Bug #6122

OpenSSL::PKCS7 verify

Added by Justin Peal about 2 years ago. Updated over 1 year ago.

[ruby-core:43111]
Status:Closed
Priority:High
Assignee:Martin Bosslet
Category:ext
Target version:2.0.0
ruby -v:ruby 1.9.3p125 (2012-02-16) [i386-mingw32] Backport:

Description

not_after can not later than 2038-01-19 11:14:07

verify can pass wrong certificate

require 'OpenSSL'

class Rsa
attr_reader :key, :cert
@@sha = OpenSSL::Digest::SHA1.new
@@aes = OpenSSL::Cipher.new("aes-128-ofb")

def initialize serial, issuer=nil
  @key = OpenSSL::PKey::RSA.new(1024)
  @cert = OpenSSL::X509::Certificate.new
  @cert.version = 2   # RFC 5280 - v3
  @cert.serial = serial
  @cert.subject = OpenSSL::X509::Name.parse "CN=#{serial}"
  @cert.issuer = issuer==nil ? @cert.subject : issuer
  @cert.public_key = @key.public_key
  @cert.not_before = Time.now
  @cert.not_after = Time.mktime(2038, 1, 19, 11, 14, 7)   # second = 8 ==> Fail!
  @cert.sign(@key, @@sha) if issuer==nil
end

def sign key
  @cert.sign(key, @@sha)
end

def signencrypt(plain, objcert)
signed = OpenSSL::PKCS7::sign(@cert, @key, plain)
encrypted = OpenSSL::PKCS7::encrypt([objcert], signed.tos, @@aes)
end

def decryptverify(received, objcert, cacert)
encrypted = OpenSSL::PKCS7.new(received)
decrypted = encrypted.decrypt(@key, @cert)
signed = OpenSSL::PKCS7.new(decrypted)
cert
store = OpenSSL::X509::Store.new.addcert(cacert)
plain = signed.data if signed.verify([objcert], certstore)
end
end

ca = Rsa.new(1)
alice = Rsa.new(11, ca.cert.issuer)
alice.sign ca.key
right = Rsa.new(12, ca.cert.issuer)
right.sign ca.key

fa = Rsa.new(3)
wrong = Rsa.new(33, fa.cert.issuer)

wrong.sign fa.key # Don't sign indeed!

plain = "Something's wrong."
signedencrypted = right.signencrypt(plain, alice.cert)
recovered = alice.decryptverify(signedencrypted, wrong.cert, ca.cert) # wrong should be right
puts recovered==plain ? recovered : "It's okay!"


Related issues

Related to ruby-trunk - Bug #6571: Time.mktime Y2K38 problem on 1.9.3p125 i386-mingw32 Assigned 06/11/2012

History

#1 Updated by Justin Peal about 2 years ago

not_after can not later than 2038-01-19 11:14:07

require 'OpenSSL'

class Rsa
attr_reader :key, :cert
@@sha = OpenSSL::Digest::SHA1.new
@@aes = OpenSSL::Cipher.new("aes-128-ofb")

def initialize serial, issuer=nil
  @key = OpenSSL::PKey::RSA.new(1024)
  @cert = OpenSSL::X509::Certificate.new
  @cert.version = 2   # RFC 5280 - v3
  @cert.serial = serial
  @cert.subject = OpenSSL::X509::Name.parse "CN=#{serial}"
  @cert.issuer = issuer==nil ? @cert.subject : issuer
  @cert.public_key = @key.public_key
  @cert.not_before = Time.now
  @cert.not_after = Time.mktime(2038, 1, 19, 11, 14, 7)   # second = 8 ==> Fail!
  @cert.sign(@key, @@sha) if issuer==nil
end

def sign key
  @cert.sign(key, @@sha)
end

def signencrypt(plain, objcert)
signed = OpenSSL::PKCS7::sign(@cert, @key, plain)
encrypted = OpenSSL::PKCS7::encrypt([objcert], signed.tos, @@aes)
end

def decryptverify(received, objcert, cacert)
encrypted = OpenSSL::PKCS7.new(received)
decrypted = encrypted.decrypt(@key, @cert)
signed = OpenSSL::PKCS7.new(decrypted)
cert
store = OpenSSL::X509::Store.new.addcert(cacert)
plain = signed.data if signed.verify([objcert], certstore, nil, OpenSSL::PKCS7::NOINTERN | OpenSSL::PKCS7::NOCHAIN)
end
end

ca = Rsa.new(1)
alice = Rsa.new(11, ca.cert.issuer)
alice.sign ca.key
right = Rsa.new(12, ca.cert.issuer)
right.sign ca.key

fa = Rsa.new(3)
wrong = Rsa.new(33, fa.cert.issuer)
wrong.sign fa.key

plain = "Something's wrong."
signedencrypted = right.signencrypt(plain, alice.cert)
recovered = alice.decryptverify(signedencrypted, right.cert, ca.cert)
puts recovered==plain ? "It's okay!" : recovered;
recovered = alice.decryptverify(signedencrypted, wrong.cert, ca.cert) # wrong should be right
puts recovered!=plain ? "It's okay!" : recovered;

#2 Updated by Martin Bosslet about 2 years ago

  • Category set to ext
  • Assignee set to Martin Bosslet
  • Target version set to 2.0.0

#3 Updated by Shyouhei Urabe about 2 years ago

  • Status changed from Open to Assigned

#4 Updated by Martin Bosslet almost 2 years ago

  • Status changed from Assigned to Closed

Hi Justin,

The behavior you encountered is not an error. When you sign the PKCS7, the signing certificate will be included in the resulting SignedData structure. You can see that:

def decryptverify(received, objcert, cacert)
encrypted = OpenSSL::PKCS7.new(received)
decrypted = encrypted.decrypt(@key, @cert)
signed = OpenSSL::PKCS7.new(decrypted)
cert
store = OpenSSL::X509::Store.new.addcert(cacert)
signed.certificates.each { |c| p c } # => the signing certificate is in there
plain = signed.data if signed.verify([objcert], certstore)
end

When the PKCS7 is verified later on, OpenSSL will at first look through the certificates you provided and then look in the SignedData itself if it can find the signing certificate there. It does, so it ignores your additional certificate. With the signing certificate included,

signed.verify(nil, cert_store)

will also succeed, and this is expected. If you want it to behave differently, you may either use the flags as in your second example, or you might sign the data without including the signing certificates.

Regarding the time issue, you ran into the Y2K38 problem there. This shouldn't be a problem anymore with your Ruby version, and it works on my Linux machine, could be that it is a problem specific to Windows. I'll close this issue and open a separate one for the time problem as they are not related.

#5 Updated by Martin Bosslet almost 2 years ago

Created https://bugs.ruby-lang.org/issues/6571 for the Time issue.

#6 Updated by Justin Peal over 1 year ago

Thanks a lot!

Also available in: Atom PDF