Re: verify ocsp manually

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Try sending that block to

 pbpaste| xxd -r -p  | openssl asn1parse -inform DER
    0:d=0  hl=3 l= 190 cons: SEQUENCE          
    3:d=1  hl=2 l=  52 cons: cont [ 1 ]        
    5:d=2  hl=2 l=  50 cons: SEQUENCE          
    7:d=3  hl=2 l=  11 cons: SET               
    9:d=4  hl=2 l=   9 cons: SEQUENCE          
   11:d=5  hl=2 l=   3 prim: OBJECT            :countryName
   16:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :US
   20:d=3  hl=2 l=  22 cons: SET               
   22:d=4  hl=2 l=  20 cons: SEQUENCE          
   24:d=5  hl=2 l=   3 prim: OBJECT            :organizationName
   29:d=5  hl=2 l=  13 prim: PRINTABLESTRING   :Let's Encrypt
   44:d=3  hl=2 l=  11 cons: SET               
   46:d=4  hl=2 l=   9 cons: SEQUENCE          
   48:d=5  hl=2 l=   3 prim: OBJECT            :commonName
   53:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :R3
   57:d=1  hl=2 l=  15 prim: GENERALIZEDTIME   :20210718180000Z
   74:d=1  hl=2 l= 117 cons: SEQUENCE          
   76:d=2  hl=2 l= 115 cons: SEQUENCE          
   78:d=3  hl=2 l=  75 cons: SEQUENCE          
   80:d=4  hl=2 l=   9 cons: SEQUENCE          
   82:d=5  hl=2 l=   5 prim: OBJECT            :sha1
   89:d=5  hl=2 l=   0 prim: NULL              
   91:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX DUMP]:48DAC9A0FB2BD32D4FF0DE68D2F567B735F9B3C4
  113:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX DUMP]:142EB317B75856CBAE500940E61FAF9D8B14C2C6
  135:d=4  hl=2 l=  18 prim: INTEGER           :03DCBE0133C9B833125475B4A77AB54A3DF6
  155:d=3  hl=2 l=   0 prim: cont [ 0 ]        
  157:d=3  hl=2 l=  15 prim: GENERALIZEDTIME   :20210718180000Z
  174:d=3  hl=2 l=  17 cons: cont [ 0 ]        
  176:d=4  hl=2 l=  15 prim: GENERALIZEDTIME   :20210725180000Z

> On 21 Jul 2021, at 11:11, Gaardiolor <gaardiolor@xxxxxxxxx> wrote:
> 
> Oh.. I'm a step further. I've checked every byte range of the ocsp response for the recovered sha256 signature.
> 
> $ len=`cat ocsp.resp | wc -c`
> $ for start in `seq 1 $len`; do
>     echo -n "$start "
>     for end in `seq 1 $[$len+1-$start]`; do
>       output=`cat ocsp.resp | tail -c +$start | head -c $end | sha256sum| grep b483f2c34a6c1b4edf66b4d5310b58c3603ce9200f4fb0df61882fc0e02566a8`
>       if [ "$output" != "" ]; then
>         echo ''
>         echo $start $end $output
>        cat ocsp.resp | tail -c +$start | head -c $end | od -An -tx1
>         break
>       fi
>     done
>     if [ "$output" != "" ]; then break; fi
>   done
> 
> 
> 35 193 b483f2c34a6c1b4edf66b4d5310b58c3603ce9200f4fb0df61882fc0e02566a8 -
>  30 81 be a1 34 30 32 31 0b 30 09 06 03 55 04 06
>  13 02 55 53 31 16 30 14 06 03 55 04 0a 13 0d 4c
>  65 74 27 73 20 45 6e 63 72 79 70 74 31 0b 30 09
>  06 03 55 04 03 13 02 52 33 18 0f 32 30 32 31 30
>  37 31 38 31 38 30 30 30 30 5a 30 75 30 73 30 4b
>  30 09 06 05 2b 0e 03 02 1a 05 00 04 14 48 da c9
>  a0 fb 2b d3 2d 4f f0 de 68 d2 f5 67 b7 35 f9 b3
>  c4 04 14 14 2e b3 17 b7 58 56 cb ae 50 09 40 e6
>  1f af 9d 8b 14 c2 c6 02 12 03 dc be 01 33 c9 b8
>  33 12 54 75 b4 a7 7a b5 4a 3d f6 80 00 18 0f 32
>  30 32 31 30 37 31 38 31 38 30 30 30 30 5a a0 11
>  18 0f 32 30 32 31 30 37 32 35 31 38 30 30 30 30
>  5a
> 
> 
> So the TBS part starts in byte 35 and is 193 bytes long, meaning bytes 35-227. 
> 
> Looking at wireshark, that's indeed the 'tbsResponseData'. Any way to extract the tbs with openssl ? Thanks.
> 
> 
> 
> On 2021-07-21 00:04, Gaardiolor wrote:
>> Good day,
>> 
>> I don't fully understand ocsp certificate verification. In order to better understand it, I want to do it manually. I can already do that with certificates.
>> 
>> $ openssl s_client -connect openssl.org:443 -showcerts
>> # I save the server.crt and intermediate.crt
>> 
>> $ openssl verify -no-CApath -partial_chain -trusted intermediate.crt server.crt
>> server.crt: OK
>> 
>> Manually:
>> # Get the ASN id's of the TBS and Signature
>> $ asn=`openssl asn1parse -i -in server.crt |egrep -e '(^ .*: SEQUENCE|: BIT STRING)'`
>> $ asn_tbs=`echo "$asn" | head -1 | awk -F: '{print $1}' | sed 's/ //g'`
>> $ asn_sig=`echo "$asn" | tail -1 | awk -F: '{print $1}' | sed 's/ //g'`
>> 
>> # Get tbs
>> openssl asn1parse -in server.crt -strparse ${asn_tbs} -out server.tbs > /dev/null
>> 
>> # Hash tbs
>> $ cat server.tbs | openssl sha256 -binary > server.tbs.sha256
>> 
>> # Get signature (ignore 'header too long' error)
>> $ openssl asn1parse -in server.crt -strparse ${asn_sig} -out server.sig > /dev/null
>> 
>> # Get public key of intermediate
>> $ openssl x509 -in intermediate.crt -noout -pubkey > intermediate.pub
>> 
>> # Recover (decrypt) the signature
>> $ openssl rsautl -inkey intermediate.pub -pubin -in server.sig -out server.sig.recovered
>> 
>> # Verify. Ignore the first line of server.sig.recovered, this is the hash algoritm designator
>> $ od -An -tx1 -w19 server.sig.recovered
>>  30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20
>>  87 36 67 06 ba d7 10 18 72 d3 f6 58 00 a9 34 78 bc 82 bf
>>  57 37 20 ab 82 04 fb 04 78 38 e2 d3 a2
>> $ od -An -tx1 -w19 server.tbs.sha256
>>  87 36 67 06 ba d7 10 18 72 d3 f6 58 00 a9 34 78 bc 82 bf
>>  57 37 20 ab 82 04 fb 04 78 38 e2 d3 a2
>> 
>> Yay. Now how do I do that with OCSP ?
>> 
>> # Get OCSP
>> $ ocsp=`openssl x509 -noout -ocsp_uri -in server.crt`
>> 
>> # Verify
>> $ ocsp_response=`openssl ocsp -noverify -no_nonce -respout ocsp.resp -reqout ocsp.req -issuer intermediate.crt -cert server.crt -text -url $ocsp`
>> $ echo "$ocsp_response" | grep server.crt
>> server.crt: good
>> 
>> Manually:
>> # Get the signature. Can't find how to do this with asn1parse
>> $ for byte in `echo "$ocsp_response" | grep -A40 "    Signature Algorithm" | grep -B40 "server.crt" | egrep -ve '(Signature Algorithm|server.crt)' | sed -e 's/ //g' -e 's/:/ /g'`; do
>>     echo -ne "\x$byte"
>>   done > ocsp.resp.sig
>> 
>> # Recover (decrypt) the signature
>> $ openssl rsautl -inkey intermediate.pub -pubin -in ocsp.resp.sig -out ocsp.resp.sig.recovered
>> 
>> # Print the decrypted signature (looks good, first line is hash algorithm designator, length looks ok, no errors)
>> $ od -An -tx1 -w19 ocsp.resp.sig.recovered
>>  30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20
>>  b4 83 f2 c3 4a 6c 1b 4e df 66 b4 d5 31 0b 58 c3 60 3c e9
>>  20 0f 4f b0 df 61 88 2f c0 e0 25 66 a8
>> 
>> But.. How to extract the tbs data from the response, so I can sha256 that and compare ?
>> 





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux