github.com/zmap/zlint@v1.1.0/lints/lint_ec_improper_curves.go

github.com/zmap/zlint@v1.1.0/lints/lint_ec_improper_curves.go (about)

     1  package lints
     2  
     3  /*
     4   * ZLint Copyright 2018 Regents of the University of Michigan
     5   *
     6   * Licensed under the Apache License, Version 2.0 (the "License"); you may not
     7   * use this file except in compliance with the License. You may obtain a copy
     8   * of the License at http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
    13   * implied. See the License for the specific language governing
    14   * permissions and limitations under the License.
    15   */
    16  
    17  /************************************************
    18  BRs: 6.1.5
    19  Certificates MUST meet the following requirements for algorithm type and key size.
    20  ECC Curve: NIST P-256, P-384, or P-521
    21  ************************************************/
    22  
    23  import (
    24  	"crypto/ecdsa"
    25  
    26  	"github.com/zmap/zcrypto/x509"
    27  	"github.com/zmap/zlint/util"
    28  )
    29  
    30  type ecImproperCurves struct{}
    31  
    32  func (l *ecImproperCurves) Initialize() error {
    33  	return nil
    34  }
    35  
    36  func (l *ecImproperCurves) CheckApplies(c *x509.Certificate) bool {
    37  	return c.PublicKeyAlgorithm == x509.ECDSA
    38  }
    39  
    40  func (l *ecImproperCurves) Execute(c *x509.Certificate) *LintResult {
    41  	/* Declare theKey to be a ECDSA Public Key */
    42  	var theKey *ecdsa.PublicKey
    43  	/* Need to do different things based on what c.PublicKey is */
    44  	switch c.PublicKey.(type) {
    45  	case *x509.AugmentedECDSA:
    46  		temp := c.PublicKey.(*x509.AugmentedECDSA)
    47  		theKey = temp.Pub
    48  	case *ecdsa.PublicKey:
    49  		theKey = c.PublicKey.(*ecdsa.PublicKey)
    50  	}
    51  	/* Now can actually check the params */
    52  	theParams := theKey.Curve.Params()
    53  	switch theParams.Name {
    54  	case "P-256", "P-384", "P-521":
    55  		return &LintResult{Status: Pass}
    56  	default:
    57  		return &LintResult{Status: Error}
    58  	}
    59  }
    60  
    61  func init() {
    62  	RegisterLint(&Lint{
    63  		Name:        "e_ec_improper_curves",
    64  		Description: "Only one of NIST P‐256, P‐384, or P‐521 can be used",
    65  		Citation:    "BRs: 6.1.5",
    66  		Source:      CABFBaselineRequirements,
    67  		// Refer to BRs: 6.1.5, taking the statement "Before 31 Dec 2010" literally
    68  		EffectiveDate: util.ZeroDate,
    69  		Lint:          &ecImproperCurves{},
    70  	})
    71  }