Open Bug 1894552 Opened 9 months ago Updated 6 months ago

Perform an additional check of the CMS signing-time attribute

Categories

(MailNews Core :: Security: S/MIME, defect)

Product:
MailNews Core
Component:
Security: S/MIME
Version:
Thunderbird 115
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: leszek.zablocki, Unassigned)

References

Details

Attachments

(2 files)

signed_attrs.tar.gz
49.24 KB, application/gzip
Details
CMS_Verification.csv
2.18 KB, text/plain
Details
Attached file signed_attrs.tar.gz

Steps to reproduce:

I came across this bug by accident. Th. does not check if there is ONLY ONE signing-time attribute in signed S/MIME message.

   The SignedAttributes syntax and the AuthAttributes syntax are each
   defined as a SET OF Attributes.  The SignedAttributes in a signerInfo
   MUST NOT include multiple instances of the signing-time attribute.

I prepared a test package signed_attrs.tar.gz and checked some other things as well. Th. works better than OpenSSL. See:

handcrafted_emails/17_signingTime_7.eml
handcrafted_emails/18_signingTime_8.eml

# Choose which date you want:
Date: Mon, 01 Apr 2024 03:33:33 +0000
#Date: Tue, 02 Apr 2024 03:33:33 +0000
#Date: Wed, 03 Apr 2024 03:33:33 +0000

Each of these dates is correct (all three were placed in signedAttrs), and Th. verifies each of them.

$ openssl cms -cmsout -print -in 17_signingTime_7.eml

...
 signedAttrs:
            object: contentType (1.2.840.113549.1.9.3)
            set:
              OBJECT:pkcs7-data (1.2.840.113549.1.7.1)

            object: signingTime (1.2.840.113549.1.9.5)
            set:
              UTCTIME:Apr  1 03:33:33 2024 GMT

            object: signingTime (1.2.840.113549.1.9.5)
            set:
              UTCTIME:Apr  2 03:33:33 2024 GMT

            object: signingTime (1.2.840.113549.1.9.5)
            set:
              UTCTIME:Apr  3 03:33:33 2024 GMT

            object: messageDigest (1.2.840.113549.1.9.4)
            set:
            ...

--

Similarly, if there is a date in the email header, while there is no date in the signed signedAttrs attribute. If Th. verifies the email header for a timestamp, it should also check this signedAttrs attribute. See:

13_signingTime_3.eml

However, I suspect that this email 13, is done according to standards.

Attached file CMS_Verification.csv

similar: bug#1509336, bug#482799

See Also: → 482799
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: