Closed Bug 230761 Opened 21 years ago Closed 21 years ago

RFE: accept additional OIDs to signify RSA sigantures

Categories

(NSS :: Libraries, enhancement, P3)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: nelson, Assigned: nelson)

References

Details

Attachments

(1 file)

patch v1
1.20 KB, patch
thayes0993
: review+
Details | Diff | Splinter Review 
As reportted in bug 214602 and others, some SMIME email programs create 
signed messages, where the "digestEncryptionAlgorithm" OID in the signerInfo
contains the OID
    2A 86 48 86 F7 0D 01 01 05
    Description = sha1withRSAEncryption (1 2 840 113549 1 1 5) (PKCS #1)
mozilla expects to receive this OID instead:
    2A 86 48 86 F7 0D 01 01 01
    Description = rsaEncryption (1 2 840 113549 1 1 1) (PKCS #1)

I believe that mozilla's behavior is correct here.  That is, given that 
a signature contains a SHA1 digest, encrypted with PKCS1 RSA, I believe
the correct value to use for "digestEncryptionAlgorithm" is the one that
mozilla expects.  

However, In the spirit of the old Internet maxim:
   "Be generous in what you accept but strict in what you send."
I think that we could change NSS to also accept this other OID without 
introducing any great security weakness.  I will attach a patch that
implements that tiny change.
Attached patch patch v1Splinter Review 
With this patch, the signature on the test message appears valid.
Accepting bug for NSS 3.9.1
Status: NEW → ASSIGNED
Priority: -- → P3
Target Milestone: --- → 3.9.1
Comment on attachment 138917 [details] [diff] [review]
patch v1

Terry, do you think this is acceptable?  and, is it a good idea?
Attachment #138917 - Flags: review?(thayes0993)
Blocks: 214602
RFC 3370 (the latest update to the CMS formats) allows implementations to 
support these additional OIDs.

   The rsaEncryption algorithm identifier is used to identify RSA (PKCS
   #1 v1.5) signature values regardless of the message digest algorithm
   employed.  CMS implementations that include the RSA (PKCS #1 v1.5)
   signature algorithm MUST support the rsaEncryption signature value
   algorithm identifier, and CMS implementations MAY support RSA (PKCS
   #1 v1.5) signature value algorithm identifiers that specify both the
   RSA (PKCS #1 v1.5) signature algorithm and the message digest
   algorithm.

   The algorithm identifier for RSA (PKCS #1 v1.5) with SHA-1 signature
   values is:

      sha1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1)
          member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 5 }

   The algorithm identifier for RSA (PKCS #1 v1.5) with MD5 signature
   values is:

      md5WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1)
          member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 4 }

Comment on attachment 138917 [details] [diff] [review]
patch v1

You might also include the signature OID for RSA with MD5.  However, since most
new implementations use SHA-1, the gain in compatibility is probably very
small.
Attachment #138917 - Flags: review?(thayes0993) → review+
/cvsroot/mozilla/security/nss/lib/smime/cmssiginfo.c,v  <--  cmssiginfo.c
new revision: 1.25; previous revision: 1.24

Thanks, Terry!
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: