Closed Bug 214602 Opened 21 years ago Closed 20 years ago

ISIS-MTT comform signed Mail is not valid cause of the content.signerInfo.signatureAlgorithm

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Platform:
x86
Windows 2000
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: gimbel, Assigned: nelson)

References

(Depends on 1 open bug)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030718
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030718

ISIS-MTT (http://www.teletrust.de/teletrust.asp?id=61040) describes a new
Standard for interoperable S/MIME messages. 
It specify the content.signerInfo.signatureAlgorithm MUST be
sha-1WithRSAEncryption {1 2 840 113549 1 1 5}or rsaSignatureWithripemd {1 3 36 3
3 1 2}
This is described in the CMS RFC(3370). 
If a Signed S/MIME Message is formed with the signatureAlgorithm Mozilla can not
validate the signature:
 
"Digital Signture Is Not Valid
The Message was signed using an encryption strenght that this version of your
software does not support."  



Reproducible: Always

Steps to Reproduce:
1. Send a signed S/MIME Message ISIS-MTT comform with sha-1WithRSAEncryption
2. read it in mozilla mail (do not forget to include ROOT Cert and own PSE)
3. klick to the broken pen 

Actual Results:  
"Digital Signture Is Not Valid
The Message was signed using an encryption strenght that this version of your
software does not support."  

Expected Results:  
It should validate the signature more compliant
Interop tests with Mozilla in this PKI envirmoment is not possible!

I used IMAP Mode to get the mails with an Exchange Server 5.5
Alexander,  Thanks for this report.
Please send a signed message meeting your description to me at this 
address (after removing the obvious anti-spam stuff):  
   NOnelsonSPAM@NObolyardSPAM.com
Assignee: ssaux → wchang0222
Component: S/MIME → Libraries
Product: PSM → NSS
QA Contact: bmartin → bishakhabanerjee
Version: unspecified → 3.8
Thank you for the email.  By examining it I was able to find the problems.

1. The error message that you quoted is wrong.  It should say "The message was
signed using a digest encryption algorithm that is unrecognized or unsupported
by this version of mozilla."   That erroneous message text should be corrected 
in mozilla.  

2. The signature on your message contains a "SignerInfo" structure (as it 
should), that in turn contains a "digestEncryptionAlgorithm" which is an 
AlgorithmIdentifier.  This identifier is intended to identify the encryption
algorithm that encrypts the digest, not the digest itself.  In the signature
on your message the value for that "digestEncryptionAlgorithm" is 
    OID = 2A 86 48 86 F7 0D 01 01 05
    Description = sha1withRSAEncryption (1 2 840 113549 1 1 5) (PKCS #1)
and that is not one of the recognized algorithm OIDs for CMS signatures.  

mozilla expects to receive this OID instead:
    OID = 06 09 2A 86 48 86 F7 0D 01 01 01
    Description = rsaEncryption (1 2 840 113549 1 1 1) (PKCS #1)

I beleieve that mozilla's behavior is correct here.  That is, given that 
your signature contains a SHA1 digest, encrypted with PKCS1 RSA, I believe
the correct value to use for "digestEncryptionAlgorithm" is the one that
mozilla expects.  However, if you can point me to a standard that says 
that the other OID is also acceptable for a "digestEncryptionAlgorithm",
then please cite that standard (with section, page, or whatever) in 
another comment in this bug.

I am confirming this bug because the error message text is wrong.  
I am not confirming that mozilla is expecting the wrong OID.  
If/when the software the genreates these signature sends the OID that
mozilla expects, mozilla will be happy.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Correcting a cut-n-paste error above:
OID received: 2A 86 48 86 F7 0D 01 01 05  (1 2 840 113549 1 1 5)
OID expected: 2A 86 48 86 F7 0D 01 01 01  (1 2 840 113549 1 1 1)
Difference:                           ^^                      ^

Note that I have filed a request for enhancement to have NSS also recognize
this OID (even if it is incorrect).  See bug 230761.
Alexander Gimbel wrote to me:

> The OIDs are correct for the ISIS-MTT Standard (see 
> http://www.teletrust.de/Dokumente%5Cag8_isis-mtt-corespec-v1.0.2.pdf, Part 6 
> Table2 1.1) , I know is is a standard for standards. But the Test Spec says 
> MUST for this algorithm so if you want to interoparte with ISIS-MTT compliant 
> clients this is a good idea. 

The standard has several relevant tables.  
Table 2 on page 168 of the pdf file is a table of signature algorithms.
Table 4 on page 170 of the pdf file is a table of key encryption algorithms.
Table 5 on page 171 of the odf file is a table of public key algorithms.

These different types of algorithm OIDs are used in different places in the
CMS/PKCS7 message.  In places where a signature algoirthm OID is needed,
an OID from table 2 should be selected.  In places where a key encryption
algorithm is needed, an OID form table 4 should be selected.  The item
we're discussing is a "digest encryption algorithm", which is not a signature
algorithm.  I'd say that one of the algoirthms in tables 4 or 5 should be
used, and for RSA, both tables 4 and 5 agree on the particular OID.  

mozilla expects the OID to be the one found in tables 4 and 5.
I continue to believe that mozilla's behavior is correct and even compliant
with this standard.

If this standard says, somewhere, that it expects a "signature algorithm" OID
to be used in the "digest encryption algorithm" part of the signature, please
cite the section and page where it says that.  Thanks.
Depends on: 230761
Bug 230761 has been updated with the authoritative RFC on this subject,
and the enhancement request has been implemented.

This bug now exists only to get the erroneous error message fixed,
as explained in paragraph 1 of comment 2 above.
The message quoted above is found at 
http://lxr.mozilla.org/mozilla/source/mailnews/extensions/smime/resources/locale/en-US/msgSecurityInfo.properties#20
The message bears the name "SIInvalidCipher", which is chosen in 
http://lxr.mozilla.org/mozilla/source/mailnews/extensions/smime/resources/content/msgReadSecurityInfo.js#110
in response to these error codes:

nsICMSMessageErrors.VERIFY_UNKNOWN_ALGO
nsICMSMessageErrors.VERIFY_UNSUPPORTED_ALGO

Clearly the text of the message is incorrect for those error codes.

I am going to file a PSM bug about this.
Assignee: wchang0222 → MisterSSL
Depends on: 240431
The NSS enhancement request portion of this bug was fixed in NSS 3.9.1.
The PSM error portion is now the subject of bug 240431.
This bug should be marked fixed as soon as PSM bug 240431 is fixed.
Priority: -- → P3
Target Milestone: --- → 3.9.1
I'm marking this bug fixed.  There is a separate bug for the PSM issue.
fixed
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.