cms: unable to verify the embedded certificate about cryptography-rs HOT 2 OPEN

Using your reproduce case, I imported the generated X.509 certificates into a test case, which should show up in the issue timeline. The test passes, which means the low-level cryptography is working correctly.

I suspect the problem here has to do with the way the test is constructed and how this crate handles ASN.1 encoding. RFC 5652 says CMS uses BER. Most everything else in the cryptography world uses DER, including OpenSSL when you ask it to generate a certificate.

If you feed DER into a BER decoder, it will parse fine. Here's what I think is happening:

1. CMS encodes/decodes the X.509 certificate in BER mode.
2. Your demonstration code loads the root X.509 certificate in DER mode (as it should).
3. When we go to verify the signature, we serialize the CMS certificate into BER (since that was the source encoding) in order to verify the signature.
4. Signature verification fails because the BER encoding of the certificate isn't the DER encoding.

Unfortunately, I'm not sure we can trivially re-encode the BER decoded certificate to DER because of limitations in the bcder crate.

This issue brings up an old issue which is I'm not convinced the world actually follows RFC 5652 and uses BER encoding. I was attempting to be truthful to the spec when I wrote the crate. It is possible that CMS implementations like OpenSSL always use DER: I'm not actually sure! It is also possible everybody always DER encodes the X.509 certificates within CMS and leaves the outer CMS structures as DER.

Anyway, thanks for the bug report. I'll have to do some research.

from cryptography-rs.

Actually, I may have mixed up the sequence based on what the code is doing. But same principle applies.

Another theory is we're not reading the signature algorithm correctly from the CMS SignedData structure. I'll likely have to step through the code with a debugger to get at the heart of this. Won't do that tonight.

from cryptography-rs.