#443 SCEP: Invalid OID in CertRep signerInfo when using SHA-2
Closed: Fixed None Opened 11 years ago by nkinder.

https://bugzilla.redhat.com/show_bug.cgi?id=824624 (Dogtag Certificate System)

Description of problem:
Verification of the PKCS#7 signed data portion of SCEP CertRep messages issued
by the CA have an invalid digestAlgorithm OID in the signerInfo.  The problem
appears to be the OID that is given in the digestAlgorithm field of the
signerInfo portion of the PKCS#7 signature.  For CertRep messages using MD5 and
SHA-1 the OID is correct and matches the single OID in the digestAlgorithms
list from the SignedData segment.  In the case of SHA-256 and SHA-512, it
appears that the second to the last octet in the two digests (0x2) is missing.
For SHA-256 the OID in the signerInfo is "2.16.840.1.101.3.4.1" (it should be
...3.4.2.1).  For SHA-512 the OID given is "2.16.840.1.101.3.4.3"when it should
end "...3.4.2.3"

Version-Release number of selected component (if applicable):
pki-core 9.0.17 and 9.0.19.  The latter was used to generate the messages in
the attachment.  Other possibly relevant versions: NSS 3.13.4-2, NSPR 4.9-2,
JSS 4.2.6.24

How reproducible: Easily reproducible (I see the issue on every CertRep from
the CA using SHA-256 or SHA-512).

Steps to Reproduce:
1. Create a CA and RA using all default options.  Configure the CA to use
   SHA-256 or SHA-512 in CS.cfg
ca.scep.hashAlgorithm=SHA256
or
ca.scep.hashAlgorithm=SHA512

2. Create a pin for the scep client using the RA web interface
3. Use sscep to create a request using the pin
4. Attempt to enroll using "sscep enroll -f sscep.conf"
5. Capture the CertRep message returned by the CA either with wireshark or by
turning on the verbose/debug flags in the sscep client.

Note: you may want a version of sscep modified to use sha256 for the request,
though I don't think it's necessary.
http://pki.fedoraproject.org/wiki/SCEP_in_Dogtag
See the section "SCEP Request Generation with SHA2"

Actual results:
The signerInfo portion of the CertRep from the CA will have an invalid digest
OID.  For SHA-256 the OID in the signerInfo is "2.16.840.1.101.3.4.1".  For
SHA-512 the OID in the signerInfo is "2.16.840.1.101.3.4.3"

Expected results:
For SHA-256 the OID in the signerInfo should be "2.16.840.1.101.3.4.2.1"
For SHA-512 the OID in the signerInfo should be "2.16.840.1.101.3.4.2.3"

Additional info:
The workaround for this is to use MD5 or SHA-1 for the digestAlgorithm.
I have attached a zip file with CertRep success (issued cert) and failure
messages for SHA-1 (working perfectly), SHA-256 and SHA-512 (both with invalid
OIDs).  All CertRep messages are in PEM form.

proposed Milestone: 10.2.3 - Per Dogtag 10.2.3 meeting of 09/25/2014

Metadata Update from @nkinder:
- Issue assigned to cfu
- Issue set to the milestone: 10.2.3

7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1014

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata