MIC isn't matched when signing algorithm name differs like "sha1" and "sha-1"

[marsman211]

Hi Philip, I'm currently testing your client against the Mendelson test server. I saw that the MIC match is maybe not working correctly? The MDN-MIC is checked the two Strings are taken and checked against each other if they are equal or not. I saw in my logs that a

AS2SenderModule.receiveSyncMDN: MIC IS NOT MATCHED, original mic: 'FtVbCVkh0mURjDUF1gydZcSRVYg=, sha-1' return mic: 'FtVbCVkh0mURjDUF1gydZcSRVYg=, sha1' [<test_mycompanyAS2_mendelsontestAS2_cb0bc6f7-d7fa-47c5-b575-bc2c41448b68>]

appears. The reason for that is that sReturnMIC is directly checked against sOriginalMIC, but the algorithm name differ.

Maybe it is possible to check first the first part of the MIC and after that the used algorithm? Or do you want to check the MICs that strictly?

[phax]

Well it is is clearly defined what algorithms are "semantically" equal (e.g. "sha1" and "sha-1"). That should be used.

[phax]

Note from RFC 5751, section 3.4.3.1:

(Historical note: some early implementations of S/MIME emitted and expected "rsa-md5", "rsa-sha1", and "sha1" for the micalg parameter.) Receiving agents SHOULD be able to recover gracefully from a micalg parameter value that they do not recognize. Future names for this parameter will be consistent with the IANA "Hash Function Textual Names" registry.