pyas2-lib cms.verify_message should validate the value of Received-Content-MIC for unsigned sent files or fail when MIC is missing.

cms.verify_message should validate the value of Received-Content-MIC for unsigned sent files or fail when MIC is missing.

Open adiroiban opened this issue 3 years ago • 2 comments

When validating a MDN, the current code only checks for a valid signature.

But I think that it should also read the Received-Content-MIC value and make sure it is the expected value.

Also, I think that the docstring has a copy/paste error.

def verify_message(data_to_verify, signature, verify_cert):
    """Function parses an ASN.1 encrypted message and extracts/decrypts the original message.

I guess that the verify_message arguments should be extended to also pass the expected MIC value.

Thanks!

Aug 07 '20 03:08 adiroiban

pyas2-lib pyas2-lib copied to clipboard

cms.verify_message should validate the value of Received-Content-MIC for unsigned sent files or fail when MIC is missing.

pyas2-lib
pyas2-lib copied to clipboard