M2Crypto:从不透明签名的S / MIME中提取消息(pkcs7-mime)

时间:2013-07-15 17:12:44

标签: python debian m2crypto smime

我在从opaque签名的S / MIME邮件中提取邮件数据时遇到问题,例如:

To: ngps@post1.com
From: ngps@mpost1.com
Subject: testing
MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/pkcs7-mime; smime-type=signed-data; name="smime.p7m"
Content-Transfer-Encoding: base64

MIIHQwYJKoZIhvcNAQcCoIIHNDCCBzACAQExCzAJBgUrDgMCGgUAMIICQwYJKoZI
hvcNAQcBoIICNASCAjANClMvTUlNRSAtIFNlY3VyZSBNdWx0aXB1cnBvc2UgSW50
ZXJuZXQgTWFpbCBFeHRlbnNpb25zIFtSRkMgMjMxMSwgUkZDIDIzMTJdIC0gDQpw
cm92aWRlcyBhIGNvbnNpc3RlbnQgd2F5IHRvIHNlbmQgYW5kIHJlY2VpdmUgc2Vj
dXJlIE1JTUUgZGF0YS4gQmFzZWQgb24gdGhlDQpwb3B1bGFyIEludGVybmV0IE1J
TUUgc3RhbmRhcmQsIFMvTUlNRSBwcm92aWRlcyB0aGUgZm9sbG93aW5nIGNyeXB0
b2dyYXBoaWMNCnNlY3VyaXR5IHNlcnZpY2VzIGZvciBlbGVjdHJvbmljIG1lc3Nh
Z2luZyBhcHBsaWNhdGlvbnMgLSBhdXRoZW50aWNhdGlvbiwNCm1lc3NhZ2UgaW50
ZWdyaXR5IGFuZCBub24tcmVwdWRpYXRpb24gb2Ygb3JpZ2luICh1c2luZyBkaWdp
dGFsIHNpZ25hdHVyZXMpDQphbmQgcHJpdmFjeSBhbmQgZGF0YSBzZWN1cml0eSAo
dXNpbmcgZW5jcnlwdGlvbikuDQoNClMvTUlNRSBpcyBidWlsdCBvbiB0aGUgUEtD
UyAjNyBzdGFuZGFyZC4gW1BLQ1M3XQ0KDQpTL01JTUUgaXMgaW1wbGVtZW50ZWQg
aW4gTmV0c2NhcGUgTWVzc2VuZ2VyIGFuZCBNaWNyb3NvZnQgT3V0bG9vay4NCqCC
AxAwggMMMIICdaADAgECAgECMA0GCSqGSIb3DQEBBAUAMHsxCzAJBgNVBAYTAlNH
MREwDwYDVQQKEwhNMkNyeXB0bzEUMBIGA1UECxMLTTJDcnlwdG8gQ0ExJDAiBgNV
BAMTG00yQ3J5cHRvIENlcnRpZmljYXRlIE1hc3RlcjEdMBsGCSqGSIb3DQEJARYO
bmdwc0Bwb3N0MS5jb20wHhcNMDAwOTEwMDk1ODIwWhcNMDIwOTEwMDk1ODIwWjBZ
MQswCQYDVQQGEwJTRzERMA8GA1UEChMITTJDcnlwdG8xGDAWBgNVBAMTD00yQ3J5
cHRvIENsaWVudDEdMBsGCSqGSIb3DQEJARYObmdwc0Bwb3N0MS5jb20wXDANBgkq
hkiG9w0BAQEFAANLADBIAkEAoz3zUF0dmxSU+1fso+eTdmjDY71gWNeXWX28qsBJ
0UFmq4JCtw7Gv4fJ0TZgQHVIrXgKrUvzsquu8eiVjuP/NwIDAQABo4IBBDCCAQAw
CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy
dGlmaWNhdGUwHQYDVR0OBBYEFMcQhEeJ1x9d+8Rzag9yjCiutYKOMIGlBgNVHSME
gZ0wgZqAFPuHI2nrnDqTFeXFvylRT/7tKDgBoX+kfTB7MQswCQYDVQQGEwJTRzER
MA8GA1UEChMITTJDcnlwdG8xFDASBgNVBAsTC00yQ3J5cHRvIENBMSQwIgYDVQQD
ExtNMkNyeXB0byBDZXJ0aWZpY2F0ZSBNYXN0ZXIxHTAbBgkqhkiG9w0BCQEWDm5n
cHNAcG9zdDEuY29tggEAMA0GCSqGSIb3DQEBBAUAA4GBAKy2cWa2BF6cbBPE4ici
//wOqkLDbsI3YZyUSj7ZPnefghx9EwRJfLB3/sXEf78OHL7yV6IMrvEVEAJCYs+3
w/lspCMJC0hOomxnt0vjyCCd0JeaEwihQGbOo9V0reXzrUy8yNkwo1w8mMSbIvqh
+D5uTB0jKL/ml1EVLw3NJf68MYIBwTCCAb0CAQEwgYAwezELMAkGA1UEBhMCU0cx
ETAPBgNVBAoTCE0yQ3J5cHRvMRQwEgYDVQQLEwtNMkNyeXB0byBDQTEkMCIGA1UE
AxMbTTJDcnlwdG8gQ2VydGlmaWNhdGUgTWFzdGVyMR0wGwYJKoZIhvcNAQkBFg5u
Z3BzQHBvc3QxLmNvbQIBAjAJBgUrDgMCGgUAoIHYMBgGCSqGSIb3DQEJAzELBgkq
hkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEzMDcxNTE1MDkzN1owIwYJKoZIhvcN
AQkEMRYEFI/KcwJXhIg0bRzYLfAtDhxRMzghMHkGCSqGSIb3DQEJDzFsMGowCwYJ
YIZIAWUDBAEqMAsGCWCGSAFlAwQBFjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcw
DgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3
DQMCAgEoMA0GCSqGSIb3DQEBAQUABEAPrw12PT+5T9kftixVi+MzE/SLZnOJqw9x
2q1YcztjY4drOJi6CH8bHOlfb1nXr/mBQuijLA5wFl22PDGTrlZ5

