github.com/zmap/zlint@v1.1.0/lints/lint_dsa_unique_correct_representation.go (about) 1 package lints 2 3 /* 4 * ZLint Copyright 2018 Regents of the University of Michigan 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 7 * use this file except in compliance with the License. You may obtain a copy 8 * of the License at http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 13 * implied. See the License for the specific language governing 14 * permissions and limitations under the License. 15 */ 16 17 import ( 18 "crypto/dsa" 19 "math/big" 20 21 "github.com/zmap/zcrypto/x509" 22 "github.com/zmap/zlint/util" 23 ) 24 25 type dsaUniqueCorrectRepresentation struct{} 26 27 func (l *dsaUniqueCorrectRepresentation) Initialize() error { 28 return nil 29 } 30 31 func (l *dsaUniqueCorrectRepresentation) CheckApplies(c *x509.Certificate) bool { 32 return c.PublicKeyAlgorithm == x509.DSA 33 } 34 35 func (l *dsaUniqueCorrectRepresentation) Execute(c *x509.Certificate) *LintResult { 36 dsaKey, ok := c.PublicKey.(*dsa.PublicKey) 37 if !ok { 38 return &LintResult{Status: NA} 39 } 40 // Verify that 2 ≤ y ≤ p-2. 41 two := big.NewInt(2) 42 pMinusTwo := big.NewInt(0) 43 pMinusTwo.Sub(dsaKey.P, two) 44 if two.Cmp(dsaKey.Y) > 0 || dsaKey.Y.Cmp(pMinusTwo) > 0 { 45 return &LintResult{Status: Error} 46 } 47 return &LintResult{Status: Pass} 48 } 49 50 func init() { 51 RegisterLint(&Lint{ 52 Name: "e_dsa_unique_correct_representation", 53 Description: "DSA: Public key value has the unique correct representation in the field, and that the key has the correct order in the subgroup", 54 Citation: "BRs: 6.1.6", 55 Source: CABFBaselineRequirements, 56 EffectiveDate: util.CABEffectiveDate, 57 Lint: &dsaUniqueCorrectRepresentation{}, 58 }) 59 }