IETF Logo Mail Archive

Re: [lamps] is the CSRattr ASN.1 broken or not ... Re: New Version Notification for draft-richardson-lamps-rfc7030-csrattrs-02.txt

Russ Housley <housley@vigilsec.com> Tue, 05 April 2022 19:50 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B6A43A10F7 for <spasm@ietfa.amsl.com>; Tue, 5 Apr 2022 12:50:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jOznfYP_ZgTK for <spasm@ietfa.amsl.com>; Tue, 5 Apr 2022 12:50:26 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 856933A10EC for <spasm@ietf.org>; Tue, 5 Apr 2022 12:50:26 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 838CCDF422; Tue, 5 Apr 2022 15:50:25 -0400 (EDT)
Received: from [10.0.1.2] (pfs.iad.rg.net [198.180.150.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 5F52BDF421; Tue, 5 Apr 2022 15:50:25 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <891519A3-F56F-4206-A41F-B054153D03F9@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C7C94F81-4A1B-4E30-BD23-79A2636BC50F"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Tue, 5 Apr 2022 15:50:24 -0400
In-Reply-To: <0230304D-2791-4FEB-8277-39BE046DEE24@sn3rd.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, David von Oheimb <David.von.Oheimb@siemens.com>, Dan Harkins <dharkins@lounge.org>, LAMPS WG <spasm@ietf.org>, Owen Friel <ofriel@cisco.com>
To: Sean Turner <sean@sn3rd.com>
References: <164667410940.12091.15394112688281514126@ietfa.amsl.com> <15416.1646681868@localhost> <D095D84D-9633-44BB-AA6F-440B8BC00F68@sn3rd.com> <5cfb6e20b225da072695a4f13088a8065203ca4e.camel@siemens.com> <27441.1649182739@localhost> <A3C15545-8810-482A-A79F-B9350B0CEC51@vigilsec.com> <0230304D-2791-4FEB-8277-39BE046DEE24@sn3rd.com>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/8LAkG6-TS_Tr77T2FUHj84J58rE>
Subject: Re: [lamps] is the CSRattr ASN.1 broken or not ... Re: New Version Notification for draft-richardson-lamps-rfc7030-csrattrs-02.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Apr 2022 19:50:31 -0000


> On Apr 5, 2022, at 3:28 PM, Sean Turner <sean@sn3rd.com> wrote:
> 
> 
> 
>> On Apr 5, 2022, at 14:40, Russ Housley <housley@vigilsec.com> wrote:
>> 
>> 
>> 
>>> On Apr 5, 2022, at 2:18 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
>>> 
>>> David von Oheimb <David.von.Oheimb@siemens.com> wrote:
>>>> As I wrote earlier, the way CSRattrs are defined for EST in RFC
>>>> 7030 section 4.5.2:
>>> 
>>>> CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID
>>> 
>>>> AttrOrOID ::= CHOICE (oid OBJECT IDENTIFIER, attribute Attribute }
>>> 
>>>> Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
>>>> type ATTRIBUTE.&id({IOSet}),
>>>> values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) }
>>> 
>>> Is there another way to express the same concept that would be understandable
>>> to more people?
>> 
>> 
>> I do not know whether the OLD ASN.1 syntax is easier to read for some.  This would be:
>> 
>>   CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID
>> 
>>   AttrOrOID ::= CHOICE (oid OBJECT IDENTIFIER, attribute Attribute }
>> 
>>   Attribute ::= SEQUENCE {
>>     type     AttributeType,
>>     values    SET SIZE(1..MAX) OF AttributeValue }
>> 
>>   AttributeType ::= OBJECT IDENTIFIER
>> 
>>   AttributeValue ::= ANY DEFINED BY AttributeType
>> 
>> Russ
> 
> The problem really comes down to how extensionRequest is encoded. extensionRequest is defined in RFC 2985) as:
> 
>   extensionRequest ATTRIBUTE ::= {
>           WITH SYNTAX ExtensionRequest
>           SINGLE VALUE TRUE
>           ID pkcs-9-at-extensionRequest
>   }
> 
>   ExtensionRequest ::= Extensions
> 
> Then Extensions (using old syntax from 5280):
> 
> Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
> 
>   Extension  ::=  SEQUENCE  {
>        extnID      OBJECT IDENTIFIER,
>        critical    BOOLEAN DEFAULT FALSE,
>        extnValue   OCTET STRING
>                    -- contains the DER encoding of an ASN.1 value
>                    -- corresponding to the extension type identified
>                    -- by extnID
>        }
> 
> So, if you’re going to encode that you need a lot more than just an OID, as is in the example:
> 
> In the example:
> 
> SEQUENCE (4 elem)
> … snip
>  SEQUENCE (2 elem)
>    OBJECT IDENTIFIER 1.2.840.113549.1.9.14 extensionRequest (PKCS #9 via CRMF)
>    SET (1 elem)
>      OBJECT IDENTIFIER 1.3.6.1.1.1.1.22 (macAddress). <—“values" here
> ..snip
> 

RFC 7030 shows this example:

  0  65: SEQUENCE {
  2   9:   OBJECT IDENTIFIER challengePassword (1 2 840 113549 1 9 7)
 13  18:   SEQUENCE {
 15   7:     OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1)
 24   7:     SET {
 26   5:       OBJECT IDENTIFIER secp384r1 (1 3 132 0 34)
       :       }
       :     }
 33  22:   SEQUENCE {
 35   9:     OBJECT IDENTIFIER extensionRequest (1 2 840 113549 1 9 14)
 46   9:     SET {
 48   7:       OBJECT IDENTIFIER '1 3 6 1 1 1 1 22'
       :       }
       :     }
 57   8:   OBJECT IDENTIFIER ecdsaWithSHA384 (1 2 840 10045 4 3 3)
       :   }


Maybe this is what you meant when you said that the example is wrong.  You mean that the example fails to include the ExtensionRequest as the values field in the attribute.

   ExtensionRequest ::= Extensions


> If macAddress is included as an extension, then it would need to say whether it’s critical or not and we’d need to provide a value. The “values” portion of the SET OF needs to be:
> SEQ OF (for Extensions)
>  SEQ (for Extension)
>   { extrnID=macAddress OID,
>    criticality=T/F (CP dependent),
>    extnValue=? } 

The problem is that the EST server is saying that the CSR needs to include the extensionRequest attribute, and that the SEQUENCE OF Extension needs to include the macAddress extension.  The EST server expects the client to fill in the MAC address.  The EST server does not know the client's MAC address, so it cannot fill it in.  It could put a zero-length OCTET STRING, but that is not ideal.

Russ

v2.8.7 | Report a Bug | By Email