ASN.1 `Set Of` invalid DER encoding for PKCS#7 authenticatedAttributes

[dhensby]

According to the X.690 specification (ISO/IEC 8825-1:2021 (E)) the ASN.1 standard for Set Of components must be encoded in order when using DER:

11 Restrictions on BER employed by both CER and DER ... 11.6 Set of components The encodings of the component values of a set-of value shall appear in ascending order, the encodings being compared as octet strings with the shorter components being padded at their trailing end with 0-octets. NOTE – The padding octets are for comparison purposes only and do not appear in the encodings.

This has been determined to cause bouncy castle to reject the PKCS#7 signatures that this library produces.

I'll take a look into ordering the Set Of components, presumably this is best done in the toDer method on the asn1 package? Otherwise the sorting could be done when the ASN.1 is constructed.

[T-Ricks]

I noticed that same thing too: not ordering the attribute list to sign causes the library to produce invalid signatures. The bug is easily reproducible by including the signingTime attribute along with the messageDigest and contentType attributes: the signingTime is put by the library at the end of the attribute list , while it should appear before the messageDigest (because in this case the ordering criteria ends up being the length of the DER Encoding of the attribute).

[dhensby]

@T-Ricks just FYI - I have now opened a PR that fixes the issue