PreferredSignatureAlgorithms usage (getting: Cannot get schema for 'Object' target)

PeculiarVentures / asn1-schema

asn1-schema is a collection of TypeScript schemas that make working with common ASN.1 objects easy

33 stars 11 forks source link

PreferredSignatureAlgorithms usage (getting: Cannot get schema for 'Object' target) #60

Closed ghost closed 2 years ago

ghost commented 2 years ago

Hi, what is the proper way to set PreferredSignatureAlgorithms to an OCSP request?

I tried the following snippet but it fails with Cannot get schema for 'Object' target

requestExtensions: [
  new Extension({ extnID: id_pkix_ocsp_nonce, extnValue: new Nonce(nonce) }),
  new Extension({
    extnID: id_pkix_ocsp_pref_sig_algs,
    extnValue: new OctetString(AsnConvert.serialize(new PreferredSignatureAlgorithms([{ algorithm: "1.2.840.10045.4.3.2" }]))),
  }),
],

microshine commented 2 years ago

Correct code is:

const ext = new Extension({
  extnID: id_pkix_ocsp_pref_sig_algs,
  extnValue: new OctetString(AsnConvert.serialize(new PreferredSignatureAlgorithms([
    new AlgorithmIdentifier({ algorithm: "1.2.840.10045.4.3.2" }),
  ]))),
});

console.log(Buffer.from(AsnConvert.serialize(ext)).toString("hex")); // 301b06092b0601050507300108040e300c300a06082a8648ce3d040302

ASN

https://lapo.it/asn1js/#MBsGCSsGAQUFBzABCAQOMAwwCgYIKoZIzj0EAwI

SEQUENCE (2 elem)
  OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.8
  OCTET STRING (14 byte) 300C300A06082A8648CE3D040302
    SEQUENCE (1 elem)
      SEQUENCE (1 elem)
        OBJECT IDENTIFIER 1.2.840.10045.4.3.2 ecdsaWithSHA256 (ANSI X9.62 ECDSA algorithm with SHA256)

ghost commented 2 years ago

An OCSP request with that extension returns 2 (internalError), from seeing how BouncyCastle does it, the appropriate extension value seems to be missing a SEQUENCE, i.e. the one that does work is:

https://lapo.it/asn1js/#MB0GCSsGAQUFBzABCAQQMA4wDDAKBggqhkjOPQQDAg

I am not at all familiar with ASN.1 but maybe this code:

export declare class PreferredSignatureAlgorithms extends AsnArray<AlgorithmIdentifier> {
    constructor(items?: AlgorithmIdentifier[]);
}

should be:

export declare class PreferredSignatureAlgorithms extends AsnArray<PreferredSignatureAlgorithm> {
    constructor(items?: PreferredSignatureAlgorithm[]);
}

Or what am I doing wrong?

Thanks

microshine commented 2 years ago

There is an error in schema declaration. Preparing update

microshine commented 2 years ago

I've published @peculiar/asn1-ocsp@2.1.2. Please try it.

const ext = new Extension({
  extnID: id_pkix_ocsp_pref_sig_algs,
  extnValue: new OctetString(AsnConvert.serialize(new PreferredSignatureAlgorithms([
    new PreferredSignatureAlgorithm({
      sigIdentifier: new AlgorithmIdentifier({ algorithm: "1.2.840.10045.4.3.2" }),
    })
  ]))),
});

console.log(Buffer.from(AsnConvert.serialize(ext)).toString("hex"));

ASN

https://lapo.it/asn1js/#MB0GCSsGAQUFBzABCAQQMA4wDDAKBggqhkjOPQQDAg

SEQUENCE (2 elem)
  OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.8
  OCTET STRING (16 byte) 300E300C300A06082A8648CE3D040302
    SEQUENCE (1 elem)
      SEQUENCE (1 elem)
        SEQUENCE (1 elem)
          OBJECT IDENTIFIER 1.2.840.10045.4.3.2 ecdsaWithSHA256 (ANSI X9.62 ECDSA algorithm with SHA256)

ghost commented 2 years ago

That worked, thanks! 👍