Bug 36295 - missing attributes and Content off by two bytes in System.Security.Cryptography.Pkcs.SignedCms.Decode()
Summary: missing attributes and Content off by two bytes in System.Security.Cryptograp...
Status: NEW
Alias: None
Product: Class Libraries
Classification: Mono
Component: System.Security ()
Version: master
Hardware: PC Linux
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
URL:
: 35563 ()
Depends on:
Blocks:
 
Reported: 2015-11-26 16:12 UTC by Hin-Tak Leung
Modified: 2017-02-02 02:41 UTC (History)
2 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report for Bug 36295 on GitHub or Developer Community if you have new information to add and do not yet see a matching new report.

If the latest results still closely match this report, you can use the original description:

  • Export the original title and description: GitHub Markdown or Developer Community HTML
  • Copy the title and description into the new report. Adjust them to be up-to-date if needed.
  • Add your new information.

In special cases on GitHub you might also want the comments: GitHub Markdown with public comments

Related Links:
Status:
NEW

Description Hin-Tak Leung 2015-11-26 16:12:22 UTC
It says so on line 199:

[MonoTODO("incomplete - missing attributes")]

of origin/master:mcs/class/System.Security/System.Security.Cryptography.Pkcs/SignedCms.cs

Decode() does not extract the attributes.

I noticed this while working on the digital signature part of Microsoft Font Validator.
https://github.com/HinTak/Font-Validator/

The symptom is that the digital signature analysis tool can read the time stamping information of a
font's digital signature under dotnet, but not under mono, because that information is in the attributes.
Comment 1 Ludovic Henry 2015-12-07 19:02:52 UTC
Could you please provide a test case to verify the expected behaviour? Thank you!
Comment 2 Hin-Tak Leung 2015-12-08 17:05:58 UTC
If you add these two lines to the dsiginfo tool, and run it against any signed fonts (any ttf shipped by microsoft on windows would do), it would be 0,0 under mono but something like 1,5 under dotnet.


diff --git a/DSIGInfo/DSIGInfo.cs b/DSIGInfo/DSIGInfo.cs
index f3f0f37..3734111 100644
--- a/DSIGInfo/DSIGInfo.cs
+++ b/DSIGInfo/DSIGInfo.cs
@@ -348,7 +399,127 @@ namespace Compat
                 Console.WriteLine( "#SignerInfos: {0}", cms.SignerInfos.Count );
                 foreach ( var si in cms.SignerInfos )
                 {
+                        Console.WriteLine( "#UnsignedAttributes: {0}", si.UnsignedAttributes.Count );
+                        Console.WriteLine( "#SignedAttributes: {0}", si.SignedAttributes.Count );
...


further down it teads the time stamp in this:

if ( Type.GetType("Mono.Runtime") == null )
                         foreach ( var ua in si.UnsignedAttributes )
                         {


It has "if ( Type.GetType("Mono.Runtime") == null )" because it does not work under mono yet. I do not know the work around for https://bugzilla.xamarin.com/show_bug.cgi?id=35563 yet, since mono cannot even read the value. When mono can read the attributes, I'd put a workaround for bug  35563 in like it is near line 230.
Comment 3 Hin-Tak Leung 2017-01-30 17:18:51 UTC
*** Bug 35563 has been marked as a duplicate of this bug. ***
Comment 4 Hin-Tak Leung 2017-01-30 17:28:12 UTC
I mis-filed https://bugzilla.xamarin.com/show_bug.cgi?id=35563 - somehow I did not notice

System.Security.Cryptography.Pkcs/SignedCms.cs : SignedCms.ContentInfo.Content

comes out to be 2-byte shorter under mono compared to dotnet . mono's is missing the first two bytes (which is tag and length), which causes the entire tree to be mis-Decoded.

So here is another problem with the System.Security.Cryptography.Pkcs/SignedCms.cs class - SignedCms.ContentInfo is offset wrong by 2 bytes.
Comment 5 Hin-Tak Leung 2017-01-30 18:26:35 UTC
The off-by-two-byte problem isn't immediately obvious, due to the recursive nature of ASN1 .
Comment 6 Hin-Tak Leung 2017-01-30 18:40:18 UTC
I wonder to what extent having

https://github.com/dotnet/corefx/tree/master/src/System.Security.Cryptography.Pkcs

helps?
Comment 7 Hin-Tak Leung 2017-02-02 02:41:37 UTC
It is sufficient to just run SignedCms.Decode() against a typical extracted signature from a font and examine and compare the outcome's dump under mono's SignedCms.Decode() vs dotnet's SignedCms.Decode().


I tried building mcs/class/System.Security/System.Security.Cryptography.Pkcs/
and "statically linked" to my app to try modifications and didn't get very far.

Is there any guides/helps about just building one part of the class library ? I don't want to build the whole of mono or even keep the whole around just to modify one dll.

I suppose I can override with setting MONO_PATH or GAC PATH after if I succeed.