Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ceremony: Distinguish between intermediate and cross-sign ceremonies #7005

Merged
merged 56 commits into from
Aug 23, 2023

Conversation

pgporada
Copy link
Member

@pgporada pgporada commented Jul 19, 2023

In //cmd/ceremony:

  • Added CertificateToCrossSignPath to the cross-certificate ceremony type. This new input field takes an existing certificate that will be cross-signed and performs checks against the manually configured data in each ceremony file.
  • Added byte-for-byte subject/issuer comparison checks to root, intermediate, and cross-certificate ceremonies to detect that signing is happening as expected.
  • Added Fermat factorization check from the //goodkey package to all functions that generate new key material.

In //linter:

  • The Check function now exports linting certificate bytes. The idea is that a linting certificate's tbsCertificate bytes can be compared against the final certificate's tbsCertificate bytes as a verification that x509.CreateCertificate was deterministic and produced identical DER bytes after each signing operation.

Other notable changes:

  • Re-orders the issuers list in each CA config to match staging and production. There is an ordering issue mentioned by @aarongable two years ago on IN-5913 that didn't make it's way back to this repository.

    Order here matters – the default chain we serve for each intermediate should be the first listed chain containing that intermediate.

  • Enables ECDSAForAll in config-next CA configs to match Staging.
  • Generates 2x new ECDSA subordinate CAs cross-signed by an RSA root and adds these chains to the WFE for clients to download.
  • Increased the test.sh startup timeout to account for the extra ceremony run time.

Fixes #7003

@pgporada
Copy link
Member Author

pgporada commented Jul 20, 2023

If any of OCSPURL, CRLURL, or IssuingCertificateURL are present in the parent certificate, should we either use that over the values provided in the config file, perform an equality check, or just leave this section alone and only configure it via the config file?

@pgporada pgporada changed the title ceremony: Handle distinctions between intermediate and cross-sign ceremonies ceremony: Distinguish between intermediate and cross-sign ceremonies Jul 20, 2023
@pgporada pgporada force-pushed the ceremony-cross-cert-rework branch 2 times, most recently from 6e6037e to 076abd3 Compare July 20, 2023 15:02
…elds. Remove input for crossCert validation method
cmd/ceremony/main.go Outdated Show resolved Hide resolved
cmd/ceremony/main.go Outdated Show resolved Hide resolved
cmd/ceremony/main.go Outdated Show resolved Hide resolved
cmd/ceremony/main.go Outdated Show resolved Hide resolved
cmd/ceremony/main.go Outdated Show resolved Hide resolved
cmd/ceremony/main.go Outdated Show resolved Hide resolved
cmd/ceremony/main.go Show resolved Hide resolved
cmd/ceremony/main.go Show resolved Hide resolved
aarongable
aarongable previously approved these changes Aug 16, 2023
cmd/ceremony/cert.go Outdated Show resolved Hide resolved
cmd/ceremony/cert.go Show resolved Hide resolved
cmd/ceremony/main.go Outdated Show resolved Hide resolved
cmd/ceremony/main.go Outdated Show resolved Hide resolved
cmd/ceremony/main.go Outdated Show resolved Hide resolved
cmd/ceremony/main.go Show resolved Hide resolved
Co-authored-by: Aaron Gable <[email protected]>
@pgporada pgporada merged commit 72e01b3 into main Aug 23, 2023
22 checks passed
@pgporada pgporada deleted the ceremony-cross-cert-rework branch August 23, 2023 18:01
pgporada added a commit that referenced this pull request Aug 31, 2023
Removes the SignatureAlgorithm field while constructing the lint issuer.
Depending on the realIssuer, which could be either an intermediate or
cross-signed intermediate, the SignatureAlgorithm of that certificate
may differ from the root certificate that had signed it causing the
following error during CA startup.

```
Starting service boulder-ca-a
16:49:29.437776 3 boulder-ca qM-tDQA [AUDIT] Couldn't load issuers: failed to create lint issuer: x509: requested SignatureAlgorithm does not match private key type
```

Related to work done in
#7005.

---------

Co-authored-by: Aaron Gable <[email protected]>
pgporada added a commit that referenced this pull request Jun 3, 2024
In #7005 several safety
checks were added to the `ceremony` tool:

This change extracts the `RawSubject` to `RawIssuer` DER byte comparison
into the `//linter` package proper so that it can serve both `//ca` and
`//cmd/ceremony`.

Adds a helper function `verifyTBSCertificateDeterminism` to `//ca`
similar to an existing check in `//cmd/ceremony`. This code is not
shared because we want `//cmd/ceremony` to largely stand alone from
boulder proper. The helper performs a byte comparison on the
`RawTBSCertificate` DER bytes for a given linting certificate and leaf
certificate. The goal is to verify that `x509.CreateCertificate` was
deterministic and produced identical DER bytes after each signing
operation.

Fixes #6965
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

ceremony: separate code-paths for Intermediate and Cross-Sign
3 participants