Not able to validate archive-time-stamp-v3 using a hash algorithm different than one used for signature creation

[bsanchezb]

Hello,

I believe there is an issue when validating the archive-time-stamp-v3's message-imprint in a CAdES signature. The issue occurs when archive-time-stamp-v3 uses a different hash algorithm than the one used on signature creation.

Two test cases with the same and different hash algorithms are provided in the attached archive.

Best regards, Aleksandr.

examples.zip

[orm888]

Hellow I try to create AtV3. I use only one alghorithm. I can create V3 on CAdES-T. I collect two chains and crls, and put it into signedData root. And, i creat ATSHashIndexV3 with hashs, put it into time stamp to unsAttrs and put stamp to unsattrs in signerInfo. But i don't anderstand, how can i update it? I didnt get clear/strong answer in doc - ETSI EN 319 122-1 V1.2.1 (2021-10) how i can do it. I saw, what i need to recollect chains and crls, but where must i put it? in signedData in unsAttr timestamp (previous)? Do i need to put it with dublicates or i need to clear this set? Can you give me answer or links about it? Thanks

[bsanchezb]

@orm888 , hi.

You put all additional validation data within SignedData of signature's CMS, and create a new ATSTv3 with references to all data, including the previous ATSTv3.

KR, Aleksandr

[orm888]

For example, i have AtV3 (first) on CAdES-T I filled in root SignedData.certificate and signedData.crls and, i calculated and put ATSHASHIndexV3 in TimeStamp on concatenated hesh. After created AtV3 i have 2 unsigned Attrs - TimeStamp (CAdES-T) and TimeStamp on dataHesh(TimeStamp - AtV3) I want to update it.

I am collecting all the necessary data on this moment - certificates, crl/other and i expanding data in the root SignedData.certificates and SignedData.crls (without dublicates like in doc) After, i calculate ATSHashIndexV3(2) on extended data - includes CAdES-T and AtV3(1) for unsignedAttrValuesHashIndex and, i get TimeStamp (AtV3(2)). I put in AtV3(2) new ATSHashIndexV3(2) and add it to unsigned Attrs Is it correct chain of mind?

Will i get the following in Unigned Attrs? unsAttrs: --timeStamp CAdES-T --timeStamp AtV3(1) (ATSHashIndexV3{1}) --timeStamp AtV3(2) (ATSHashIndexV3(2))

Is thne number of updates equal number of AtV3 in unsigned attrs?

Thank you in advance

[bsanchezb]

Sounds right. Every next ATSTv3 will cover all available data, including new validation data (certs, crls, ocsps), and all preceding unsigned attributes (including the previous ATSTv3).

[orm888]

@bsanchezb, Hellow. Now, I try to check AtV3. In signed data i have certificates (chains for signer certificate and tsp certificate) . Will be enough to check hashes? I mean compare hashes for certificates part and hashes in ATSHashIndexV3. Or I need to add checking chains - what i can creat chain for signer certificate and tsp certificate?

Thank you in advance

[bsanchezb]

@orm888 , you simply compare hashes of certificates, individually. Do not forget to include in AtV3HashTable also hashes of revocation data (from signedData) and existing unsigned properties.

[orm888]

@bsanchezb, for example: I have some ES with AtV3, ATSHashIndexV3 has all neccessary hashes - certificatesHashIndex, crlsHashIndex, unsignedAttrValuesHashIndex (and hashIndAlgorithm) And, signed data has certificates (chains), crls/others and timeStamp in unsAttrs

Before, then i have XLT formate it needs to check all information in unsAttrs: I need to check signer certificate - create certificate chain Next, it needs to check this certificate in crls lists, or if its ocsp, it needs to check status of certificate. And athers....

And, some body compromise ES (AtV3) - added somthing or remove from certificates or crl/other. In this case we can't get the equal hashs. And, we don't need to somthing else.

Sorry if it isn't clearly enought I mean checking of hashes of certificates, crl/others. unsAttrs, and hash for timeStampV3 is it enought for AtV3?

[bsanchezb]

And, some body compromise ES (AtV3) - added somthing or remove from certificates or crl/other.

Please note, that addition of new data entries within SignedData is allowed behavior for CMS signatures. Such change would not invalidate the signature (while removal of data may have consequences, i.e. breaking AtV3).

I mean checking of hashes of certificates, crl/others. unsAttrs, and hash for timeStampV3 is it enought for AtV3?

For crypto validation of AtV3 it is enough.