wbond / ocspbuilder Goto Github PK

I want to add the OID of SM2, SM3, SM3WithSM2 in this project, but I didn't find the relevant API.

I'd like to be able to build OCSPResponses based only on an index file (which stores revocation, expiration and serial), and not have to supply the actual certificate file.

It looks like the only two values you actually extract from self._certificate (init.py: lines 1015 - 1017) are the serial number and the issuer.... because the issuer and serial number are supplied, you should be able to generate a 'good' response based on an OCSPRequest, and not need to actually supply the certificate.

Please let me know if I'm missing something security relevant.... if not, happy to send a pull request if you need one.

Hi there,

Looking at the code, I think there might be a small bug in this line:

responder_key_hash = getattr(responder_certificate.public_key, self._key_hash_algo)

I think that needs to be:

responder_key_hash = getattr(responder_certificate.public_key, 'sha1') # fixed to SHA-1 by RFC 6960

Since RFC 6960, page 31 states:

ResponderID ::= CHOICE {
byName [1] Name,
byKey [2] KeyHash }

KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key
-- (i.e., the SHA-1 hash of the value of the
-- BIT STRING subjectPublicKey [excluding
-- the tag, length, and number of unused
-- bits] in the responder's certificate)

I find that when generating OCSPResponse objects using sha256 for the name hash/key hash, OpenSSL will object, saying that it cannot locate the signing certificate if a KeyID is embedded in there. But if I subclass the builder and fix the hash to 'sha1', it works fine.

This import creates a problem when running setup.py install:

$ python setup.py install
Traceback (most recent call last):
  File "setup.py", line 6, in <module>
    import ocspbuilder
  File ".../ocspbuilder/ocspbuilder/__init__.py", line 10, in <module>
    from asn1crypto import x509, keys, core, ocsp
ImportError: No module named asn1crypto

I'd suggest removing it, although you need another way to track your version number. I don't see any special reason why it should be in the module init.py, so you could just move the version string to the setup.py maybe? If you agree, I would be happy to make a pull request as well

Hi,

How mature is this project?
If production ready, I would like to use it in my cloud along with NGINX.

Thanks.

I generating a OCSP response

revocation_date = datetime(2021, 9, 15, 10, 3, 43, tzinfo=timezone.utc)
builder = OCSPResponseBuilder('successful',  subject_cert, 'revoked', revocation_date)

The base64 response is

MIIB+AoBAKCCAfEwggHtBgkrBgEFBQcwAQEEggHeMIIB2jCBw6IWBBTnQvfMfAz2WahkTa4IdITrQBRJ+BgWMjAyMTA5MTUxMzMzMDAuOTIzODA0WjCBkDCBjTBBMAkGBSsOAwIaBQAEFP4rCoFXQt2cj3BLS7kzmybo6ooGBBTnQvfMfAz2WahkTa4IdITrQBRJ+AIIIw09N6w2y+2hFhgPMjAyMTA5MTUxMDAzNDNaoAMKAQAYFjIwMjEwOTE1MTMzMzAwLjkyMzgwNFqgGBgWMjAyMTA5MjIxMzMzMDAuOTIzODA0WjANBgkqhkiG9w0BAQsFAAOCAQEAoVM64NBjYeBYSdCMCGGvqYy0SXg8FThvhUDnkgpt/u1hO3aRIZbE8HXsrA09lXMq+BHQoylaQyB2NsxwMSeXt+4VV3brWCfLwJfhc0Fh7gDMfcpfK1jVQ9x8d35q43Qx6LLYM6yVvBYOPzzaq7r1e8G3MpNHq/lDnJq33q5HMDTKAYluLGJlfLlcoTNuuxwAjx1+okybSyb07meJO49eK+5WBv/Zs91fYxrxKTEo+NM5YQ7nOMFSJ2XNPquY28rNQcUj4SV8w6Ej0vINYlknkJK/onjnuP4aY+tGRGK/SWhcZviWqUJi2LqlMV50gH3v+5F6ZDKn97K2evOaKanrzA==

According to ASN1 parser https://lapo.it/asn1js/ it contains an invalid generalized time, any hints on what is going on here

Cheers,
Jose

How will this class be used? I mean, as per my knowledge, server will make an OCSP request, query to the OCSP Server mentioned in the certificate. So Ideally OCSP Server should return the revocation status to our server. Why and how will we use the OCSPResponseBuilder to use the revocation status returned by OCSP Responder to our server?

Hello,

I'm trying to use ocspbuilder in an environment where keys are stored in an HSM. The private keys aren't available to me, and signing is a function that is provided by an API.

It would be great if one could override the sign function instead of assume keys are available on disk.

If you're receptive to such a change I could work on a PR.

Does ocspbuilder already support multiple certificates in the response? To quote RFC 6960:

The response MUST include a SingleResponse for each certificate in the request.

Hello,

I'd like to implement my own OCSP server but there doesn't seem to be a way to parse requests. What am I missing?

Hi Will,

Experiencing a problem with several different production responders accepting requests, After comparing your requests to those from openssl (which do work) I believe it's due to the way id-sha1 is encoded.

Specifically, to maximize interoperability, id-sha1 should include NULL parameters (0500) in the AlgorithmIdentifier, i.e. 300906052B0E03021A0500

9: SEQUENCE {
5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
0: NULL
: }

The requests from ocspbuilder omit the parameters, which is technically correct, but is almost certainly causing problems:

300706052B0E03021A

7: SEQUENCE {
5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
: }

Note that the OCSP servers should also be fixed; they should be accepting these requests because they are technically correct.

https://www.ietf.org/rfc/rfc4055.txt gives some explanation of how we ended up here:

There are two possible encodings for the AlgorithmIdentifier
parameters field associated with these object identifiers. The two
alternatives arise from the loss of the OPTIONAL associated with the
algorithm identifier parameters when the 1988 syntax for
AlgorithmIdentifier was translated into the 1997 syntax. Later the
OPTIONAL was recovered via a defect report, but by then many people
thought that algorithm parameters were mandatory. Because of this
history some implementations encode parameters as a NULL element
while others omit them entirely. The correct encoding is to omit the
parameters field; however, when RSASSA-PSS and RSAES-OAEP were
defined, it was done using the NULL parameters rather than absent
parameters.

All implementations MUST accept both NULL and absent parameters as
legal and equivalent encodings.

To be clear, the following algorithm identifiers are used when a NULL
parameter MUST be present:

 sha1Identifier  AlgorithmIdentifier  ::=  { id-sha1, NULL }
 sha224Identifier  AlgorithmIdentifier  ::=  { id-sha224, NULL }
 sha256Identifier  AlgorithmIdentifier  ::=  { id-sha256, NULL }
 sha384Identifier  AlgorithmIdentifier  ::=  { id-sha384, NULL }
 sha512Identifier  AlgorithmIdentifier  ::=  { id-sha512, NULL }