question

Crypt32 avatar image
0 Votes"
Crypt32 asked Crypt32 commented

[MS-WCCE] Incorrect CA Exchange certificate algorithm definition

In [MS-WCCE], §3.2.1.4.3.2.15.1 several statements are incorrect:

2.a. For the Subject of the exchange certificate, a common name attribute is used with a value the same as the value of the common name attribute in the subject information of the CA signing certificate (Signing_Cert_Certificate datum) and appending "-Xchg" to the value. The Issuer field is filled with the same value as the Subject field.

The last sentence is incorrect, it should be: The Issuer field is filled with the same value as the Subject field of the CA signing certificate.

2.g. If the CA signing certificate contains an Authority Key Identifier extension, add this extension with the same value as in the CA signing certificate (Signing_Cert_Certificate datum). Authority Key Identifier extension is specified in [RFC3280] section 4.2.1.1

AKI extension is not copied from signing certificate. Instead, an SKI (subject key identifier) value is placed in AKI extension of CA Exchange certificate. The correct statement would be:

If the CA signing certificate contains a Subject Key Identifier extension, add this extension value (Signing_Cert_Certificate datum) to the Authority Key Identifier extension of CA Exchange certificate. Authority Key Identifier extension is specified in [RFC3280] section 4.2.1.1

or something like that.

2.h. If the CA signing certificate contains a Subject Key Identifier extension, add this extension with the same value as in the CA signing certificate (Signing_Cert_Certificate datum). Subject Key Identifier extension is specified in [RFC3280] section 4.2.1.2.

Subject Key Identifier value is not copied from anywhere, it is a calculated SHA1 hash over subject's public key (which is not the same as CA key).

2.i. If the CA signing certificate contains an Authority Information Access extension, add this extension with the same value as in the CA signing certificate (Signing_Cert_Certificate datum). Authority Information Access extension is specified in [RFC3280] section 4.2.2.1.

2.j. If the CA signing certificate contains a CRL Distribution Point extension, add this extension with the same value as in the CA signing certificate (Signing_Cert_Certificate datum). CRL Distribution Point extension is specified in [RFC3280] section 4.2.1.14.


AIA and CDP extensions are not copied from CA certificate, instead it is constructed using CA configuration, specifically AIA and CDP extension configuration.

2.m. The value for the Signature Algorithm field is the name of the CA signing algorithm. The Signature Algorithm field is specified in [RFC3280] section 4.1.1.2.

as above, signature algorithm is determined by CA configuration, which may differ from what is used in CA certificate itself.


openspecs-questionsopenspecs-windows
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @Crypt32
I have alerted The Open Specifications team regarding inquiry. A member of the team will be in touch soon.

Regards,
Obaid Farooqi - MSFT

0 Votes 0 ·

Hi Crypt32,

I will research your questions and verify whether the spec needs to be updated.

Best Regards,
Jeff McCashland
Microsoft Open Specifications

0 Votes 0 ·
Crypt32 avatar image Crypt32 JeffMcCashland-5087 ·

Any update?

0 Votes 0 ·
Show more comments
JeffMcCashland-5087 avatar image
0 Votes"
JeffMcCashland-5087 answered Crypt32 commented

We have updated [MS-WCCE] for the next release of the document:

3.2.1.4.3.2.15.1 Creating a CA Exchange Certificate

  1.  If an exchange certificate wasn't created in previous steps, create it by adding the following fields and extensions: 
    

  2.  For the Subject of the exchange certificate, a common name attribute is used with a value the same as the value of the common name attribute in the subject information of the CA signing certificate (Signing_Cert_Certificate datum) and appending "-Xchg" to the value. The Issuer field is filled with the same value as the Subject field of the CA signing certificate (Signing-_Cert_Certificate datum). 
    

  3.  The Authority Key Identifier extension is added with the same value as the Subject Key Identifier extension in the CA signing certificate (Signing_Cert_Certificate datum). If the Subject Key Identifier extension is not found in the CA signing certificate (Signing_Cert_Certificate datum), then the SHA1 hash of the public key of CA signing certificate (Signing_Cert_Certificate datum) is used as the value for the Authority Key Identifier extension. The Authority Key Identifier extension is specified in [RFC3280] section 4.2.1.1.
    

  4.  The Subject Key Identifier extension is added with the same value as the SHA1 hash of the public key associated with the exchange certificate. The Subject Key Identifier extension is specified in [RFC3280] section 4.2.1.2.
    

