search

bcgit / bc-csharp

BouncyCastle.NET Cryptography Library (Mirror)
https://www.bouncycastle.org/csharp
MIT License
1.67k stars 556 forks source link

DigestAlgorithmID always with DerNull parameter #162

Open eulercb opened 5 years ago

eulercb commented 5 years ago

Hello bc Team!

I was tinkering with bc-csharp and comparing the results of a generated CMS by bc against one from .Net Core 'System.Security.Cryptography.Pkcs' package and found some annoying differences.

Here are a sample of a signed CMS using .Net Core: MIIEZAYJKoZIhvcNAQcCoIIEVTCCBFECAQExDTALBglghkgBZQMEAgEwEwYJKoZIhvcNAQcBoAYEBFRFU1SgggKEMIICgDCCAWigAwIBAgIIZl81FSTJTXwwDQYJKoZIhvcNAQELBQAwADAeFw0xNzEyMDIxMzIyNTJaFw0xOTEyMDIxMzIyNTJaMAAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP8mwzIUwbnnEW2muVuqQ0IuFLh/haSU4A71hmP5nglaEm0BN99nsXhTmcaGfaAxGOXPyjSLkKKhV3YaLl4kYW7eQ2PWeROBB48N5B2Gclyqu4ecYDrcSNebv8LXMpwPpcqjoxXOh6QqxYek/bIk6bduuXSJDlLww4/gOzmN+lURAjMzE7t0ZsqH7wh68XrIn9zZK637osmnhEA4eW3FIbfAvt7g7kc91zKbCkAb4752+VNlc5wB3cpPUn2XmzZp1+oYICbAkg7oPCRJNHfXxIU2RYmFtWj3nKhMXKncmV4FgOxKEzcU6Ewe3msSj8kA5nx2DAJxmDmzzgfTtEPiw1AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEgredkp7OE4eLN407y7k3GwqbdeamGx9AqOdiGO9fNFCQEgJfHiaOpof4QMqI0I1CeB8+ne4EGJcl7A+XfJqcxS2e9v/tb17cOVSB5kWMQKb8CPPIQtKipsgP7W0u4FgsaVJXU2Qg5yYGGFHZ35scR4bFgTdt+eHDr1ogrM+yMtRSSktTFxGcFIDtSOnqYsN77qlJQnXsReITcr8IKAUQEMsFHAvq3+qpvjISpTx/q0h587Tc7eVkac/obh0Juc5uqt1WC3xOAk8MF5tz8HXV/0r1cI0DB47JPhDgaznLakSdTSU7i0VZqTIZ2PK3Fb1M+Jv2Ecr8vuiNO7qxXAnCYxggGeMIIBmgIBATAMMAACCGZfNRUkyU18MAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE4MTIwMjEzMjI1M1owLwYJKoZIhvcNAQkEMSIEIJTuBZM15YflAcxL+QYT4IFPAKewi8fGSP2GWir2oizCMAsGCSqGSIb3DQEBAQSCAQCsU788W7gpnM4M1rX0Yc+U9N84RHcOLOk2yCrtcxH6L7iMusL1x7W6A/vk5xvBqwpGC9qnxue1yZeo/ZxCk7LosCBFcobVbbWQthzPWhkLQNgMo2t4z+Lz3lmH+mzYtgDclq8040tAqnEBzA0cR90+SLk72aqmJq2hTXvm71TATz2Krs0mm5On24U1UB34O1ujsbIaIknGleswT+EFIAgeDKB+Ntm3/qgxNtljqLVZKyrtfkOZuqWITLxQJcSommXfyl/uChNaERmNtb16yv0phm8RpNJD2hBu4Q/ipOKRDgtmRlxe2WoybpKX27V2YJROdbvlACd9ry+yuLkoU9kv

And here are one from bc-csharp: MIIEagYJKoZIhvcNAQcCoIIEWzCCBFcCAQExDzANBglghkgBZQMEAgEFADATBgkqhkiG9w0BBwGgBgQEVEVTVKCCAoQwggKAMIIBaKADAgECAghZI+T3e36O9zANBgkqhkiG9w0BAQsFADAAMB4XDTE3MTIwMjEzMjI1M1oXDTE5MTIwMjEzMjI1M1owADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbITYJ0Kn5dtIM7DkgLX8YIFu1Fgy2Ga+jiD32APG3j0WqrpwKiOeTvF2Ky6KLgGe5ypbNtzrGExh0u0kiB5D1AAF77Y9Jqr1YqQqUJMuYW/t7eAMuO6zidoDLtX7Jqq2Ly/YBQg5VPz4OsqgCZ5hQa8lLykuVjtx5R4zfblZfrsG0reC+kLqcpHtewZcgZVeZhCVC07Y5UlPQeDOdHi8PeChMYRNZC+lX8ZIqo3pd3CIY4e7CYx+pHJCRK9m1hmrT3XRzGCQZD7GknyhOHpHfAgMM3HugbsNNwL7T2VrqwcOYyk8bNYO6+7iuxo1IjoINgIh+3l4Y1TMVSbaq9JEUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAG8gBm+exffL9YHWVDNKD8JeF4D4GfEKhhr70oF9U6IHNpkPRGxfrB9AqYjl8UBxv9+7+AZI508Yto7GPuikdVBatR+OxzpF9yDDyhHhsUgMT3y8yjJFw/WfzQNe4PAx1HPI197OkPKSzT1eHD/l2y/zrZVMYsJOb9KJvyFPEUFYq+rV/Li26xk/3/+R3AyJ1788CQ7QduXsWdJZizss22aD6A9OEChTxYaaq0MRs0Y2TVDMGHv1B2AH34EqziaqFbtxhsHWptxWzWJxQ/JVnsM5H0MB0IW7UkixZ9c0XV6LbyOxbC4v0F2vX5O2Qg7o8v0t+CyXoE8YrRGxnBmlk7jGCAaIwggGeAgEBMAwwAAIIWSPk93t+jvcwDQYJYIZIAWUDBAIBBQCgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xODEyMDIxMzIyNTNaMC8GCSqGSIb3DQEJBDEiBCCU7gWTNeWH5QHMS/kGE+CBTwCnsIvHxkj9hloq9qIswjANBgkqhkiG9w0BAQEFAASCAQA7z2/eG9ceSm+b4Qfg5Bv4LPz8/UqFT8V4uuvCAhnjuhi0+y5Ca6K/wVxNuoOHhaMD8HXIsNZxsZfnKQlVvhCQAmlvNE81sOC8qPQjWOMPrEm7H1fzJwSMS9Sszp7a8LR8PaieyB9rIbzUGPRfml2bRSEmpCUGPzaMarR1imzgG3b9PxzbFABvniT5YhmdjYVhvqSY0df3fQX3HoIlBz5wF3nCDiXnPWmveCygz8exRSlQms2DVcwgatPZebrl0cPfP3kjvRToMBcwnMhcw7rAsa8TCMPoknC0Q6NnUUKoCD2OcWXz+HA2TxSp8kwQayTcvze6PW24JcuXfojqdAae

Using some ASN1 viewer, you can see the one from bc has a NULL value for the Digest Algorithm, as seen below: image

So, does this behavior is expected? There is some RFC definition for this value?

Removing this value from the bc-csharp library didn't break any test so I guess is an optional behavior.

This is a similar question as one on issue #164.

jimsch commented 5 years ago

RFC 5754 defines the correct encoding. Omitting NULL is preferred, but both are legal.