 on KU consistency with Server Authentication EKU:
	//    -- TLS WWW server authentication
	//    -- Key usage bits that may be consistent: digitalSignature,
	//    -- keyEncipherment or keyAgreement

	// (digitalSignature OR (keyEncipherment XOR keyAgreement))
	x509.ExtKeyUsageServerAuth: {
		x509.KeyUsageDigitalSignature:                                true,
		x509.KeyUsageKeyEncipherment:                                 true,
		x509.KeyUsageKeyAgreement:                                    true,
		x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment: true,
		x509.KeyUsageDigitalSignature | x509.KeyUsageKeyAgreement:    true,
	},

	// KU combinations with Client Authentication EKU:
	//  RFC 5280 4.2.1.12 on KU consistency with Client Authentication EKU:
	//    -- TLS WWW client authentication
	//    -- Key usage bits that may be consistent: digitalSignature
	//    -- and/or keyAgreement

	// (digitalSignature OR keyAgreement)
	x509.ExtKeyUsageClientAuth: {
		x509.KeyUsageDigitalSignature:                             true,
		x509.KeyUsageKeyAgreement:                                 true,
		x509.KeyUsageDigitalSignature | x509.KeyUsageKeyAgreement: true,
	},

	// KU combinations with Code Signing EKU:
	//  RFC 5280 4.2.1.12 on KU consistency with Code Signing EKU:
	//   -- Signing of downloadable executable code
	//   -- Key usage bits that may be consistent: digitalSignature

	// (digitalSignature)
	x509.ExtKeyUsageCodeSigning: {
		x509.KeyUsageDigitalSignature: true,
	},

	// KU combinations with Email Protection EKU:
	//  RFC 5280 4.2.1.12 on KU consistency with Email Protection EKU:
	//    -- Email protection
	//    -- Key usage bits that may be consistent: digitalSignature,
	//    -- nonRepudiation, and/or (keyEncipherment or keyAgreement)
	//  Note: Recent editions of X.509 have renamed nonRepudiation bit to contentCommitment

	// (digitalSignature OR nonRepudiation OR (keyEncipherment XOR keyAgreement))
	x509.ExtKeyUsageEmailProtection: {
		x509.KeyUsageDigitalSignature:  true,
		x509.KeyUsageContentCommitment: true,
		x509.KeyUsageKeyEncipherment:   true,
		x509.KeyUsageKeyAgreement:      true,

		x509.KeyUsageDigitalSignature | x509.KeyUsageContentCommitment: true,
		x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment:   true,
		x509.KeyUsageDigitalSignature | x509.KeyUsageKeyAgreement:      true,

		x509.KeyUsageDigitalSignature | x509.KeyUsageContentCommitment | x509.KeyUsageKeyEncipherment: true,
		x509.KeyUsageDigitalSignature | x509.KeyUsageContentCommitment | x509.KeyUsageKeyAgreement:    true,

		x509.KeyUsageContentCommitment | x509.KeyUsageKeyEncipherment: true,
		x509.KeyUsageContentCommitment | x509.KeyUsageKeyAgreement:    true,
	},

	// KU combinations with Time Stamping EKU:
	//  RFC 5280 4.2.1.12 on KU consistency with Time Stamping EKU:
	//    -- Binding the hash of an object to a time
	//    -- Key usage bits that may be consistent: digitalSignature
	//    -- and/or nonRepudiation
	//  Note: Recent editions of X.509 have renamed nonRepudiation bit to contentCommitment

	// (digitalSignature OR nonRepudiation)
	x509.ExtKeyUsageTimeStamping: {
		x509.KeyUsageDigitalSignature:                                  true,
		x509.KeyUsageContentCommitment:                                 true,
		x509.KeyUsageDigitalSignature | x509.KeyUsageContentCommitment: true,
	},

	// KU combinations with Ocsp Signing EKU:
	//  RFC 5280 4.2.1.12 on KU consistency with Ocsp Signing EKU:
	//    -- Signing OCSP responses
	//    -- Key usage bits that may be consistent: digitalSignature
	//    -- and/or nonRepudiation
	//  Note: Recent editions of X.509 have renamed nonRepudiation bit to contentCommitment

	// (digitalSignature OR nonRepudiation)
	x509.ExtKeyUsageOcspSigning: {
		x509.KeyUsageDigitalSignature:                                  true,
		x509.KeyUsageContentCommitment:                                 true,
		x509.KeyUsageDigitalSignature | x509.KeyUsageContentCommitment: true,
	},
}