Comments (5)
Hi. Thanks for the detailed bug report.
Could you try out #4223 and report if it's fixed? Thanks
from scapy.
Could you provide example code where this fails? Thanks.
from scapy.
this is already triggering the error.
ocsp_response_bytes = OCSP_ResponseBytes()
ocsp_response_bytes.responseBytes.signatureAlgorithm.algorithm = ASN1_OID('1.2.840.10045.4.3.2')
ocsp_response_bytes.self_build()
If that isn't enough I included a small script that can be used to replicate the ocsp error more easily. here:
from scapy.asn1.asn1 import (ASN1_BIT_STRING, ASN1_ENUMERATED, ASN1_OID)
from scapy.layers.x509 import (
OCSP_Response, OCSP_ResponseBytes,
OCSP_ResponseData, X509_AlgorithmIdentifier)
from cryptography.x509.ocsp import load_der_ocsp_response
def _hex_to_asn1_bit_string(hex_string: str) -> ASN1_BIT_STRING:
bin_string = bin(int(hex_string, 16))[2:]
# padding so dividable by 4
padding = 0 if len(bin_string) % 4 == 0 else 4 - len(bin_string)
return ASN1_BIT_STRING("0" * padding + bin_string)
# insert a custom DER OCSP-Response here to load into scapy (in hex format)
der_ocsp_reponse_in_hex = (
'3082013d0a0100a08201363082013206092b060105050730010104820123'
'3082011f3081c7a2160414117f8e44bbe97fca27fe4790895c18ea0ea5235'
'7180f32303234303131393230313632335a30773075304d300906052b0e03'
'021a050004140bafcc2324b8b0f8b0322c9a506e3956535714140414117f8'
'e44bbe97fca27fe4790895c18ea0ea5235702141026996a09aab93ede06b6'
'2362a9e44741071b328000180f32303234303131393230313632335aa0111'
'80f32303234303132303230313632335aa1233021301f06092b0601050507'
'30010204120410f12a655449ab6402f4da66c549414e2c300a06082a8648c'
'e3d0403020347003044022012710a72736e76b60f4573508e62be25973dfd'
'a9719e9a678f2e1c0add131dfc022050abc8ba475f8f1ed2f74ca9f2c976e'
'a1da0b51dd28cf8735487f2d3c076cb24'
)
ocsp_resonse_original = load_der_ocsp_response(bytes.fromhex(der_ocsp_reponse_in_hex))
ocsp_response_bytes = OCSP_ResponseBytes()
ocsp_response_bytes.responseType = ASN1_OID("1.3.6.1.5.5.7.48.1.1")
ocsp_response_bytes.tbsResponseData = OCSP_ResponseData(
ocsp_resonse_original.tbs_response_bytes
)
signature_hex = ocsp_resonse_original.signature.hex()
ocsp_response_bytes.signature = _hex_to_asn1_bit_string(signature_hex)
algo_identifier = X509_AlgorithmIdentifier()
# taking from original
#algo_identifier.algorithm = ASN1_OID(ocsp_resonse_original.signature_algorithm_oid.dotted_string)
# hardcode ecdsa-withSHA256 faulty
algo_identifier.algorithm = ASN1_OID('1.2.840.10045.4.3.2')
# sha256WithRSAEncryption working
#algo_identifier.algorithm = ASN1_OID('1.2.840.113549.1.1.11')
algo_identifier.parameter = None
ocsp_response_bytes.signatureAlgorithm = algo_identifier
scapy_ocsp_response = OCSP_Response()
scapy_ocsp_response.reponseStatus = ASN1_ENUMERATED(0)
scapy_ocsp_response.responseBytes = ocsp_response_bytes
# when using the ecdsa algorithm the bytes are wrongly encoded
signatureAlgorithm_ecdsa_scapy_ocsp_response = scapy_ocsp_response.self_build()
#test = load_der_ocsp_response(signatureAlgorithm_ecdsa_scapy_ocsp_response)
# it is working with rsa
scapy_ocsp_response.responseBytes.signatureAlgorithm.algorithm = ASN1_OID('1.2.840.113549.1.1.11')
signatureAlgorithm_rsa_ocsp_response = scapy_ocsp_response.self_build()
test = load_der_ocsp_response(signatureAlgorithm_rsa_ocsp_response)
# you can output the file and read parse it with openssl and see
# that the rsa one works but the ecdsa doesnt
from pathlib import Path
import subprocess
ocsp_reponse_directory = 'ocsp_response'
current_dir = Path() / ocsp_reponse_directory
ecdsa_filename = 'ecdsa_ocsp_reponse.bin'
rsa_filename = 'rsa_ocsp_reponse.bin'
(current_dir / ecdsa_filename).write_bytes(signatureAlgorithm_ecdsa_scapy_ocsp_response)
(current_dir / rsa_filename).write_bytes(signatureAlgorithm_rsa_ocsp_response)
openssl_read_ecdsa_cmd = ["openssl", "ocsp", "-text", "-noverify", [f"-respin {ocsp_reponse_directory}/{ecdsa_filename}"]]
openssl_read_rsa_cmd = ["openssl", "ocsp", "-text", "-noverify", [f"-respin {ocsp_reponse_directory}/{rsa_filename}"]]
ecdsa_out = subprocess.run(openssl_read_ecdsa_cmd, capture_output=True, text=True)
rsa_out = subprocess.run(openssl_read_rsa_cmd, capture_output=True, text=True)
print(ecdsa_out.stderr)
from scapy.
Thanks it seems to be working now
from scapy.
Great, thanks. Let's keep this open until the PR is merged.
from scapy.
Related Issues (20)
- list object has no attribute display
- Sniffign in Monitor Mode on Windows Throws Exception - libpcap & WLanHelper path issue
- send(generator) skips first packet HOT 1
- smbclientserver test timing out in autopkgtest HOT 7
- TCPSession rebuild http session bug HOT 2
- sndrcv does not return control to user after KeyboardInterrupt HOT 3
- RFE: support for the DHCP "option overload" option
- Enhancement: Validate one-line comments HOT 1
- Incorrect RTCP SR + RR parsing HOT 6
- As of NetBSD 10.0, it is possible to send packets via bpf through loopback devices HOT 1
- ICMPv6 Time Exceeded is not using `length` field
- haslayer with conditional packet fields HOT 1
- Add stop_filter parameter to SndRcvHandler
- decrypted IPv6 packet using decrypt_esp for NAT-Traversal is return wrong packet
- tls appear as padding HOT 1
- Flaky DoIP test on MacOSX HOT 1
- TLS in Scapy should have more doc HOT 8
- RFE: mDNS unicast-response and cache-flush bits HOT 2
- Why is the encoding mode of 'ifreq' 16s16x? HOT 1
- Issue with Packet Creation in AH Tunnel Mode over Socket HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scapy.