实际上是来自demo/smime/ test.py的M2Crypto(0.21.1)sign函数生成的不透明的S / MIME签名(未加密)消息opaque.p7。数据显然包含消息,它可以显示为例如作者:openssl smime -verify -noverify -in opaque.p7

不幸的是,当我想要获取数据时:

p7, data = M2Crypto.SMIME.smime_load_pkcs7('opaque.p7')

不幸的是,dataNone。这只是不透明的S / MIME变体的一个问题,因为同样适用于clear.p7

我想这可能是一些兼容性问题,我的OpenSSL版本是1.0.1e(Debian Wheezy)..我想知道是否有人让它工作。

更新

以下是修改后的test.py(原始here)的输出,为了证明清除和不透明的S / MIME消息,M2Crypto正确提取签名者证书,但不提取不透明SMIME中的数据:

test encrypt/decrypt... ok
test sign & save... ok
test load & verify opaque... ok
  DATA: ''
  SIGNERS: ['C=AU, ST=Some-State, O=Internet Widgits Pty Ltd']
test load & verify clear... ok
  DATA: 'actual message'
  SIGNERS: ['C=AU, ST=Some-State, O=Internet Widgits Pty Ltd']
test sign/verify... ok

test.py已修补,因为它在很多地方失败了..

--- M2Crypto-0.21.1.orig/demo/smime/test.py 2011-01-15 20:10:06.000000000 +0100
+++ M2Crypto-0.21.1/demo/smime/test.py  2013-07-16 16:37:57.224845942 +0200
@@ -6,18 +6,7 @@

 from M2Crypto import BIO, Rand, SMIME, X509

-ptxt = """
-S/MIME - Secure Multipurpose Internet Mail Extensions [RFC 2311, RFC 2312] - 
-provides a consistent way to send and receive secure MIME data. Based on the
-popular Internet MIME standard, S/MIME provides the following cryptographic
-security services for electronic messaging applications - authentication,
-message integrity and non-repudiation of origin (using digital signatures)
-and privacy and data security (using encryption).
-
-S/MIME is built on the PKCS #7 standard. [PKCS7]
-
-S/MIME is implemented in Netscape Messenger and Microsoft Outlook.
-"""
+ptxt = 'actual message'

 def makebuf():
     buf = BIO.MemoryBuffer(ptxt)
@@ -27,14 +16,14 @@
     print 'test sign & save...',
     buf = makebuf()
     s = SMIME.SMIME()
-    s.load_key('client.pem')
-    p7 = s.sign(buf)
+    s.load_key('client_.pem')
+    p7 = s.sign(buf, flags=SMIME.PKCS7_DETACHED)
     out = BIO.openfile('clear.p7', 'w')
     out.write('To: ngps@post1.com\n')
     out.write('From: ngps@post1.com\n')
     out.write('Subject: testing\n')
     buf = makebuf() # Recreate buf, because sign() has consumed it.
-    s.write(out, p7, buf)
+    s.write(out, p7, buf, flags=SMIME.PKCS7_DETACHED)
     out.close()

