Closed
Bug 214602
Opened 21 years ago
Closed 20 years ago
ISIS-MTT comform signed Mail is not valid cause of the content.signerInfo.signatureAlgorithm
Categories
(NSS :: Libraries, defect, P3)
Tracking
(Not tracked)
RESOLVED
FIXED
3.9.1
People
(Reporter: gimbel, Assigned: nelson)
References
(Depends on 1 open bug)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030718 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030718 ISIS-MTT (http://www.teletrust.de/teletrust.asp?id=61040) describes a new Standard for interoperable S/MIME messages. It specify the content.signerInfo.signatureAlgorithm MUST be sha-1WithRSAEncryption {1 2 840 113549 1 1 5}or rsaSignatureWithripemd {1 3 36 3 3 1 2} This is described in the CMS RFC(3370). If a Signed S/MIME Message is formed with the signatureAlgorithm Mozilla can not validate the signature: "Digital Signture Is Not Valid The Message was signed using an encryption strenght that this version of your software does not support." Reproducible: Always Steps to Reproduce: 1. Send a signed S/MIME Message ISIS-MTT comform with sha-1WithRSAEncryption 2. read it in mozilla mail (do not forget to include ROOT Cert and own PSE) 3. klick to the broken pen Actual Results: "Digital Signture Is Not Valid The Message was signed using an encryption strenght that this version of your software does not support." Expected Results: It should validate the signature more compliant Interop tests with Mozilla in this PKI envirmoment is not possible! I used IMAP Mode to get the mails with an Exchange Server 5.5
Assignee | ||
Comment 1•21 years ago
|
||
Alexander, Thanks for this report. Please send a signed message meeting your description to me at this address (after removing the obvious anti-spam stuff): NOnelsonSPAM@NObolyardSPAM.com
Assignee: ssaux → wchang0222
Component: S/MIME → Libraries
Product: PSM → NSS
QA Contact: bmartin → bishakhabanerjee
Version: unspecified → 3.8
Assignee | ||
Comment 2•21 years ago
|
||
Thank you for the email. By examining it I was able to find the problems. 1. The error message that you quoted is wrong. It should say "The message was signed using a digest encryption algorithm that is unrecognized or unsupported by this version of mozilla." That erroneous message text should be corrected in mozilla. 2. The signature on your message contains a "SignerInfo" structure (as it should), that in turn contains a "digestEncryptionAlgorithm" which is an AlgorithmIdentifier. This identifier is intended to identify the encryption algorithm that encrypts the digest, not the digest itself. In the signature on your message the value for that "digestEncryptionAlgorithm" is OID = 2A 86 48 86 F7 0D 01 01 05 Description = sha1withRSAEncryption (1 2 840 113549 1 1 5) (PKCS #1) and that is not one of the recognized algorithm OIDs for CMS signatures. mozilla expects to receive this OID instead: OID = 06 09 2A 86 48 86 F7 0D 01 01 01 Description = rsaEncryption (1 2 840 113549 1 1 1) (PKCS #1) I beleieve that mozilla's behavior is correct here. That is, given that your signature contains a SHA1 digest, encrypted with PKCS1 RSA, I believe the correct value to use for "digestEncryptionAlgorithm" is the one that mozilla expects. However, if you can point me to a standard that says that the other OID is also acceptable for a "digestEncryptionAlgorithm", then please cite that standard (with section, page, or whatever) in another comment in this bug. I am confirming this bug because the error message text is wrong. I am not confirming that mozilla is expecting the wrong OID. If/when the software the genreates these signature sends the OID that mozilla expects, mozilla will be happy.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee | ||
Comment 3•21 years ago
|
||
Correcting a cut-n-paste error above: OID received: 2A 86 48 86 F7 0D 01 01 05 (1 2 840 113549 1 1 5) OID expected: 2A 86 48 86 F7 0D 01 01 01 (1 2 840 113549 1 1 1) Difference: ^^ ^ Note that I have filed a request for enhancement to have NSS also recognize this OID (even if it is incorrect). See bug 230761.
Assignee | ||
Comment 4•21 years ago
|
||
Alexander Gimbel wrote to me:
> The OIDs are correct for the ISIS-MTT Standard (see
> http://www.teletrust.de/Dokumente%5Cag8_isis-mtt-corespec-v1.0.2.pdf, Part 6
> Table2 1.1) , I know is is a standard for standards. But the Test Spec says
> MUST for this algorithm so if you want to interoparte with ISIS-MTT compliant
> clients this is a good idea.
The standard has several relevant tables.
Table 2 on page 168 of the pdf file is a table of signature algorithms.
Table 4 on page 170 of the pdf file is a table of key encryption algorithms.
Table 5 on page 171 of the odf file is a table of public key algorithms.
These different types of algorithm OIDs are used in different places in the
CMS/PKCS7 message. In places where a signature algoirthm OID is needed,
an OID from table 2 should be selected. In places where a key encryption
algorithm is needed, an OID form table 4 should be selected. The item
we're discussing is a "digest encryption algorithm", which is not a signature
algorithm. I'd say that one of the algoirthms in tables 4 or 5 should be
used, and for RSA, both tables 4 and 5 agree on the particular OID.
mozilla expects the OID to be the one found in tables 4 and 5.
I continue to believe that mozilla's behavior is correct and even compliant
with this standard.
If this standard says, somewhere, that it expects a "signature algorithm" OID
to be used in the "digest encryption algorithm" part of the signature, please
cite the section and page where it says that. Thanks.
Depends on: 230761
Assignee | ||
Comment 5•21 years ago
|
||
Bug 230761 has been updated with the authoritative RFC on this subject, and the enhancement request has been implemented. This bug now exists only to get the erroneous error message fixed, as explained in paragraph 1 of comment 2 above.
Assignee | ||
Comment 6•20 years ago
|
||
The message quoted above is found at http://lxr.mozilla.org/mozilla/source/mailnews/extensions/smime/resources/locale/en-US/msgSecurityInfo.properties#20 The message bears the name "SIInvalidCipher", which is chosen in http://lxr.mozilla.org/mozilla/source/mailnews/extensions/smime/resources/content/msgReadSecurityInfo.js#110 in response to these error codes: nsICMSMessageErrors.VERIFY_UNKNOWN_ALGO nsICMSMessageErrors.VERIFY_UNSUPPORTED_ALGO Clearly the text of the message is incorrect for those error codes. I am going to file a PSM bug about this.
Assignee: wchang0222 → MisterSSL
Assignee | ||
Comment 7•20 years ago
|
||
The NSS enhancement request portion of this bug was fixed in NSS 3.9.1. The PSM error portion is now the subject of bug 240431. This bug should be marked fixed as soon as PSM bug 240431 is fixed.
Priority: -- → P3
Target Milestone: --- → 3.9.1
Assignee | ||
Comment 8•20 years ago
|
||
I'm marking this bug fixed. There is a separate bug for the PSM issue.
Assignee | ||
Comment 9•20 years ago
|
||
fixed
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•