verify ocsp manually

Gaardiolor gaardiolor at gmail.com
Wed Jul 21 09:11:23 UTC 2021


Oh.. I'm a step further. I've checked every byte range of the ocsp 
response for the recovered sha256 signature.

$ len=`cat ocsp.resp | wc -c`
$ for start in `seq 1 $len`; do
     echo -n "$start "
     for end in `seq 1 $[$len+1-$start]`; do
       output=`cat ocsp.resp | tail -c +$start | head -c $end | 
sha256sum| grep 
b483f2c34a6c1b4edf66b4d5310b58c3603ce9200f4fb0df61882fc0e02566a8`
       if [ "$output" != "" ]; then
         echo ''
         echo $start $end $output
        cat ocsp.resp | tail -c +$start | head -c $end | od -An -tx1
         break
       fi
     done
     if [ "$output" != "" ]; then break; fi
   done

35 193 b483f2c34a6c1b4edf66b4d5310b58c3603ce9200f4fb0df61882fc0e02566a8 -
  30 81 be a1 34 30 32 31 0b 30 09 06 03 55 04 06
  13 02 55 53 31 16 30 14 06 03 55 04 0a 13 0d 4c
  65 74 27 73 20 45 6e 63 72 79 70 74 31 0b 30 09
  06 03 55 04 03 13 02 52 33 18 0f 32 30 32 31 30
  37 31 38 31 38 30 30 30 30 5a 30 75 30 73 30 4b
  30 09 06 05 2b 0e 03 02 1a 05 00 04 14 48 da c9
  a0 fb 2b d3 2d 4f f0 de 68 d2 f5 67 b7 35 f9 b3
  c4 04 14 14 2e b3 17 b7 58 56 cb ae 50 09 40 e6
  1f af 9d 8b 14 c2 c6 02 12 03 dc be 01 33 c9 b8
  33 12 54 75 b4 a7 7a b5 4a 3d f6 80 00 18 0f 32
  30 32 31 30 37 31 38 31 38 30 30 30 30 5a a0 11
  18 0f 32 30 32 31 30 37 32 35 31 38 30 30 30 30
  5a

So the TBS part starts in byte 35 and is 193 bytes long, meaning bytes 
35-227.

Looking at wireshark, that's indeed the 'tbsResponseData'. Any way to 
extract the tbs with openssl ? Thanks.


On 2021-07-21 00:04, Gaardiolor wrote:
>
> Good day,
>
> I don't fully understand ocsp certificate verification. In order to 
> better understand it, I want to do it manually. I can already do that 
> with certificates.
>
> $ openssl s_client -connect openssl.org:443 -showcerts
> # I save the server.crt and intermediate.crt
>
> $ openssl verify -no-CApath -partial_chain -trusted intermediate.crt 
> server.crt
> server.crt: OK
>
> Manually:
> # Get the ASN id's of the TBS and Signature
> $ asn=`openssl asn1parse -i -in server.crt |egrep -e '(^ .*: 
> SEQUENCE|: BIT STRING)'`
> $ asn_tbs=`echo "$asn" | head -1 | awk -F: '{print $1}' | sed 's/ //g'`
> $ asn_sig=`echo "$asn" | tail -1 | awk -F: '{print $1}' | sed 's/ //g'`
>
> # Get tbs
> openssl asn1parse -in server.crt -strparse ${asn_tbs} -out server.tbs 
> > /dev/null
>
> # Hash tbs
> $ cat server.tbs | openssl sha256 -binary > server.tbs.sha256
>
> # Get signature (ignore 'header too long' error)
> $ openssl asn1parse -in server.crt -strparse ${asn_sig} -out 
> server.sig > /dev/null
>
> # Get public key of intermediate
> $ openssl x509 -in intermediate.crt -noout -pubkey > intermediate.pub
>
> # Recover (decrypt) the signature
> $ openssl rsautl -inkey intermediate.pub -pubin -in server.sig -out 
> server.sig.recovered
>
> # Verify. Ignore the first line of server.sig.recovered, this is the 
> hash algoritm designator
> $ od -An -tx1 -w19 server.sig.recovered
>  30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20
>  87 36 67 06 ba d7 10 18 72 d3 f6 58 00 a9 34 78 bc 82 bf
>  57 37 20 ab 82 04 fb 04 78 38 e2 d3 a2
> $ od -An -tx1 -w19 server.tbs.sha256
>  87 36 67 06 ba d7 10 18 72 d3 f6 58 00 a9 34 78 bc 82 bf
>  57 37 20 ab 82 04 fb 04 78 38 e2 d3 a2
>
> Yay. Now how do I do that with OCSP ?
>
> # Get OCSP
> $ ocsp=`openssl x509 -noout -ocsp_uri -in server.crt`
>
> # Verify
> $ ocsp_response=`openssl ocsp -noverify -no_nonce -respout ocsp.resp 
> -reqout ocsp.req -issuer intermediate.crt -cert server.crt -text -url 
> $ocsp`
> $ echo "$ocsp_response" | grep server.crt
> server.crt: good
>
> Manually:
> # Get the signature. Can't find how to do this with asn1parse
> $ for byte in `echo "$ocsp_response" | grep -A40 " Signature 
> Algorithm" | grep -B40 "server.crt" | egrep -ve '(Signature 
> Algorithm|server.crt)' | sed -e 's/ //g' -e 's/:/ /g'`; do
>     echo -ne "\x$byte"
>   done > ocsp.resp.sig
>
> # Recover (decrypt) the signature
> $ openssl rsautl -inkey intermediate.pub -pubin -in ocsp.resp.sig -out 
> ocsp.resp.sig.recovered
>
> # Print the decrypted signature (looks good, first line is hash 
> algorithm designator, length looks ok, no errors)
> $ od -An -tx1 -w19 ocsp.resp.sig.recovered
>  30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20
>  b4 83 f2 c3 4a 6c 1b 4e df 66 b4 d5 31 0b 58 c3 60 3c e9
>  20 0f 4f b0 df 61 88 2f c0 e0 25 66 a8
>
> But.. How to extract the tbs data from the response, so I can sha256 
> that and compare ?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210721/38f8a0af/attachment-0001.html>


More information about the openssl-users mailing list