  5.  The Authority Information Access extension is added with the same value the CA returns when ICertRequestD2::GetCAProperty is called for PropID of CR_PROP_CERTAIAURLS and propIndex of 0xFFFFFFFF. See section 3.2.1.4.3.2.42 for details on how this value is computed. The Authority Information Access extension is specified in [RFC3280] section 4.2.2.1.
    

  6.  The CRL Distribution Point extension is added with the same value the CA returns when ICertRequestD2::GetCAProperty is called for PropID of CR_PROP_CERTCDPURLS and propIndex of 0xFFFFFFFF. See section 3.2.1.4.3.2.43 for details on how this value is computed. The CRL Distribution Point extension is specified in [RFC3280] section 4.2.1.14.
    

We're still working on item 13.

Best Regards,
Jeff McCashland
Microsoft Open Specifications


· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

The editor changed all the numbers when I posted.

These address, in order, items 1, 7, 8, 9, 10 under step 2 in the section.

Thanks,
Jeff McCashland
Microsoft Open Specifications

0 Votes 0 ·

Looks good, thank you!

On 2.m: The value for the Signature Algorithm field is the name of the CA signing algorithm

Maybe docs are correct and I just misunderstood the wording. To me it looks like the same signature algorithm specified in CA certificate itself. If it is the case, then the sentence is incorrect. If it means the algorithm CA uses to sign certificates -- then the sentence is correct. I think this sentence requires a clarification on a source of CA algorithm name -- CA configuration (which would be correct) or CA certificate (which would be incorrect).

0 Votes 0 ·

Thank you Crypt32,

I will share that feedback with our WCCE team.

Best Regards,
Jeff McCashland

0 Votes 0 ·
JeffMcCashland-5087 avatar image JeffMcCashland-5087 JeffMcCashland-5087 ·

Hello Crypt32,

We have updated [MS-WCCE] for the next release of the document to address the final point:

3.2.1.4.3.2.15.1 Creating a CA Exchange Certificate
The CA MUST perform the following steps to create an exchange certificate.

  1. If an exchange certificate wasn't created in previous steps, create it by adding the following fields and extensions:

  2. The value for the Signature Algorithm field is the name of the signing algorithm configured at the CA. The Signature Algorithm field is specified in [RFC3280] section 4.1.1.2.

[if the numbering gets munged by the editor, that's step 13 of item 2 in this section]

Best Regards,
Jeff McCashland
Microsoft Open Specifications


0 Votes 0 ·
Show more comments
JeffMcCashland-5087 avatar image
0 Votes"
JeffMcCashland-5087 answered Crypt32 commented

Hi Crypt32,

I have been able to confirm all of your comments except for 1.

It appears to me that the AIK is constructed from the Issuer's KeyID, Name, and SerialNumber, rather than being copied from anywhere.

I have filed a request to update the documentation, and will follow up with it.

Thanks,
Jeff McCashland
Microsoft Open Specifications

· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello Jeff,

can you clarify what you mean? If we talk about first item, then it talks about issuer/subject fields. Subject field of CA certificate is indeed copied to Issuer field of CA Exchange certificate.

It appears to me that the AIK is constructed from the Issuer's KeyID, Name, and SerialNumber, rather than being copied from anywhere.

this is what I meant in 2.g. Maybe my wording was not correct. Semantically, SKI of CA certificate is copied to AKI of CA Exchange certificate (indeed, they both contain same public key hash). Of course, the syntax is slightly different. And it is default behavior. Name and Issuer fields are not placed in AKI by default, this requires CA reconfiguration. Anyway, the behavior expressed in doc is incorrect.

0 Votes 0 ·

Hi Crypt32,

I will work with our WCCE team to gain further clarification.

Best Regards,
Jeff McCashland

0 Votes 0 ·

Hi Crypt32,

Could you let me know what configuration and steps you use to generate a CA Exchange certificate? I want to generate a trace to verify the behavior.

Thanks,
Jeff McCashland
Microsoft Open Specifications

0 Votes 0 ·
Show more comments
JeffMcCashland-5087 avatar image
0 Votes"
JeffMcCashland-5087 answered Crypt32 commented

Hi Crypt32,

We're continuing to dig into the code to understand the last few items. You can use the title of this thread as your subject, or whatever makes sense to you.

Thanks,
Jeff McCashland
Microsoft Open Specifications

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Email is sent.

0 Votes 0 ·