PKCS#7 signed data and custom authenticatedAttributes / OIDs

[NuSkooler]

Is there a way to add custom (e.g. not known to node-forge) authenticated attributes to a PKCS#7 signed package?

I'm attempting the following, but see "empty" results when I openssl asn1parse ... the output:

const signed = forge.pkcs7.createSignedData();

signed.addSigner({
    key                 : privateKey,
    certificate             : cert,
    digestAlgorithm     : forge.pki.oids.sha1,
    authenticatedAttributes : [
        {
            type    : forge.pki.oids.contentType,
            value   : forge.pki.oids.data
        },
        {
            type: forge.pki.oids.messageDigest              
        },
        {
            type: forge.pki.oids.signingTime,               
        },
        //  :TODO:
        //  "The transactionID SHOULD be the MD5 hash of the public key from the
        //  request, encoded as a PrintableString"
        {
            name    : 'transactionID',
            type    : '2.16.840.1.113733.1.9.7',
            value   : '2dc41c4aa005263394db2c91904fd183',

        },
        {
            name    : 'messageType',
            type    : '2.16.840.1.113733.1.9.2',
            value   : '3',  //  CertRep         
        },
        {
            name    : 'senderNonce',
            type    : '2.16.840.1.113733.1.9.5',
            value   : '2528804744729265',
        },
        {
            name    : 'responderNonce',
            type    : '2.16.840.1.113733.1.9.6',
            value   : '9523024721942548',
        },  
        {
            name    : 'pkiStatus',
            type    : '2.16.840.1.113733.1.9.3',
            value   : '0',  //  SUCCESS
        }
    ] 
});

signed.content = forge.asn1.toDer(enveloped.toAsn1());
signed.sign();  

The OIDs in question are related to SCEP (See e.g. http://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/116167-technote-scep-00.html)

Example fragment dump from openssl asn1parse ...:

1579:d=6  hl=2 l=  14 cons: SEQUENCE          
 1581:d=7  hl=2 l=  10 prim: OBJECT            :2.16.840.1.113733.1.9.7
 1593:d=7  hl=2 l=   0 cons: SET               

[NuSkooler]

BTW: I"m fully willing to implement and submit a PR if I can be given a little direction in what needs to be done :)

[dlongley]

@NuSkooler -- saw this issue come in, just swamped at the moment and can't look into it. If there's no way to add custom attributes, we want to make sure there is ... I can't remember off the top of my head if it's possible but just difficult at the moment.

[NuSkooler]

@dlongley Thanks for the reply! FWIW, I added a (probably considered hack) way to go about this in pkcs7.js _attributeToAsn1: If attr has an rawValue member, it just takes it as is. The caller (e.g. of addSigner) is expected to create rawValue with asn1.create():

function _attributeToAsn1(attr) {
  var value;

  // TODO: generalize to support more attributes
  if(attr.type === forge.pki.oids.contentType) {
    value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
      asn1.oidToDer(attr.value).getBytes());
  } else if(attr.type === forge.pki.oids.messageDigest) {
    value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
      attr.value.bytes());
  } else if(attr.type === forge.pki.oids.signingTime) {
    /* Note per RFC 2985: Dates between 1 January 1950 and 31 December 2049
      (inclusive) MUST be encoded as UTCTime. Any dates with year values
      before 1950 or after 2049 MUST be encoded as GeneralizedTime. [Further,]
      UTCTime values MUST be expressed in Greenwich Mean Time (Zulu) and MUST
      include seconds (i.e., times are YYMMDDHHMMSSZ), even where the
      number of seconds is zero.  Midnight (GMT) must be represented as
      "YYMMDD000000Z". */
    // TODO: make these module-level constants
    var jan_1_1950 = new Date('Jan 1, 1950 00:00:00Z');
    var jan_1_2050 = new Date('Jan 1, 2050 00:00:00Z');
    var date = attr.value;
    if(typeof date === 'string') {
      // try to parse date
      var timestamp = Date.parse(date);
      if(!isNaN(timestamp)) {
        date = new Date(timestamp);
      } else if(date.length === 13) {
        // YYMMDDHHMMSSZ (13 chars for UTCTime)
        date = asn1.utcTimeToDate(date);
      } else {
        // assume generalized time
        date = asn1.generalizedTimeToDate(date);
      }
    }

    if(date >= jan_1_1950 && date < jan_1_2050) {
      value = asn1.create(
        asn1.Class.UNIVERSAL, asn1.Type.UTCTIME, false,
        asn1.dateToUtcTime(date));
    } else {
      value = asn1.create(
        asn1.Class.UNIVERSAL, asn1.Type.GENERALIZEDTIME, false,
        asn1.dateToGeneralizedTime(date));
    }
  } else if(attr.rawValue) {
    value = attr.rawValue;
  }

  // TODO: expose as common API call
  // create a RelativeDistinguishedName set
  // each value in the set is an AttributeTypeAndValue first
  // containing the type (an OID) and second the value
  return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
    // AttributeType
    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
      asn1.oidToDer(attr.type).getBytes()),
    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [
      // AttributeValue
      value
    ])
  ]);
}

Usage:

signed.addSigner({
    key                     : privateKey,
    certificate             : cert
    digestAlgorithm         : forge.pki.oids.sha1,
    authenticatedAttributes : [
        {
            type    : forge.pki.oids.contentType,
            value   : forge.pki.oids.data
        },
        {
            type: forge.pki.oids.messageDigest              
        },
        {
            type: forge.pki.oids.signingTime,               
        },
        {
            name    : 'transactionID',
            type    : '2.16.840.1.113733.1.9.7',
            rawValue : forge.asn1.create(
                forge.asn1.Class.UNIVERSAL, forge.asn1.Type.PRINTABLESTRING, false, '2dc41c4aa005263394db2c91904fd183'),

        }
    ] 
});

This seems to work when I look at openssl asn1parse... but that doesn't necessarily mean it's valid -- that, I'm not sure.

[NuSkooler]

Update: I can validate that the fix mentioned above functions properly!

[NuSkooler]

If the above is something you are interested in, I can submit a PR. The only change is actually the else if for the rawValue check above:

} else if(attr.rawValue) {
    value = attr.rawValue;
  }

[dlongley]

@NuSkooler -- I have to look into it, I thought we had something similar somewhere else and I'd like to keep the naming consistent.

[troyfactor4]

Hey @dlongley can I submit a PR for this? I really think it would add a lot of raw value to the node-forge ecosystem if we could add custom attributes :-D

Also, I'm running into the same issue as @NuSkooler

[troyfactor4]

@dlongley is rawCapture what you were thinking of? It seems to be used elsewhere in pkcs7.js in just a slightly different context.

[petitout]

Hi @dlongley , any news on this issue ? I need to have custom authenticatedAttributes but they are currently set as empty ...

I can create a PR, let me know

Thanks !

[ovk]

Unfortunately, the suggested solutions won't work, as they will likely lead to generating invalid signature. The problem is that when attributes are put into SET OF for the signature calculation they must be in sorted order, and node-forge doesn't do anything like that.

[lulin1994]

Confirmed that @ovk is leading us on to the right track here. In case anyone else is bothered by this issue