Re: verify ocsp manually

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Oh.. I'm a step further. I've checked every byte range of the ocsp response for the recovered sha256 signature.

$ len=`cat ocsp.resp | wc -c`
$ for start in `seq 1 $len`; do

    echo -n "$start "
    for end in `seq 1 $[$len+1-$start]`; do
      output=`cat ocsp.resp | tail -c +$start | head -c $end | sha256sum| grep
b483f2c34a6c1b4edf66b4d5310b58c3603ce9200f4fb0df61882fc0e02566a8`
      if [ "$output" != "" ]; then
        echo ''
        echo $start $end $output
       cat ocsp.resp | tail -c +$start | head -c $end | od -An -tx1
        break
      fi

    done
    if [ "$output" != "" ]; then break; fi
  done

35 193 b483f2c34a6c1b4edf66b4d5310b58c3603ce9200f4fb0df61882fc0e02566a8 -
 30 81 be a1 34 30 32 31 0b 30 09 06 03 55 04 06
 13 02 55 53 31 16 30 14 06 03 55 04 0a 13 0d 4c
 65 74 27 73 20 45 6e 63 72 79 70 74 31 0b 30 09
 06 03 55 04 03 13 02 52 33 18 0f 32 30 32 31 30
 37 31 38 31 38 30 30 30 30 5a 30 75 30 73 30 4b
 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 48 da c9
 a0 fb 2b d3 2d 4f f0 de 68 d2 f5 67 b7 35 f9 b3
 c4 04 14 14 2e b3 17 b7 58 56 cb ae 50 09 40 e6
 1f af 9d 8b 14 c2 c6 02 12 03 dc be 01 33 c9 b8
 33 12 54 75 b4 a7 7a b5 4a 3d f6 80 00 18 0f 32
 30 32 31 30 37 31 38 31 38 30 30 30 30 5a a0 11
 18 0f 32 30 32 31 30 37 32 35 31 38 30 30 30 30
 5a

So the TBS part starts in byte 35 and is 193 bytes long, meaning bytes 35-227.

Looking at wireshark, that's indeed the 'tbsResponseData'. Any way to extract the tbs with openssl ? Thanks.


On 2021-07-21 00:04, Gaardiolor wrote:

Good day,

I don't fully understand ocsp certificate verification. In order to better understand it, I want to do it manually. I can already do that with certificates.

$ openssl s_client -connect openssl.org:443 -showcerts
# I save the server.crt and intermediate.crt

$ openssl verify -no-CApath -partial_chain -trusted intermediate.crt server.crt
server.crt: OK

Manually:
# Get the ASN id's of the TBS and Signature
$ asn=`openssl asn1parse -i -in server.crt |egrep -e '(^ .*: SEQUENCE|: BIT STRING)'`
$ asn_tbs=`echo "$asn" | head -1 | awk -F: '{print $1}' | sed 's/ //g'`
$ asn_sig=`echo "$asn" | tail -1 | awk -F: '{print $1}' | sed 's/ //g'`

# Get tbs
openssl asn1parse -in server.crt -strparse ${asn_tbs} -out server.tbs > /dev/null

# Hash tbs
$ cat server.tbs | openssl sha256 -binary > server.tbs.sha256

# Get signature (ignore 'header too long' error)
$ openssl asn1parse -in server.crt -strparse ${asn_sig} -out server.sig > /dev/null

# Get public key of intermediate
$ openssl x509 -in intermediate.crt -noout -pubkey > intermediate.pub

# Recover (decrypt) the signature
$ openssl rsautl -inkey intermediate.pub -pubin -in server.sig -out server.sig.recovered

# Verify. Ignore the first line of server.sig.recovered, this is the hash algoritm designator
$ od -An -tx1 -w19 server.sig.recovered
 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20
 87 36 67 06 ba d7 10 18 72 d3 f6 58 00 a9 34 78 bc 82 bf
 57 37 20 ab 82 04 fb 04 78 38 e2 d3 a2
$ od -An -tx1 -w19 server.tbs.sha256
 87 36 67 06 ba d7 10 18 72 d3 f6 58 00 a9 34 78 bc 82 bf
 57 37 20 ab 82 04 fb 04 78 38 e2 d3 a2

Yay. Now how do I do that with OCSP ?

# Get OCSP
$ ocsp=`openssl x509 -noout -ocsp_uri -in server.crt`

# Verify
$ ocsp_response=`openssl ocsp -noverify -no_nonce -respout ocsp.resp -reqout ocsp.req -issuer intermediate.crt -cert server.crt -text -url $ocsp`
$ echo "$ocsp_response" | grep server.crt
server.crt: good

Manually:
# Get the signature. Can't find how to do this with asn1parse
$ for byte in `echo "$ocsp_response" | grep -A40 "    Signature Algorithm" | grep -B40 "server.crt" | egrep -ve '(Signature Algorithm|server.crt)' | sed -e 's/ //g' -e 's/:/ /g'`; do
    echo -ne "\x$byte"
  done
> ocsp.resp.sig

# Recover (decrypt) the signature
$ openssl rsautl -inkey intermediate.pub -pubin -in ocsp.resp.sig -out ocsp.resp.sig.recovered

# Print the decrypted signature (looks good, first line is hash algorithm designator, length looks ok, no errors)
$ od -An -tx1 -w19 ocsp.resp.sig.recovered
 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20
 b4 83 f2 c3 4a 6c 1b 4e df 66 b4 d5 31 0b 58 c3 60 3c e9
 20 0f 4f b0 df 61 88 2f c0 e0 25 66 a8

But.. How to extract the tbs data from the response, so I can sha256 that and compare ?


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux