Audit Results Session 2015.3
Audit Type |
Operational Audit |
Report Status |
Formal Draft |
Audit initiated by |
Audit Plan |
Audit Subject |
Audit over Test Root Creation |
Follow up status |
2015-09-13 Informed Board about the Documentation and aked for approval until 2015-09-27 |
|
2015-12-06 approved by board in m20151206.8 |
Contents
Executive Summary
CAcert is re-designing its software and also plans to create new root and sub-root certificates. For this reason, the software team created a github repository with scripts generating the needed keys, certificates, revocation lists and passwords for one year of operation. The requirements in regards to the root generation process are included in the automated generation scripts.
During the audit two non-conformities and three recommendations have been identified.
Purpose, Scope and Methodology
Generating root keys it's a significant task for a certificate authority. It should be carefully designed and monitored. To validate the correctness and completeness is therefore an important task. The test run on root creation has exactly the goal to provide evidence on correctness and completeness of the process, while audit verifies additionally the sanity of the keys generated. The Audit was conducted as an inspection of the process and its description. The scripted generation was validated against the CA/B Forum Baseline Requirements v1.3.0 (BR).
The process to audit includes only the review of the generation scripts and the generation of the keys itself, the transferral of the keys to datacenter and any further steps are not part of the audited process.
Audit Results and Recommendations
Script review
Only the scripts to generate the root and immediate sub-root certificates have been audited for the BR requirements.
Random Number Generator
(content provided by BennyBaumann)
The WhirlyGig design used is based on this entry with a few corrections to get it work on the FPGA of the Papillio Pro Board. The additional file multiply.vhd was the start for advancing the project towards a Crypto Token, but as it was included with the sources when I built the Bitstream File I'm including it for completeness.
The UART implementation used can be found at ASIC World. In main.vhd the baud rate is set to 2 000 000 Baud, which is the stable upper bound of the FTDI232 chip on the Papillio Pro Board.
Some parts of the implementation where done in cooperation with Wilfried Klaebe of Toppoint e.V.. Although there are some hardware differences with the original Whirlygig design (the original Whirlygig is CPLD-based, while the used implementation was FPGA-based) you can find approximate results for the generated randomness at this page when looking for Whirlygig-v2.
The used source coed with the modifications is attached to this wiki page.
1. generateKeys.sh - root cert
Contains the two required extensions basicConstraints (BR 7.1.2.1a) and keyUsage (BR 7.1.2.1b) with the parameters:
basicConstraints = CA:true keyUsage = keyCertSign, cRLSign
However, basicCostrains must be critical what is not set.
The extensions pathLenConstraint (BR 7.1.2.1a), certificatePolicies (BR 7.1.2.1c), and extendedKeyUsage (BR 7.1.2.1d) are not present.
Subject Information (BR 7.1.2.1e) but must be set:
‐ countryName (OID 2.5.4.6). This field MUST contain the two‐letter ISO 3166‐1 country code for the country in which the CA's place of business is located. ‐ organizationName (OID 2.5.4.10). This field MUST contain the name (or abbreviation thereof), trademark, or other meaningful identifier for the CA, provided that they accurately identify the CA. The field MUST NOT contain exclusively a generic designation such as “Root 1”.
2. generateKeys.sh - sub-root cert
The requirements of BR 7.1.2.2 are not met.
Test run attendance
The test generation session was attended by BennyBaumann (Lead), FelixDörre, WytzevanderRaay (Critical Admin, Acting), MartinSimons (Critical Admin), MartinGummi (Observer), BenediktHeintel (Protocol), 1 unidentified Observer
Test run preparation
- USB sticks are checked for sanity, formated with ext3 and placed on the table so everyone could see if touched
- Notebook for generation had no battery, hard disk drive, WLAN, WWAN connected
- Notebook is attached to an UPS
- Notebook screen attached to projector, displaying the screen operated on
Test run protocol
All steps at the notebook had been conducted by WytzevanderRaay:
- Notebook booted from live CD
- Random number generator attached to notebook
- Start timelog for logging activities on the console
- Copy source code to /ramdisk
- Skipped Source code validation for now will be done later
- Script Configuration:
- domain name: gigi1.test.cacert.org
- key size: 4k
- Installation of needed packages
- Started script all.sh 2015, script finished successfully
- Started scripts for 2016, scripts finished successfully
- Copied files on online and two offline USB sticks as in process description
- Transferred transcript copied to online USB stick
- Unmounted USB sticks and shut down notebook
Key handling
Each USB stick put in one envelope, all envelopes sealed,
one offline stick is kept with FelixDörre,
one offline stick is kept with MartinGummi,
one online stick is kept with WytzevanderRaay
Discovery
The process description was read aloud and followed during the creation with the following mutual between Software, Critical Admins, and Audit agreed derivations:
- The source code integrity was not checked; the source code was directly downloaded from the repository
- All offline components have been stored on two USB sticks (each with complete set) instead of on three different
- The Fingerprints of the keys are written on the sealed envelopes and not send to board
All of these derivations are okay since this was only a test run. Nevertheless, the decision was unanimously taken, to use the generated keys as test root keys under gigi1.test.cacert.org. The keys are therefore flagged as test root keys.
Non-Conformities
- Generate root certificates with basicConstrains critical and organisation information set.
- Generate sub-root certificates with the required fields from BR 7.1.2.2 set.
Recommendations
- The CA root and all of its sub-root should not be valid prior generation.
- Transfer the documentation from the pad to CAcert's Wiki.
- Add a flag to all.sh to allow /dis-allow root key and certificate generation.
Auditor
-- BenediktHeintel 2015-09-13 14:13:53