Certificate analysis

[Razican]

Currently certificate analysis is only done by an OpenSSL dependency and the certificate is not correctly analyzed. We should probably do our own native analysis and get some output in the report.

The idea behind this is replacing the OpenSSL dependency, can it be done with ring? or with our own PKSC#7 parser?

[Razican]

@Br1oP do you think this could be (at least partially) be done for 0.1.0?

[Br1oP]

I will try to look into the Ring library to see if we can use it to parse the certificates with it and eliminate the OpenSSL dependency. I don't think I will have anything for 0.1.0.

[Razican]

If Ring is not useful, we could try to implement our own PKCS 7 module.

[briansmith]

Currently certificate analysis is only done by an OpenSSL dependency and the certificate is not correctly analyzed. We should probably do our own native analysis and get some output in the report.

What is "certificate analysis"?

My guess is that it might be useful to start with https://github.com/briansmith/webpki (based on ring) and/or https://github.com/ctz/webpki-roots (derived from Mozilla's certificate store).

[briansmith]

I think I understand better now. Checkout https://github.com/google/nogotofail, which is probably doing something similar to what you're trying to do.

[Br1oP]

Hi Brian, thanks for commenting!

Our process of "certificate analysis" is the process of reading and analyzing the certificate(s) included in the Android application. For this, we are using OpenSSL, more specifically the command "openssl pkcs7 -inform DER -in filename -noout -print_certs -text".

At the moment the analysis process consists mainly in three steps:

• Check if the certificate has expired.
• Check if the certificate issuer is "Android Debug".
• Check if the certificate is self-signed.

We do not want to have a dependency to OpenSSL since that makes the program less portable, we want to use either an existing Rust library or implement our own parser for this.

I will look into the libraries that you posted ASAP. Don't hesitate to contact if you have more insight on the matter :).

[Albibek]

Hi.
I think, this library also deserves a look https://github.com/qnighy/yasna.rs.
Perfect case would be writing ASN.1 serializer/deserializer module for rustc_serialize/serde and implementing pkix data in rust structures after that.

[Razican]

@briansmith can we use webpki to read PKSC#7 information?

[briansmith]

webpki doesn't support CMS (PKCS#7) stuff, it is just for validating certificate chains. It doesn't contain a parser for certificates in CMS format, primarily because CMS that's not a very good format for storing root certificates. (Though it seems many things use it for that.) It also doesn't support the concept of expired roots, currently.

[Razican]

@briansmith So we would need to create our own parser? Do you know of any other way?

[briansmith]

Are you sure it's PKCS#7 and not another format like PKCS#12 or plain PEM or DER certificates that you need to support? Could you send me an example file?: brian@briansmith.org

[Razican]

@briansmith an example would be this:
CERT.RSA.zip

The output we get when running the command openssl pkcs7 -inform DER -in CERT.RSA -noout -print_certs -text is the following:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 887580539 (0x34e7677b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Android, CN=Android Debug
        Validity
            Not Before: Dec 22 19:09:23 2014 GMT
            Not After : Dec 14 19:09:23 2044 GMT
        Subject: C=US, O=Android, CN=Android Debug
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:aa:74:3c:84:67:de:02:5c:1f:51:6c:68:ad:f9:
                    f5:a9:7c:d3:bd:8b:81:ae:ac:e9:5c:a2:b2:b0:aa:
                    f7:93:e5:fe:ab:59:ae:7a:35:33:f4:13:b5:ca:21:
                    9e:c5:17:ed:ba:ce:be:17:2b:58:28:4a:d4:48:6d:
                    03:a4:0d:5b:90:33:f2:4e:1f:d2:45:aa:57:5e:70:
                    4a:86:27:dc:40:ba:8b:9f:34:7a:e1:40:99:a3:80:
                    0d:04:12:c7:29:fb:7c:bb:c0:43:f4:0a:fd:05:9b:
                    11:a0:06:44:c3:77:da:dc:82:4e:c7:8b:e3:99:8c:
                    9b:8b:69:ff:07:cd:21:60:e5:ce:a6:23:58:59:d0:
                    a9:d0:f2:a2:5d:10:f0:15:c7:de:f3:7e:87:ce:22:
                    20:88:71:1a:98:4a:a4:b1:e8:63:ed:55:e7:4f:ab:
                    39:a1:f7:e8:26:2b:37:a1:ed:1e:de:2f:d1:36:fc:
                    66:cb:ad:3d:cf:80:46:e8:b8:ca:e1:a5:4d:69:9c:
                    54:ce:d5:60:83:d4:72:5c:05:8b:9b:65:07:6f:b3:
                    f1:21:be:8a:6a:c7:57:fa:ce:a7:79:b6:87:50:54:
                    fe:f2:4f:8b:8f:ea:40:1e:41:e8:1d:23:86:f3:90:
                    49:ba:ee:ff:4d:35:04:2b:5c:a6:9c:be:a6:17:e4:
                    84:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                4E:FC:FB:DE:8B:D2:75:CF:ED:BF:9A:26:C4:C6:8B:42:75:2A:DF:2A
    Signature Algorithm: sha256WithRSAEncryption
         9d:b4:a2:9b:f3:5b:55:44:cc:1a:14:e2:d7:56:5b:f7:e9:46:
         01:9a:d6:fa:ba:a1:a2:18:81:40:63:60:e2:ad:13:cc:9c:32:
         8c:29:49:63:60:fd:61:ac:74:cb:b3:c7:e7:37:af:8f:78:16:
         28:99:23:2e:a7:81:fe:54:a3:83:dc:3d:98:52:89:60:7a:7a:
         bb:86:4a:3f:fb:0f:0f:8d:6d:17:f3:04:be:bc:73:fc:61:16:
         75:db:57:2a:4c:79:cc:82:91:72:18:87:85:1c:21:ea:1b:fd:
         9d:a5:2f:09:60:21:78:b5:a8:54:08:fd:58:69:c8:89:0d:5a:
         6b:76:21:bd:3f:78:70:60:16:e6:4e:83:85:4f:9b:08:ea:5c:
         33:46:a6:bc:18:bb:08:d8:79:95:b6:89:cd:76:83:c0:42:77:
         52:17:3d:ff:bf:a2:45:ba:88:a1:a5:42:d7:cc:59:b8:92:1f:
         9f:2d:8d:97:78:06:3e:1c:d3:c8:09:2c:9b:b7:e2:33:f8:92:
         84:28:02:18:a6:39:1a:0d:4a:d8:aa:3c:18:04:bb:47:b0:4c:
         bc:25:0d:c1:aa:28:ea:42:9a:a5:e8:fc:f3:1e:86:6a:7f:7a:
         63:f9:9d:6c:65:7b:d7:e7:6f:72:f9:04:38:62:f9:19:71:0c:
         ff:3c:11:7e

We would like to get those fingerprints and if the certificate is self-signed. Can that be done with webpki? For the info I think it would be a DER certificate.

[briansmith]

Yes, that is PKCS#7. I am surprised that Android apps are using that format. Anyway, currently there is no support for CMS parsing in webpki. Obviously, a big part of that is actually the X.509 certificate, so the amount of parsing to unwrap it is probably not much.