Add support for CAdES Basic Electronic Signatures (CAdES-BES)

[opensignature]

A CAdES Basic Electronic Signature (CAdES-BES) contains, among other
specifications, a collection of Signing Certificate reference attributes,
stored in the signedData ether as ESS signing-certificate or as
ESS signing-certificate-v2. These are described in detail in Section 5.7.2
of RFC 5126 - CMS Advanced Electronic Signatures (CAdES).

This patch adds support for adding ESS signing-certificate[-v2] attributes
to CMS signedData. Although it implements only a small part of the RFC, it
is sufficient many cases to enable the openssl cms app to create signatures
which comply with legal requirements of some European States (e.g Italy).

(migrated from #7611)

Checklist

• documentation is added or updated
• tests are added or updated

[mspncp]

Ok, so one step was made, but the task is not completed yet. You now have a feature branch but it still contains all the 40+ unsquashed commits, instead of the single squashed commit. Don't worry, we can fix it without creating a new pull request. Your local branch needs to be reset to the squashed commit and then your local branch with the squashed needs to be force-pushed.

You have two options:

• You ask me to do the fix for you. I have push access to your feature branch, unless you unchecked the 'allow edits from maintainers' check button.
• You want to do it yourself. Then I can send you the necessary commands to do it.

But it will take a little while because I won't be able to do it this evening.

[opensignature]

'allow edits from maintainers' check button is checked however if you want to send me the commands or indicate me a link where to learn them, I can do it

[mspncp]

I can do it

Ok, then you will do it. Can you please post the output of the following two commands? You can either post it here or send it to my email address (which you find in the git log).

git remote -v
git branch -vv

[mspncp]

Cool! You did it! Congratulations!

[mspncp]

Next question is: is your pull request ready for final review or still work-in-progress? If the latter holds, then please edit the pull request title (not the commit message title) and add the "WIP:" prefix. There is an [Edit] button right next to it at the top of this page.

WIP: Add support for CAdES Basic Electronic Signatures (CAdES-BES)

[opensignature]

For me this pull request is ready for final review

[levitte]

git branch -vv

Oh, I learned something today...

[levitte]

First read through.

FYI, I usually do more than one read through, so there may be other change requests coming up. This all looks pretty good, though, so I don't expect much changes will be needed.

[FdaSilvaYY]

In line with my previous comment , I specify a bit more my point of view:

A large part of code is already in the project,
See crypto/ts/ts_rsp_sign.c

You just need to extract from this file :

ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, STACK_OF(X509) *certs);
ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new_init(const EVP_MD *hash_alg, X509 *signcert, STACK_OF(X509) *certs);

Add this two dedicated simple methods :

int CMS_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc);
int CMS_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc);

and reuse them in your code, and in ts_rsp_sign.c

[maxcuttins]

Wow!!!!! :)
This feature seems close to release!!!

THANKS TO EVERYBODY!

[mspncp]

Wow!!!!! :)
This feature seems close to release!!!

THANKS TO EVERYBODY!

Thanks @maxcuttins. BTW, review and feedback from OpenSSL users are welcome at any time 😃.

@opensignature it might be an option for you to announce the new CAdES feature on the openssl-users mailing list together with a link to this pull request and to ask for additional feedback from other users. Of course that's up to you.

[opensignature]

I agree @FdaSilvaYY, I hope in this last commit to have correctly understood your suggestion

[opensignature]

What do you think about adding a new sub-library to OpenSSL, crypto/ess with ess_lib.c, ess_err.c, ecc. ?

[levitte]

What do you think about adding a new sub-library to OpenSSL, crypto/ess with ess_lib.c, ess_err.c, ecc. ?

Considering the API is a whole bunch of ESS_ functions, it does make sense.

[opensignature]

Now it all seems more logical to me that ESS functions are inside crypto/ess and rest on ts and cms (in this the two CAdES functions have remained).
Thanks to @FdaSilvaYY and @levitte for useful tips and @mspncp for lessons (also in private) about git 👍

[maxcuttins]

Almost! :)
Thanks to everybody.

@opensignature you are a hero!

[mspncp]

@opensignature you are a hero!

Hey @opensignature, you already acquired a fan club! ;-)

[levitte]

Since you removed "ess" from the disablable features, there's no need to check OPENSSL_NO_ESS

[opensignature]

Test:
(with -cades option)
util/shlib_wrap.sh apps/openssl cms -sign -cades -in test/smcont.txt -outform DER -nodetach -certfile test/smime-certs/smroot.pem -md sha256 -signer test/smime-certs/smrsa1.pem -out testcades.p7m

and
(without -cades)
util/shlib_wrap.sh apps/openssl cms -sign -in test/smcont.txt -outform DER -nodetach -certfile test/smime-certs/smroot.pem -md sha256 -signer test/smime-certs/smrsa1.pem -out testnocades.p7m

try to upload result file here: dss.agid.gov.it/validation

in the first case the result is: Signature format: CAdES-BASELINE-B
in the second: Signature format: CMS-NOT-ETSI

[mspncp]

Here a suggestion for CMS_add1_signing_cert.pod, the other file can be removed. (Safe the diff to a file and use git apply to obtain the changes.)