     buf = makebuf()
@@ -50,36 +39,42 @@
 def verify_clear():
     print 'test load & verify clear...',
     s = SMIME.SMIME()
-    x509 = X509.load_cert('client.pem')
+    x509 = X509.load_cert('client_.pem')
     sk = X509.X509_Stack()
     sk.push(x509)
     s.set_x509_stack(sk)
     st = X509.X509_Store()
-    st.load_info('ca.pem')
+    st.load_info('client_.pem')
     s.set_x509_store(st)
     p7, data = SMIME.smime_load_pkcs7('clear.p7')
-    v = s.verify(p7)
-    if v:
+    data_s = data.read() if isinstance(data, BIO.BIO) else ''
+    v = s.verify(p7, BIO.MemoryBuffer(data_s))
+    if v and (v == ptxt):
         print 'ok'
     else:
         print 'not ok'
+    print '  DATA: %r' % (data_s,)
+    print '  SIGNERS: %r' % ([ x.get_subject().as_text() for x in p7.get0_signers(sk)],)

 def verify_opaque():
     print 'test load & verify opaque...',
     s = SMIME.SMIME()
-    x509 = X509.load_cert('client.pem')
+    x509 = X509.load_cert('client_.pem')
     sk = X509.X509_Stack()
     sk.push(x509)
     s.set_x509_stack(sk)
     st = X509.X509_Store()
-    st.load_info('ca.pem')
+    st.load_info('client_.pem')
     s.set_x509_store(st)
     p7, data = SMIME.smime_load_pkcs7('opaque.p7')
-    v = s.verify(p7, data)
-    if v:
+    data_s = data.read() if isinstance(data, BIO.BIO) else ''
+    v = s.verify(p7, makebuf()) # here we are verify against ptxt, since we get no data
+    if v and (v == ptxt):
         print 'ok'
     else:
         print 'not ok'
+    print '  DATA: %r' % (data_s,)
+    print '  SIGNERS: %r' % ([ x.get_subject().as_text() for x in p7.get0_signers(sk)],)

 def verify_netscape():
     print 'test load & verify netscape messager output...',
@@ -102,31 +97,32 @@
     s = SMIME.SMIME()

     # Load a private key.
-    s.load_key('client.pem')
+    s.load_key('client_.pem')

     # Sign.
-    p7 = s.sign(buf)
+    p7 = s.sign(buf, flags=SMIME.PKCS7_DETACHED)

     # Output the stuff.
+    buf = makebuf()
     bio = BIO.MemoryBuffer()
-    s.write(bio, p7, buf)
+    s.write(bio, p7, buf, flags=SMIME.PKCS7_DETACHED)

     # Plumbing for verification: CA's cert.
     st = X509.X509_Store()
-    st.load_info('ca.pem')
+    st.load_info('client_.pem')
     s.set_x509_store(st)

     # Plumbing for verification: Signer's cert.
-    x509 = X509.load_cert('client.pem')
+    x509 = X509.load_cert('client_.pem')
     sk = X509.X509_Stack()
     sk.push(x509)
     s.set_x509_stack(sk)

     # Verify.
     p7, buf = SMIME.smime_load_pkcs7_bio(bio)
-    v = s.verify(p7, flags=SMIME.PKCS7_DETACHED)
-    
-    if v:
+    v = s.verify(p7, buf, flags=SMIME.PKCS7_DETACHED)
+
+    if v and (v == ptxt):
         print 'ok'
     else:
         print 'not ok'

client.pem包含过期的证书,因此它使用的是由openssl req -new -x509 -newkey rsa -nodes -keyout client_.pem -out client_.pem生成的自签名client_.pem

(请注意, test load& verify opaque testcase假装成功,因为验证步骤已更改为针对原始已知文本进行验证)

1 个答案:

答案 0 :(得分:1)

我认为这里的主要误解是,对于“multipart/signed”以外的MIME类型,smime_load_pkcs7() 意味着返回None在元组的第二部分中,SMIME.SMIME.verify() 意味着None作为其第二个参数。

当您致电s.verify(a, b)时,并不意味着“验证a中的签名是否与消息b匹配”,这意味着“验证PKCS7结构{{1}如果xIM9存储和堆栈在SMIME对象a上,则有一个有效的签名。哦,如果s有一条分离的消息,你可以在a中找到消息部分。“

如果您想修复b功能,请完全删除verify_opaque()内容,然后重新拨打原始data_s电话。如果s.verify(p7, data),则原始邮件的提取按预期进行验证签名。如果您仍想打印“DATA:”行,请使用v == ptxt代替v

如果您的问题是如何从任意不透明的签名邮件中获取原始邮件数据,那么您似乎需要获得有效的data_s上下文M2Crypto.SMIME.SMIME并致电s用它!这不是我以前需要做的操作,所以我可能会遗漏一些简单的API,但据我所知,M2Crypto不会暴露任何更简单的方法。至少,如果您没有要检查的有效证书集,或者您不关心,您可以将s.verify()标记传递给PKCS7_NOVERIFY,就像使用openssl一样cmdline工具。