Comments (6)
I am also having a similar error while performing checks on some files.
For example OneDrive from Microsoft: https://go.microsoft.com/fwlink/p/?LinkId=248256
It is validly signed by Microsoft: VirusTotal Signing Info
from signify.
It looks like v0.1.5 is working fine.
from signify.
This probably has to do with the change to pyasn1-modules. If you could figure out what the difference is between those and the ones we had in 0.1.5, that would be great. Also it would be helpful to know why these particular samples fail; what are they using that causes this issue?
from signify.
It appears that it is the implementation of #6 that's the culprit. You wouldn't have noticed the issues before because we simply ignored those timestamps. I'll take a look as soon as I'm able to
from signify.
It appears that it is the implementation of #6 that's the culprit. You wouldn't have noticed the issues before because we simply ignored those timestamps. I'll take a look as soon as I'm able to
Have you found the issue?
from signify.
I started debugging whois.exe, which contains a RFC5652 SignedData DER-encoded object in the attribute with OID 1.3.6.1.4.1.311.3.3.1. The extracted binary data is attached here
When parsing this structure, something goes wrong. This appears to happen because
SignedData.certificates
(a CertificateSet
with CertificateChoices
elements) contains three elements: two untagged elements (being a certificate
in CertificateChoices
terms) and a third tagged attribute with tag 1
. This would mean it's a v1AttrCert
of type AttributeCertificateV1
, according to RFC5652 section 10.2.2.
However, the structure is not actually a AttributeCertificateV1
, rather adhering to AttributeCertificateV2
(as can be seen as the version inside the structure is integer 1
(which is v2
, go figure...)).
The relevant part is shown below, annotated with field names for clarity:
SEQUENCE (5 elem) # SignedData
INTEGER 3 # version
SET (1 elem) # digestAlgorithms
SEQUENCE (2 elem) # encapContentInfo
[0] (3 elem) # certificates
SEQUENCE (3 elem) # certificate
SEQUENCE (3 elem) # certificate
[1] (3 elem) # v1AttrCert
SEQUENCE (7 elem) # acInfo
INTEGER 1 # version (1 = v2)
SEQUENCE (2 elem) # v1: subject / v2: holder
[0] (1 elem) # issuer
SEQUENCE (2 elem) # signature
INTEGER 3785039085 # serialNumber
SEQUENCE (2 elem) # attCertValidityPeriod
SEQUENCE (2 elem)
SEQUENCE (2 elem) # signatureAlgorithm
BIT STRING (1024 bit) 010000111000000001110000000001101001010110010011000010011001000000101… # signature
SET (1 elem) # signerInfos
The schema above can be reproduced by using https://lapo.it/asn1js/ and uploading the attached binary blob.
I have no clue why this is happening. Perhaps they are following another RFC for this structure that specifically changes how we should interpret this ASN.1 structure, or this is simply an error that is somehow caught by Microsoft's parsers.
from signify.
Related Issues (20)
- Support for SHA-384 algorithm HOT 4
- Parse authroot.stl HOT 1
- Recurring error checking the countersigner hash HOT 4
- Support for AIA fetching of intermediates HOT 5
- Support multiple signature types HOT 6
- Support more certificate revisions? HOT 1
- Support more `SignerInfo` versions? HOT 1
- Cert Table parsing error HOT 1
- Does it support reading a file as a buffer?
- Need to specify asn1crypto version in requirements.txt
- cannot import name 'rfc3161' from 'pyasn1_modules' HOT 1
- Exception raised if script is compiled by pyinstaller HOT 5
- Support for MSI files HOT 7
- SignerInfoVerificationError with valid signature HOT 8
- test_revoked_certificate fails since 2021-10-08 HOT 1
- How to do certificate pinning? HOT 3
- Can't import signify after upgrading to Ubuntu Jammy HOT 1
- bytes() on bitstring causes wrong parsing of subject_public_key
- Exception when root cert has 'Disallowed Filetime' but no 'Not before time' HOT 3
- Add to README.rst or Docs "Examples" section. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from signify.