Help!! BC crafted PKCS7/CMS envelope verification by OpenSSL

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Help!! BC crafted PKCS7/CMS envelope verification by OpenSSL

Madan Prabhu
Dear Team,

We were using the following code snippet for signing and crafting the PKCS7 files.,

public static String signAttached(X509Certificate obCert,PrivateKey obPvtKey,String signData, boolean attached){
     byte[] envelopedData = null;
    
     try{
      Security.addProvider(new BouncyCastleProvider());
         
      //Signed Attributes for TimeStamping
      final ASN1EncodableVector signedAttributes = new ASN1EncodableVector();
      final Attribute signingAttribute = new Attribute(CMSAttributes.signingTime, new DERSet(new DERUTCTime(new Date()))); 
      signedAttributes.add(signingAttribute);
      // Create the signing table
      final AttributeTable signedAttributesTable = new AttributeTable(signedAttributes);
      // Create the table table generator that will added to the Signer builder
      final DefaultSignedAttributeTableGenerator signedAttributeGenerator = new DefaultSignedAttributeTableGenerator(signedAttributesTable);


         //Build CMS
         X509Certificate cert = (X509Certificate) obCert;
         List certList = new ArrayList();
         CMSTypedData msg = new CMSProcessableByteArray(signData.getBytes(java.nio.charset.StandardCharsets.UTF_8));
         certList.add(cert);
         Store certs = new JcaCertStore(certList);
         CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
         ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("SunMSCAPI").build(obPvtKey);
         gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, cert));
         gen.addCertificates(certs);
         
         //true means Attached; false means detached content 
         CMSSignedData sigData = gen.generate(msg, attached);     

         envelopedData = sigData.getEncoded();
     }catch(Exception e){
     e.printStackTrace();
     }
     return new String(Base64.encode(envelopedData));
    }

The final Base64 encoded envelope persisted into the file. Later, When i tried to verify the signature by using the following command; 
$ openssl cms -verify -noverify -inform PEM -in new.p7s
Verification successful
madan prabhu nic tamilnadu state unit

For attached signature; it works fine. Same thing for the detached signature; it's not working.
     $openssl cms -verify -noverify -inform PEM -in newd.p7s -content newd.txt
madan prabhu nic tamilnadu state unit
Verification failure
140109147780928:error:2E09A09E:CMS routines:CMS_SignerInfo_verify_content:verification failure:crypto/cms/cms_sd.c:821:
140109147780928:error:2E09D06D:CMS routines:CMS_verify:content verify error:crypto/cms/cms_smime.c:393:

The content of the file newd.txt is exactly same data.

Kindly suggest me, how to resolve the Openssl verification successfully; since we are in development of cross platform supported solution. 

Note: Verification of both signatures(attached and detached) works fine in BC java-code verification using JcaSimpleSignerInfoVerifierBuilder.

--

Thanks & Regards, 

D.Madan Prabhu
Google Talk/madan.prabhu.d Y! messenger/madan_prabhu

By the power of truth, I, while living, have conquered the universe.

Reply | Threaded
Open this post in threaded view
|

Re: Help!! BC crafted PKCS7/CMS envelope verification by OpenSSL

dave_thompson_2
> We were using the following code snippet for signing and crafting the PKCS7
> files.,
>
...
>          envelopedData = sigData.getEncoded();

Aside: calling P7/CMS SignedData 'enveloped' can be misleading.
P7/CMS, and derivatively SMIME, use 'Enveloped' to mean _encrypted_
data, usually hybrid-publickey encryption to recipient(s) using certs.


> The final Base64 encoded envelope persisted into the file. Later, When i
> tried to verify the signature by using the following command;
> $ openssl cms -verify -noverify -inform PEM -in new.p7s
> Verification successful
> madan prabhu nic tamilnadu state unit
>
> For attached signature; it works fine. Same thing for the detached
> signature; it's not working.
>      $openssl cms -verify -noverify -inform PEM -in newd.p7s -content
> newd.txt
> madan prabhu nic tamilnadu state unit
> Verification failure
> 140109147780928:error:2E09A09E:CMS
> routines:CMS_SignerInfo_verify_content:verification
> failure:crypto/cms/cms_sd.c:821:
> 140109147780928:error:2E09D06D:CMS routines:CMS_verify:content verify
> error:crypto/cms/cms_smime.c:393:
>
> The content of the file newd.txt is exactly same data.
>
Does the file contain text with Unix-style line terminator(s) LF and
not Internet (and Windows) style CRLF? Or data with lone LF bytes?

OpenSSL 'cms' (and also older 'smime') tries very weakly to do the
canonicalization specified by SMIME (RFC5751 3.1.1 et pred) namely it
converts all line endings to CRLF -- regardless of content-type and
regardless of whether it's actually doing SMIME (-outform/inform
smime) or PKCS7/CMS (-outform/inform der/pem) ...

... unless you specify -binary ; see the man page. Without that, for
embedded data verify assumes the canonicalization has already been
done and just uses the transmitted data, and succeeds, but for
separate data (detached signature) it assumes canonicalization is
needed to match the sender and does it, thus the data it (hashes and)
tries to verify is not the same data you signed, causing verify fail.