Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for RFC5652 types of MS countersignatures (#16) #17

Merged
merged 13 commits into from
Jan 29, 2024
Merged

Added support for RFC5652 types of MS countersignatures (#16) #17

merged 13 commits into from
Jan 29, 2024

Conversation

metthal
Copy link
Member

@metthal metthal commented Jan 13, 2024

It seems that some (maybe newer) MS countersignatures are not PKCS7 per RFC2315 but rather CMS structures defined by RFC5652. Unfortunately, PKCS7_* family of OpenSSL functions is not able to handle it, but there are CMS_* functions which are. They however do not provide same set of functions to do the same things as with PKCS7 structures.

This PR adds possibility to fall back to CMS if PKCS7 fails. Some functions had to be simulated and therefore might not be that accurate but just from testing on a few files, it seems to validate them correctly. But it might need a tuning in the future if we test it on a more extensive set of samples.

@metthal
Added support for RFC5652 types of MS countersignatures (#16)
2149edd 
It seems that some (maybe newer) MS countersignatures are not PKCS7 per
RFC2315 but rather CMS structures defined by RFC5652. Unfortunately,
PKCS7_* family of OpenSSL functions is not able to handle it, but there
are CMS_* functions which are. They however do not provide same set of
functions to do the same things as with PKCS7 structures.

This PR adds possibility to fall back to CMS if PKCS7 fails. Some
functions had to be simulated and therefore might not be *that* accurate
but just from testing on a few files, it seems to validate them
correctly. But it might need a tuning in the future if we test it on a
more extensive set of samples.
@metthal metthal mentioned this pull request Jan 13, 2024
Closed
@HoundThe HoundThe self-requested a review January 17, 2024 10:38
@HoundThe HoundThe force-pushed the countersig-ms-cms branch 3 times, most recently from 369404b to 8a03bda Compare January 26, 2024 01:32
HoundThe
HoundThe approved these changes Jan 26, 2024
View reviewed changes
Copy link
Member

@HoundThe HoundThe left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for the feature, I've got a bit confused and slowed down while reading the macros, but after a while it reads fine and seems kind of neat.

I've added a test case with some dev scripts to ease up writing tests. I've also updated the CI to use proper versions 1.1 and 3.0, as the machines and packages got updated and they all used 3+. The project also uses .clang-format for formatting and I've reformated the newly added code for consistency.

@metthal metthal merged commit baed94f into master Jan 29, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HoundThe HoundThe HoundThe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@metthal @HoundThe