Audit Results Session 2015.3

Audit Type

Operational Audit

Report Status

Formal Draft

Audit initiated by

Audit Plan

Audit Subject

Audit over Test Root Creation

Follow up status

2015-09-13 Informed Board about the Documentation and aked for approval until 2015-09-27

2015-12-06 approved by board in m20151206.8

Executive Summary

CAcert is re-designing its software and also plans to create new root and sub-root certificates. For this reason, the software team created a github repository with scripts generating the needed keys, certificates, revocation lists and passwords for one year of operation. The requirements in regards to the root generation process are included in the automated generation scripts.

During the audit two non-conformities and three recommendations have been identified.

Purpose, Scope and Methodology

Generating root keys it's a significant task for a certificate authority. It should be carefully designed and monitored. To validate the correctness and completeness is therefore an important task. The test run on root creation has exactly the goal to provide evidence on correctness and completeness of the process, while audit verifies additionally the sanity of the keys generated. The Audit was conducted as an inspection of the process and its description. The scripted generation was validated against the CA/B Forum Baseline Requirements v1.3.0 (BR).

The process to audit includes only the review of the generation scripts and the generation of the keys itself, the transferral of the keys to datacenter and any further steps are not part of the audited process.

Audit Results and Recommendations

Script review

Only the scripts to generate the root and immediate sub-root certificates have been audited for the BR requirements.

Random Number Generator

(content provided by BennyBaumann)

The WhirlyGig design used is based on this entry with a few corrections to get it work on the FPGA of the Papillio Pro Board. The additional file multiply.vhd was the start for advancing the project towards a Crypto Token, but as it was included with the sources when I built the Bitstream File I'm including it for completeness.

The UART implementation used can be found at ASIC World. In main.vhd the baud rate is set to 2 000 000 Baud, which is the stable upper bound of the FTDI232 chip on the Papillio Pro Board.

Some parts of the implementation where done in cooperation with Wilfried Klaebe of Toppoint e.V.. Although there are some hardware differences with the original Whirlygig design (the original Whirlygig is CPLD-based, while the used implementation was FPGA-based) you can find approximate results for the generated randomness at this page when looking for Whirlygig-v2.

The used source coed with the modifications is attached to this wiki page.

1. generateKeys.sh - root cert

Contains the two required extensions basicConstraints (BR 7.1.2.1a) and keyUsage (BR 7.1.2.1b) with the parameters:

basicConstraints = CA:true
keyUsage = keyCertSign, cRLSign

However, basicCostrains must be critical what is not set.

The extensions pathLenConstraint (BR 7.1.2.1a), certificatePolicies (BR 7.1.2.1c), and extendedKeyUsage (BR 7.1.2.1d) are not present.

Subject Information (BR 7.1.2.1e) but must be set:

 ‐ countryName (OID 2.5.4.6). This field MUST contain the two‐letter ISO 3166‐1 country code for the country in which the CA's place of business is located.
 ‐ organizationName (OID 2.5.4.10). This field MUST contain the name (or abbreviation thereof), trademark, or other meaningful identifier for the CA, provided that they accurately identify the CA. The field MUST NOT contain exclusively a generic designation such as “Root 1”.

2. generateKeys.sh - sub-root cert

The requirements of BR 7.1.2.2 are not met.

Test run attendance

The test generation session was attended by BennyBaumann (Lead), FelixDörre, WytzevanderRaay (Critical Admin, Acting), MartinSimons (Critical Admin), MartinGummi (Observer), BenediktHeintel (Protocol), 1 unidentified Observer

Test run preparation

Test run protocol

All steps at the notebook had been conducted by WytzevanderRaay:

  1. Notebook booted from live CD
  2. Random number generator attached to notebook
  3. Start timelog for logging activities on the console
  4. Copy source code to /ramdisk
  5. Skipped Source code validation for now will be done later
  6. Script Configuration:
    • domain name: gigi1.test.cacert.org
    • key size: 4k
  7. Installation of needed packages
  8. Started script all.sh 2015, script finished successfully
  9. Started scripts for 2016, scripts finished successfully
  10. Copied files on online and two offline USB sticks as in process description
  11. Transferred transcript copied to online USB stick
  12. Unmounted USB sticks and shut down notebook

Key handling

Each USB stick put in one envelope, all envelopes sealed,

Discovery

The process description was read aloud and followed during the creation with the following mutual between Software, Critical Admins, and Audit agreed derivations:

All of these derivations are okay since this was only a test run. Nevertheless, the decision was unanimously taken, to use the generated keys as test root keys under gigi1.test.cacert.org. The keys are therefore flagged as test root keys.

Non-Conformities

  1. Generate root certificates with basicConstrains critical and organisation information set.
  2. Generate sub-root certificates with the required fields from BR 7.1.2.2 set.

Recommendations

  1. The CA root and all of its sub-root should not be valid prior generation.
  2. Transfer the documentation from the pad to CAcert's Wiki.
  3. Add a flag to all.sh to allow /dis-allow root key and certificate generation.

Auditor

-- BenediktHeintel 2015-09-13 14:13:53


Audit/Results/session2015.3 (last edited 2015-12-08 23:08:20 by BenediktHeintel)