summaryrefslogtreecommitdiff
path: root/source/signer.rst
blob: 1fb2b7e7c4b69b9adcdf6e4954ba8b9e352ae8dc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
===================
The Signer Protocol
===================

Communication with the signer is performed via a serial connection. That
connection has to be established by the client before speaking the protocol
defined here.

.. _signer-request-data-format:

Signer request data format specification
========================================

Protocol data is encoded with the following format:

.. table:: signer request message format

   ======= ==============================================================
   Byte    Data
   ======= ==============================================================
   0-2     length of header + data in network byte order
   3-12    action specific header
   13-15   length of first action specific content in network byte order
   15-N    fist action specific content string
   N+1-N+3 length of second action specific content in network byte order
   N+4-M   second action specific content string
   M+1-M+3 lenght of third action specific content in network byte order
   M+4-End third action specific content string
   ======= ==============================================================

Due to the length encoding in 3 bytes the messages can have a maximum length
of 8\ :sup:`3` = 2\ :sup:`24` Bytes which is around 16 MiB.

General header format
---------------------

Every protocol header (bytes 3-12 of protocol message) follows the same 8 byte
structure. The content of bits 3-8 are protocol action specific.

.. table:: general request header format

   ==== ===========================
   Byte Value
   ==== ===========================
   0    Version (``0x01``)
   1    Action
   2    System (used crypto system)
   3    8 bits root
   4    8 bits configuration
   5    8 bits parameter
   6-7  16 bits parameter
   8    8 bits parameter
   ==== ===========================

.. _signer-nul-request-format:

Format of NUL Requests
----------------------

NUL requests are sent at the end of each iteration in
:ref:`client.pl <commmodule-client-pl>`'s main loop.

.. table:: NUL request header format

   ==== ==================
   Byte Value
   ==== ==================
   0    Version (``0x01``)
   1    Action (``0x00``)
   2    System (``0x00``)
   3    ``0x00``
   4    ``0x00``
   5    ``0x00``
   6-7  ``0x0000``
   8    ``0x00``
   ==== ==================

**NUL Request Payload:**

- GMT timestamp in %m%d%H%M%Y.%S format
- ""
- ""

Format of X.509 signing request messages
----------------------------------------

X.509 signing request messages are sent in
:ref:`client.pl <commmodule-client-pl>`'s main loop for each requested
certificate.

.. table:: X.509 certificate signing request header format

   ==== ===================================================================
   Byte Value
   ==== ===================================================================
   0    Version (``0x01``)
   1    Action (``0x01``)
   2    System (``0x01`` for X.509)
   3    Root (see table :ref:`table-cert-roots`)
   4    Profile (see table :ref:`table-cert-profiles`)
   5    Message Digest Id (see table :ref:`table-md-ids`)
   6-7  Days in big-endian format
   8    Key type [#unused-server]_
   ==== ===================================================================

The key type is stored in the column *keytype* of the certificate request
table which is one of

- *domaincerts*
- *emailcerts*
- *orgdomaincerts*
- *orgemailcerts*

**X.509 Signing Request Payload:**

- PEM encoded PKCS#10 / :rfc:`2986` certifcate signing request or SPKAC
  (Netscape) signed public key and challenge (i.e. generated from a
  `\<keygen\> HTML form element <keygen>`_)
- comma separated list of SubjectAlternative names in a format that is
  accepted by openssl configuration file directive ``subjectAltName`` (see
  https://www.openssl.org/docs/man1.0.2/apps/x509v3_config.html#Subject-Alternative-Name)
- The requested subject DN in openssl format (parts separated by ``/``)

.. _keygen: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen

.. _table-cert-roots:

.. table:: CA root certificate identifiers

   == =================================================
   Id CA root
   == =================================================
   0  CAcert root (aka CAcert class 1 root)
   1  CAcert class3
   2  CAcert class3s
   x  root{}
   == =================================================

.. note::

   The CA root identifier is retrieved from the database by
   :ref:`client.pl <commmodule-client-pl>` the value that is found there is
   decremented by 1 before it is sent to the server.

   The server in :ref:`server.pl <commmodule-server-pl>` restricts the allowed
   root id in its ``CheckSystem`` function.

.. _table-cert-profiles:

.. table:: Certificate profile ids

   == ======================
   Id Profile
   == ======================
   0  Client (personal)
   1  Client (Organization)
   2  Client (Code signing)
   3  Client (Machine)
   4  Client (ADS)
   5  Server (personal)
   6  Server (Organization)
   7  Server (Jabber)
   8  Server (OCSP)
   9  Server (Timestamp)
   10 Proxy
   11 SubCA
   == ======================

.. note::

   :ref:`client.pl <commmodule-client-pl>` supports profiles 0, 1, 2, 4,
   5, 6, 8 and 9 only.

.. _table-md-ids:

.. table:: Message digest ids

   == ==========
   Id Algorithm
   == ==========
   1  MD5
   2  SHA-1
   3  RIPE-MD160
   8  SHA-256
   9  SHA-384
   10 SHA-512
   == ==========

Format of OpenPGP key signing requests
--------------------------------------

OpenPGP key signing requests are sent in
:ref:`client.pl <commmodule-client-pl>`'s main loop for each requested
OpenPGP key.

.. table:: OpenPGP key signing request header format

   ==== =============================
   Byte Value
   ==== =============================
   0    Version (``0x01``)
   1    Action (``0x01``)
   2    System (``0x02`` for OpenPGP)
   3    ``0x00``
   4    ``0x00``
   5    ``0x02`` [#unused-server]_
   6-7  366 encoded as ``0x016e``
   8    ``0x00``
   ==== =============================

**OpenPGP Signing Request Payload:**

- OpenPGP public keyring in binary format (see :rfc:`4880`)
- ""
- ""

.. [#unused-server] the field is unused in
   :ref:`server.pl <commmodule-server-pl>`

Format of X.509 certificate revocation requests
-----------------------------------------------

.. Request($ver, 2, 1, $row{'rootcert'} - 1, 0, 0, 365, 0, $content, "", $revokehash);

   ==== ===========================
   Byte Value
   ==== ===========================
   0    Version (``0x01``)
   1    Action (``0x02``)
   2    System (``0x01`` for X.509)
   3    Root
   4    ``0x00``
   5    ``0x00``
   6-7  365 encoded as ``0x016d``
   8    ``0x00``
   ==== ===========================

**X.509 Certificate Revocation Request Payload:**

- PEM encoded certificate data of the certificate to be revoked
- ""
- hexadecimal encoded SHA-1 hash of the CRL known CRL file of the requested
  CA Root (header byte 3)

.. _signer-response-data-format:

Signer response data format specification
=========================================

.. todo:: describe signer response

Protocol messages
=================

.. _signer-message-handshake:

Handshake
---------

#. client sends 1 byte ``0x02`` to serial port
#. client reads 1 byte from serial port (with a 20 second timeout)
#. client checks whether the byte is ``0x10``

.. seqdiag::

   seqdiag handhake {
     client  ->  server [label = "0x02"];
     client <--  server [label = "0x10"];
   }

If anything different is received there was a protocol error and no further
messages should be sent over the serial connection.

Send data
---------

:Preconditions:
  successful :ref:`Handshake <signer-message-handshake>`,
  data is encoded according to the :ref:`signer-request-data-format`

#. client builds byte wise xor of all data bytes into 1 byte $xor
#. client sends concatenated $data string + xor-Byte + "rie4Ech7"
#. client reads 1 byte (with a 5 second timeout)
#. if received byte is ``0x11`` try again
#. if received byte is ``0x10`` the message has been sent successfully

.. seqdiag::

   seqdiag with_retry {
     client  -> client [label = "xor $data"];
     client  -> server [label = "$data . $xor . \"rie4Ech7\""];
     client <-- server [label = "0x11"];
     client  -> server [label = "$data . $xor . \"rie4Ech7\""];
     client <-- server [label = "0x10"];
   }

If anything different is received there was a protocol error and no further
messages should be sent over the serial connection.