Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CMS signer identifier is incorrectly encoded #203

Open
Lukasa opened this issue Oct 15, 2024 · 0 comments
Open

CMS signer identifier is incorrectly encoded #203

Lukasa opened this issue Oct 15, 2024 · 0 comments
Labels
good first issue Good for newcomers kind/enhancement Improvements to existing feature.

Comments

@Lukasa
Copy link
Collaborator

Lukasa commented Oct 15, 2024

We have the following code for serializing and deserializing the subjectKeyIdentifier option in CMSSignerIdentifier:

swift-certificates/Sources/X509/CryptographicMessageSyntax/CMSSignerIdentifier.swift

Lines 58 to 62 in d8799da

case .subjectKeyIdentifier(let subjectKeyIdentifier):
try coder.serialize(
ASN1OctetString(contentBytes: subjectKeyIdentifier.keyIdentifier),
explicitlyTaggedWithIdentifier: Self.skiIdentifier
)

swift-certificates/Sources/X509/CryptographicMessageSyntax/CMSSignerIdentifier.swift

Lines 39 to 45 in d8799da

self = try DER.explicitlyTagged(
node,
tagNumber: Self.skiIdentifier.tagNumber,
tagClass: Self.skiIdentifier.tagClass
) { node in
.subjectKeyIdentifier(.init(keyIdentifier: try ASN1OctetString(derEncoded: node).bytes))
}

Both of these perform explicit tagging of the field. That's informed by this declaration from RFC 5652 § 12.1:

SignerIdentifier ::= CHOICE {
  issuerAndSerialNumber IssuerAndSerialNumber,
  subjectKeyIdentifier [0] SubjectKeyIdentifier }

However, this misses that the tags default for the document is specified as:

   DEFINITIONS IMPLICIT TAGS ::=

So the default tag is implicit unless one of the exceptions from ITU 680 § 30.6 applies. None of them do, so this should be implicitly tagged.
@Lukasa Lukasa added kind/enhancement Improvements to existing feature. good first issue Good for newcomers labels Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers kind/enhancement Improvements to existing feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Lukasa