Don't forget to run make doc-nits after pod file changes, it will let you know about common errors.

diff --git a/doc/man3/CMS_add1_signing_cert.pod b/doc/man3/CMS_add1_signing_cert.pod
index dbcf4f6ae9..e91c1c0706 100644
--- a/doc/man3/CMS_add1_signing_cert.pod
+++ b/doc/man3/CMS_add1_signing_cert.pod
@@ -2,22 +2,28 @@
 
 =head1 NAME
 
-CMS_add1_signing_cert - add ESS signing-certificate signed
-attribute to a CMS_SignerInfo data structure
+CMS_add1_signing_cert, CMS_add1_signing_cert_v2
+- add ESS signing-certificate signed attribute to a
+CMS_SignerInfo data structure
 
 =head1 SYNOPSIS
 
  #include <openssl/cms.h>
 
  CMS_SignerInfo *CMS_add1_signing_cert(CMS_SignerInfo *si, X509 *signer)
+ CMS_SignerInfo *CMS_add1_signing_cert_v2(CMS_SignerInfo *si, X509 *signer,
+                                          const EVP_MD *sign_md)
 
 =head1 DESCRIPTION
 
-CMS_add1_signing_cert() adds a ESS signing-certificate signed
-attribute using certificate B<signer> and SHA1 message digest  
+CMS_add1_signing_cert() adds a ESS Signing Certificate (version 1) signed
+attribute using certificate B<signer> and SHA1 message digest
 to CMS_SignerInfo B<si>structure.
-ESS signing certificate attribute is defined in the RFC 5035
-that updates Section 5.4 of RFC 2634.
+CMS_add1_signing_cert_v2() adds a ESS Signing Certificate (version 2) signed
+attribute using certificate B<signer> and message digest B<sign_md>
+to CMS_SignerInfo B<si>structure.
+ESS Signing Certificate attributes version 1 and 2 are defined in RFC 5035
+which updates Section 5.4 of RFC 2634.
 
 =head1 NOTES
 
@@ -26,12 +32,8 @@ This attribute is mandatory to make a CMS compliant with CAdES-BES
 
 =head1 RETURN VALUES
 
-CMS_add1_signing_cert() returns  an internal pointer to the CMS_SignerInfo
-structure just added for a successful add and NULL if an error occurred.
-
-=head1 SEE ALSO
-
-L<CMS_add1_signing_cert_v2(3)>,
+CMS_add1_signing_cert() and CMS_add1_signing_cert_v2() return  a pointer
+to the CMS_SignerInfo structure just added, or NULL if an error occurred.
 
 =head1 COPYRIGHT

[mspncp]

@opensignature there is a merge commit (ed610c5) in your branch now. But let's not worry about gitechnical nitpicking and just concentrate on the change set. Because in the end (when it's merged into master after the second approval) all commits will be squashed anyway (by me). I will need to take a final look at it today or tomorrow evening before being able to approve. So please be patient with me.

[opensignature]

@opensignature there is a merge commit (ed610c5) in your branch now. But let's not worry about gitechnical nitpicking and just concentrate on the change set. Because in the end (when it's merged into master after the second approval) all commits will be squashed anyway (by me). I will need to take a final look at it today or tomorrow evening before being able to approve. So please be patient with me.

sorry @mspncp erroneous use of git pull

[mspncp]

Funny, the certificate for https://dss.agid.gov.it/validation expired yesterday: What an irony that not even the digital signature experts manage to get their web certificates renewed in time. ;-)

Common Name (CN)	dss.agid.gov.it
Organization (O)	<Not Part Of Certificate>
Organizational Unit (OU)	<Not Part Of Certificate>
Common Name (CN)	Let's Encrypt Authority X3
Organization (O)	Let's Encrypt
Organizational Unit (OU)	<Not Part Of Certificate>
Issued On	Wednesday, October 24, 2018 at 8:31:32 AM
Expires On	Tuesday, January 22, 2019 at 7:31:32 AM

[mspncp]

@opensignature now everything looks fine to me, I think now it's ready for a second review. :-)

[mspncp]

(Note to the second reviewer: don't worry about the merge commit, the pull request will be squashed in the end, using the commit message of it's first commit.)

[opensignature]

Funny, the certificate for https://dss.agid.gov.it/validation expired yesterday: What an irony that not even the digital signature experts manage to get their web certificates renewed in time. ;-)

use
https://joinup.ec.europa.eu/dss-webapp/validation
or
https://www.signatur.rtr.at/en/vd/Pruefung.html

[levitte]

Looks good to me.

[levitte]

Are you willing to take care of the util/libcrypto.num conflict too, @mspncp? If not, I can handle the merge.

[mspncp]

Yes, no problem. I can do it.

[mspncp]

Merged to master:

e85d19c crypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES)

Congratulations to your first successful contribution to the OpenSSL library @opensignature! I think your pull request has matured very nicely since its first version and now it makes a nice and consistent impression. Special thanks go to @FdaSilvaYY who helped improving your work and did a major part of the reviewing.

[maxcuttins]

Thanks again to @opensignature!

[mspncp]

@maxcuttins there is even more on the way. I assume you have already noticed #8098 by @FdaSilvaYY?

[maxcuttins]

@mspncp, this seems very good.
However we do really need the timestamp of "when" the document has been signed with CADES.
This because sooner or later the signer cert will expire but the document should be considered still valid if the signature was valid at the time of signing.

This is not happening at the moment.
If signature is in the past, validation is not passed because the document is considered signed by an expired signature, which is not true if we consider the time when the document has been signed.

So at the moment we need to parse the asn1 code in order to see the signiningTime and check it manually against the certificate expiration date.

openssl asn1parse -inform DER -in "file-der-pdf-p7m"|sed -n -e '/:signingTime/,/UTCTIME/p'| grep UTCTIME | awk '{print $7}'| sed 's/[:Z]//g'

Do you think this new merge will help also to avoid this kind of ugly fix?

[FdaSilvaYY]

@maxcuttins : the NID_pkcs9_signingTime handling is barely minimal actually.
Could you open an Issue to discuss the details , please ;)