OCSP hash algorithm agility

Stefan Winter stefan.winter at restena.lu
Wed Jan 11 10:30:22 CET 2017 

Hi,

I'm currently implementing an OCSP responder for use with EAP-TLS. I
think I found a case of insufficient algorithm agility. Or I'm doing
something wrong, hence my mail to the list here -can someone quickly
confirm if I'm on the right track?

I have a copy of the request FR 3.0.12 sends and the response I send back:

[root at snf-734018 ticker]# openssl ocsp -reqin realrequest.der -req_text
OCSP Request Data:
    Version: 1 (0x0)
    Requestor List:
        Certificate ID:
          Hash Algorithm: sha1
          Issuer Name Hash: DCEB2C72264239201A4A5DF547C78268A1CB33A2
          Issuer Key Hash: BC8DDD42F7B3B458E8ECEE403D21D404CEB9F2D0
          Serial Number: 0BA50D497E
[root at snf-734018 ticker]# openssl ocsp -respin realresponse.der -resp_text
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: O = eduroam, OU = eduroam-as-a-Service, CN =
eduroam-as-a-Service Client Auth Issuing CA - Prototype
    Produced At: Jan 11 08:24:56 2017 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha256
      Issuer Name Hash:
7A6CC4FC2F34491E91A8764D1F0990FB8FE02FE6FD64713AE4DCE0E731E5B508
      Issuer Key Hash:
D9CE624ED036FD290E8BDA9A36107D40D37C41DF1BB268741157074D66B3C038
      Serial Number: 0BA50D497E
    Cert Status: good
    This Update: Jan 11 08:24:56 2017 GMT
    Next Update: Jan 21 08:24:56 2017 GMT

    Signature Algorithm: sha256WithRSAEncryption

As can be seen, the request is about the same certificate (by serial),
and the issuer and key are identical (I verified that out-of-band; it's
my own CA and my own response generator. I am sure all is good.).

But: FreeRADIUS sends the name and key hashes hashed with SHA1; my
resonse does the hashes with SHA256.

The result in debug mode is:

Wed Jan 11 03:56:13 2017 : Debug: (54) eap_tls: Starting OCSP Request
Wed Jan 11 03:56:13 2017 : Debug: (54) eap_tls: ocsp: Using responder
URL "http://ocsp-test.hosted.eduroam.org:80/ticker/"
Wed Jan 11 03:56:13 2017 : ERROR: (54) eap_tls: ocsp: No Status found
Wed Jan 11 03:56:13 2017 : ERROR: (54) eap_tls: ocsp: Certificate has
been expired/revoked

The Status sits right there in the response: "Cert Status: good" but for
some reason FR won't accept it.

I believe it would be easy to fix this; calculate the name and key
hashes for both algos and check if the response matches any one of those.

I thought I could slap you with RFC6960's section 4.3: "Clients that
request OCSP services SHALL be capable of processing responses signed
using RSA with SHA-256 (identified by the sha256WithRSAEncryption OID
specified in [RFC4055]). "

but that one only pertains to the signature hash algorithm of the full
response (which is sha256, and which does not seem to be the issue here).

So, is all that correct?

For the moment I will generate responses with SHA1 name and key hashes.
But it feels like a step in the wrong direction.

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170111/6e3a4e4e/attachment-0001.sig>

More information about the Freeradius-Users mailing list