Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't allow the same private key to be used by more than one configured log #1046

Merged
merged 6 commits into from
Apr 13, 2023

Conversation

robstradling
Copy link
Contributor

@robstradling robstradling commented Mar 22, 2023

Each log/shard is expected to use a unique keypair. This is stated explicitly in RFC9162, and although not clearly stated in RFC6962 (AFAICT) it is strongly implied. If two logs share the same private key, then cryptographically speaking they should be considered as split views of the same log.

This PR ensures that no two logs in the CTFE configuration use the same private key.

h/t to @AlCutter for suggesting this check.

Checklist

@robstradling robstradling requested a review from a team as a code owner March 22, 2023 15:01
@robstradling robstradling requested review from pphaneuf and removed request for a team March 22, 2023 15:01
@roger2hk
Copy link
Contributor

/gcbrun

@robstradling
Copy link
Contributor Author

The CI build failure is expected, because the logs configured in ct_integration_test.cfg and ct_lifecycle_test.cfg all share the same keypair. ;-)

@AlCutter AlCutter requested review from AlCutter and removed request for pphaneuf March 22, 2023 16:41
@robstradling
Copy link
Contributor Author

The CI build failure is expected, because the logs configured in ct_integration_test.cfg and ct_lifecycle_test.cfg all share the same keypair. ;-)

Please post another /gcbrun comment. I've generated unique key pairs for each of the integration test logs, so the CI build should now succeed. Thanks.

@AlCutter
Copy link
Member

/gcbrun

@AlCutter
Copy link
Member

/gcbrun

@robstradling
Copy link
Contributor Author

Another CI build failure:
Step #6 - "etcd_with_coverage": /workspace/trillian/integration/ct_functions.sh: line 118: ./createtree: Text file busy
Any idea how to resolve this?

@AlCutter
Copy link
Member

Another CI build failure: Step #6 - "etcd_with_coverage": /workspace/trillian/integration/ct_functions.sh: line 118: ./createtree: Text file busy Any idea how to resolve this?

Ah, that's a flake - just need to kick it again, hang on...

@robstradling
Copy link
Contributor Author

Different error this time:
Step #7 - "etcd_with_race": /workspace/trillian/integration/ct_functions.sh: line 118: ./createtree: No such file or directory
Another kick needed?

@AlCutter
Copy link
Member

Hmm, that's unexpected...

@robstradling
Copy link
Contributor Author

Successful!

@AlCutter AlCutter merged commit 92b7213 into google:master Apr 13, 2023
@robstradling robstradling deleted the check_private_key_uniqueness branch April 21, 2023 18:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants