[strongSwan-dev] OCSP request malformed, no timestamp or nonce checks?
Jörn Heissler
strongswan at wulf.eu.org
Mon Jun 5 19:08:10 CEST 2017
On Sun, Jun 04, 2017 at 09:36:27PM +0300, lauri wrote:
> I am attempting to implement OCSP responder in Python using asn1crypto
> library [1]. I managed to parse OCSP request generated by openssl, but
> when I try to parse OCSP request generated by StrongSwan I bump into
> issue described at asn1crypto issue tracker [2]. They claim that the
> request is malformed, but that can be easily problem on my side. I
> manage to parse and give a response suitable for StrongSwan if I skip
> parsing OCSP request extensions including the nonce.
> Could anyone of you point out what I might be doing wrong or have I
> found bugs in the StrongSwan's OCSP implementation?
Hi,
I'm convinced that it's a bug in strongswan.
src/libstrongswan/plugins/x509/x509_ocsp_request.c function build_nonce.
return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid,
asn1_simple_object(ASN1_OCTET_STRING, this->nonce));
This creates an ASN1_SEQUENCE which contains the extension OID and an
ASN1_OCTET_STRING with the nonce.
Correct behaviour would be to wrap the OctetString in another
OctetString.
If you look above at ASN1_response_content you'll see an OctetString
(0x04) wrapping a sequence (0x30 and so on). This is correct.
rfc5280 (and others) specifies how those Extensions are to be encoded:
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
-- contains the DER encoding of an ASN.1 value
-- corresponding to the extension type identified
-- by extnID
}
Correct code may look like this (Better triple check it, I'm mostly guessing
here!):
return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid,
asn1_wrap(ASN1_OCTET_STRING, "m", asn1_simple_object(
ASN1_OCTET_STRING, this->nonce)));
Cheers
Jörn
More information about the Dev
mailing list