Create DBus method to dump the certificate #1285
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #1285 +/- ##
==========================================
+ Coverage 79.90% 80.03% +0.13%
==========================================
Files 67 67
Lines 19892 20075 +183
==========================================
+ Hits 15894 16068 +174
- Misses 3998 4007 +9 ☔ View full report in Codecov by Sentry. |
|
@sanapci Thank you for sharing your work!
I guess with 'multiple signing certificates' you mean alternative ones, since RAUC at the moment does not support multiple signers (at once), right? From inside the bundle one could for example use hooks and the exported SPKI hashes to perform actions based on the kind of certificate used for signing: https://rauc.readthedocs.io/en/latest/advanced.html#switching-the-keyring-spki-hashes |
|
This approach would make it easy to have a TOC/TOU vulnerability, as there is no guarantee that an installation started after calling this method would use the same bundle. As @ejoerns mentioned, we'll need more details on your use case and an explanation why you see this approach is the best solution for it. |
jluebbe
added
the
enhancement
Signed-off-by: Elek, David <dave.elek.96@gmail.com>
Yes, you are right, I meant to have alternative ones and not in one bundle.
Let's say, the bundle validation fails with the installed trustchain. In this case, maybe an update required for the trustchain on the system because it is an outdated one and the installation fails.
Yes, this could be a prevention for a scenario, where the bundle installation fails.
With the hashes it is required to get the certificate with the same hash from the internet, otherwise it would not be possible to do verifications and checks with the certificate.
This feature is not intended to take over the verification from the installation process. If the install is trigerred the internal verification still executed. |
sanapci
force-pushed
the
add_dumpcert_dbus_method
branch
from
8d3841f to
0e825e9
Compare
Signed-off-by: Elek, David <dave.elek.96@gmail.com>
…oding in hexadecimal Signed-off-by: Elek, David <dave.elek.96@gmail.com>
Sorry, but the scenario doesn't make sense to me, yet. How do you authenticate the new certificate?
To know that you keyring is outdated, you shouldn't need the certificates, but just a dedicated error result from At that point I'm wondering though: If you have a way to authenticate the new CA certificate, why not just use the same certificate to authenticate RAUC bundles and avoid the whole issue from the start? |
|
The changes in the pull requests are containing some errors and needs to be updated if required. The details maybe were a bit misleading, so to be clear: The extracted CA and certificate is verified with the root CA. |
The changes will create a new DBus method, for other applications to get the certificate chain from a bundle.
There is a command which prints a readable format from CLI, but with these changes we could be able to retrieve certificate chain programmatically and work on the "consumer" side.
What do you use the feature for? Get the certificate from a bundle and validate it outside of the RAUC .
How does RAUC benefit from the feature? This could be useful also for other users if want to handle certificates outside of the RAUC, in their application. For example, let's say there are multiple signing certificates and we want to get from the bundle which one was used and interpret behavior based on this.
How did you verify the feature works? Used OpenSSL commands to generate the certificate chain and compared it with the one from the output of the changes. Also the output of the changes can be parsed and printed with OpenSSL commands and print it in readable format.
If hardware is needed for the feature, which hardware is supported and which
hardware did you test with? No hardware required, only a created bundle required.