Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to sign the signed_attrs? How was the test file cms-signed.der created? #275

Open
mholschbach opened this issue Feb 27, 2024 · 2 comments
Open

How to sign the signed_attrs? How was the test file cms-signed.der created? #275

mholschbach opened this issue Feb 27, 2024 · 2 comments

Comments

@mholschbach
Copy link

Hi,

I'm struggling with creating a valid CMS signature when I try to use signed attributes. I tried to simplify my problem to rebuilding the cms-signed.der from the tests/fixtures directory.

What works:
I'm able to create the ASN.1 structure of ContentInfo, SignedData and SignerInfo. I'm using cryptography.hazmat... for signing my data = b'This is the message to encapsulate in PKCS#7/CMS\r\n' like this:
signer_info['signature'] = key.sign(data, padding.PKCS1v15(), hashes.SHA256())
For validation I use "openssl cms -verify -in mytestdata.der -inform DER -CAfile myCA.crt" and get a "CMS Verification successful"

Instead of signing the data directly, I create and sign the signed_attrs like this:

signer_info['signed_attrs'] = cms.CMSAttributes([
        cms.CMSAttribute({
            'type':   cms.CMSAttributeType('content_type'),
            'values': ('data',)
        }),
        cms.CMSAttribute({
            'type':   cms.CMSAttributeType('signing_time'),
            'values': (cms.Time({
                'utc_time': core.UTCTime(datetime.now(timezone.utc))
            }), )
        }),
        cms.CMSAttribute({
            'type':   cms.CMSAttributeType('message_digest'),
            'values': ( md_value, ) # sha256 of the data parameter
        }),
])

signer_info['signature'] = key.sign(
        signer_info['signed_attrs'].dump(),
        padding.PKCS1v15(),
        hashes.SHA256()      
)

The ASN.1 structure looks just like I expect it to and the md_value equals to the sha256 value of the data parameter. But I can't verify with openssl (Version 3.0.10):
CMS Verification failure
402789FF7C7F0000:error:02000068:rsa routines:ossl_rsa_verify:bad signature:../crypto/rsa/rsa_sign.c:430:
402789FF7C7F0000:error:1C880004:Provider routines:rsa_verify:RSA lib:../providers/implementations/signature/rsa_sig.c:774:
402789FF7C7F0000:error:1700009E:CMS routines:CMS_SignerInfo_verify:verification failure:../crypto/cms/cms_sd.c:899:

Many thanks for your help and asn1crypto
Michael
@MatthiasValvekens
Copy link
Contributor

Try replacing signer_info['signed_attrs'].dump() with signer_info['signed_attrs'].untag().dump() and see if that works. :)

You can also put the signed attrs in a variable, use that to compute the signature, and then assign it to signer_info.

(This often comes up because the signed attributes field has context-dependent tagging in SignerInfo, whereas the CMS spec requires the signature to be computed using universal tags)

@mholschbach
Copy link
Author

Thank you very much, the untag() did it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mholschbach @MatthiasValvekens