sscep should support EC keys by using CMS instead of PKCS#7

[bjanders]

I tried to enroll EC keys from NDES, but get the error:

./sscep: cannot read inner PKCS#7
140544891217216:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:../crypto/asn1/tasn_dec.c:1149:
140544891217216:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:309:Type=PKCS7_RECIP_INFO
140544891217216:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:614:Field=recipientinfo, Type=PKCS7_ENVELOPE
140544891217216:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:646:
140544891217216:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:496:Field=d.enveloped, Type=PKCS7
./sscep: sending certificate request
./sscep: valid response from server
./sscep: reply transaction id: 02F10BF97571D8DECFF27F80E49C8F5D
./sscep: pkistatus: SUCCESS

I suspect it would work if sscep used OpenSSL CMS routines instead of PKCS#7.

I initially thought it was a bug in OpenSSL, so I filed a bug openssl/openssl#24685. But according to the explanation I received:

The OpenSSL pkcs7 app implements the original PKCS7 as defined in RFC2315. The original PKCS7 supports key transport (which RSA uses), but does not have support for key agreement (which EC keys use). IETF subsequently developed CMS (the latest version of which is in RFC5652). CMS is largely backwards compatible with PKCS7, but some changes were made. So you can take a pkcs7 structure and read it as CMS. The reverse is not (necessarily) true.

If I understand it correctly, then it might be possible that using CMS instead of PKCS#7 could work for both RSA and EC keys.

[Borgquite]

Same issue here, when trying to enroll on a FortiOS device (which may use SSCEP). According to the bug report above. could the OpenSSL 'cms' app be a drop-in replacement for 'pkcs7', allowing ECDSA certificate support?

CMS is largely backwards compatible with PKCS7, but some changes were made. So you can take a pkcs7 structure and read it as CMS... The OpenSSL cms app implements cms and can be used to read your pkcs7_ec.bin file

https://community.fortinet.com/t5/Support-Forum/FortiGate-Certificate-enrollment-using-SCEP-with-elliptic-curve/m-p/347233

[bjanders]

It should be (or is) fairly easy to change pkcs7 to openssl cms in the code. I already did most of it, so that I got it working for my use case. There is still some operation that I did not change yet (that I don't need). If I would have done all of it, I would issue a pull request. Unfortunately, I don't have time to complete it all right now.

@Borgquite, I could add my fork to github, and maybe that would be sufficient for you as well.

[bjanders]

Here's a fork that works with EC and RSA certs in my own testing for the operations I needed: https://github.com/bjanders/sscep-cms/tree/cms

The Get Next CA operation will not work, and will make sscep crash. Fixing this should, however, be fairly trivial.

[Borgquite]

@bjanders Love your work! It's great to know that it's possible. As mentioned - I need a downstream project (FortiOS) to pick this up which I guess would be tricky without full support - if you did get a chance at a later date, to finish it off & do a pull, I wouldn't be the only one to benefit :)