formats icon indicating copy to clipboard operation
formats copied to clipboard

cms: Added a test for BER-CMS

Open bkstein opened this issue 7 months ago • 3 comments

This is my real-world test of a BER encoded CMS message using indefinite lengths. I removed the content, but kept the structure. This kind of messages is sent by EJBCA when certificates are enrolled using SCEP protocol.

bkstein avatar Jul 14 '25 12:07 bkstein

You can use hex! btw https://github.com/RustCrypto/formats/blob/9ca99ba5ee29e59473171b7a4ab9fcf048d4b6ce/der/tests/derive.rs#L800-L804

dishmaker avatar Jul 14 '25 13:07 dishmaker

I think the inside SignedData does not decode as intended.

[Spoiler] pretty-printing ContentInfo
let content_info = ContentInfo::from_ber(EXAMPLE_BER).unwrap();

// using der feature `clarify`
use der::{ClarifyFlavor, EncodeClarifyExt};
let clarified = content_info.to_der_clarify(ClarifyFlavor::RustHex).unwrap();
println!("clarified: {clarified}");

I could not decode it:

let signed_data = SignedData::from_ber(content_info.content.value()).unwrap();
assert!(signed_data.certificates.iter().nth(1).is_some());

gives a tag error.

hex!(
"30 37" // tag: SEQUENCE len: 55 type: ContentInfo
        "06 09" // tag: OBJECT IDENTIFIER type: ObjectIdentifier
                "2A 86 48 86 F7 0D 01 07 02"
        "A0 2A" // tag: CONTEXT-SPECIFIC [0] (constructed) len: 42 type: ContextSpecificRef<Any>
                "30 28" // tag: SEQUENCE len: 40 type: Any
                        "02 01 01 31 00 30 0B 06 09 2A 86 48 86 F7 0D 01
                         07 01 A0 80 30 06 30 00 30 00 30 00 30 06 30 00
                         30 00 30 00 00 00 31 00"
                "" // end: Any
        "" // end: ContextSpecificRef<Any>
"" // end: ContentInfo
)

dishmaker avatar Jul 14 '25 14:07 dishmaker

The EXAMPLE_BER is not a valid CMS message. I used it to test, if my own preliminary BER-to-DER converter works on nested indefinite length structures (ignoring the content).

bkstein avatar Jul 14 '25 14:07 bkstein