|
|
TOTAL
Passing: 78 Failing: 194 |
|
|
|
|
|
Implemenation |
|
|
|
| RFC |
Section |
Feature |
Passes |
CMSExample |
Senders |
Receivers |
|
Microsoft |
VanDyke (V) |
Deming |
Baltimore |
|
|
VDA Comments |
| 2630 |
|
Passing:
45 Failing: 51 |
|
|
|
|
|
|
|
|
|
|
|
Note1: "N/A" signifies that crypto
library used by SFL or application that calls SFL is responsible
for implementing N/A-designated feature. |
|
3. General Syntax |
|
|
|
|
|
|
|
|
|
|
|
Note
2: VDA developed sample objects that illustrate
each SFL-supported feature. The file
name for the test object is included in this column. |
|
|
Generate ContentInfo w/ data content |
FAIL |
5.1 |
|
2 |
YY |
Y |
Y |
|
|
|
|
|
|
|
Generate ContentInfo w/ signed-data content |
PASS |
5.4 |
3
|
2 |
VDMMV |
VD |
M |
MV |
|
|
|
|
|
|
Generate ContentInfo w/ enveloped-data content |
PASS |
6.1 |
3
|
2 |
VDMMV |
VD |
M |
MV |
|
|
|
|
|
|
Generate ContentInfo w/ digested-data content |
FAIL |
|
|
1 |
Y |
Y |
|
|
|
|
|
SFL does not support |
|
|
Generate ContentInfo w/ encrypted-data content |
FAIL |
|
|
2 |
YY |
Y |
Y |
|
|
|
|
dataRfc2630.d/3_CIEncryptedData.bin |
|
|
Generate ContentInfo w/ authenticated-data content |
FAIL |
|
|
1 |
Y |
Y |
|
|
|
|
|
SFL does not support |
|
|
SignedAttributes are internally DER encoded on
emission |
PASS |
5.4 |
|
1 |
YY |
|
Y |
Y |
|
BOOLEAN |
|
|
|
Authenticated Attributes are internally DER encoded on
emission |
FAIL |
|
|
|
|
|
|
|
|
BOOLEAN |
SFL does not support |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4. Data Content Type |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5. Signed-Data Content Type |
|
|
|
|
|
|
|
|
|
|
|
|
|
5.1 SignedData Type |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Generate id-data content - Verify version=1 |
PASS |
5.1 |
3
|
2 |
DVMMV |
DV |
M |
MV |
|
|
|
|
|
|
Generate non-id-data content - Verify version=3 |
PASS |
11.2.signedReceipt |
2
|
2 |
VM |
V |
M |
|
|
|
|
|
|
|
Generate w/ certs |
PASS |
5.1 |
3
|
2 |
VDMMV |
VD |
M |
MV |
|
|
|
|
|
|
SignedData w/ CRLs |
FAIL |
4.5 |
1
|
1 |
M |
|
M |
|
|
|
|
|
|
|
Generate w/ attribute certificate |
FAIL |
|
|
2 |
YY |
Y |
Y |
|
|
|
|
SFL supports, but not yet tested |
|
5.2 EncapsulatedContentInfo |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Generate w/ encapsulated content |
PASS |
5.4 |
3
|
2 |
DVMM |
DV |
M |
M |
|
|
|
|
|
|
Generate w/ detached content |
PASS |
5.3 |
3
|
2 |
DVMM |
DV |
M |
M |
|
|
|
|
|
|
Generate w/ data content |
PASS |
5.4 |
3
|
2 |
DVMM |
DV |
M |
M |
|
|
|
|
|
|
Generate w/ non-data content |
PASS |
11.2.signedReceipt |
2
|
2 |
VM |
V |
M |
|
|
|
|
|
|
|
Degenerate message w/ data content type and no
content |
FAIL |
|
|
2 |
YY |
Y |
Y |
|
|
|
|
SFL supports |
|
5.3
Signed Data |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Generate Issuer/Serial SID |
PASS |
5.3 |
3
|
2 |
DVMMV |
DV |
M |
MV |
|
|
|
|
|
|
Generate SKI SID |
PASS |
5.7 |
2
|
2 |
VM |
V |
M |
|
|
|
|
|
|
|
Generate w/o AuthAttrs |
PASS |
5.1 |
2
|
2 |
VM |
V |
M |
|
|
|
|
|
|
|
Generate w/ AuthAttrs |
PASS |
5.4.CSSD |
3
|
2 |
DVMMV |
DV |
M |
MV |
|
|
|
|
|
|
Message Digest algorithm(s) in the
digestAlgorithm field |
PASS |
5.1 |
3
|
2 |
DVMMV |
DV |
M |
MV |
|
|
|
|
|
|
signedAttributes present for non id-data content |
PASS |
11.2.signedReceipt |
|
2 |
YY |
Y |
Y |
|
|
BOOLEAN |
|
|
|
SignedAttribute is DER encoded |
PASS |
5.4.CSSD |
3
|
2 |
DVMMV |
DV |
M |
MV |
|
|
|
|
|
|
signedAttributes includes content-type and
message-digest |
PASS |
5.4.CSSD |
3
|
2 |
DVMMV |
DV |
M |
MV |
|
|
|
|
|
|
Unsigned Attributes present |
PASS |
5.4.CSSD |
2
|
2 |
VM |
V |
M |
|
|
|
|
|
|
5.4 Message Digest Calculation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
id-data, no Attrs |
PASS |
5.1 |
2
|
2 |
VM |
V |
M |
|
|
|
|
|
|
|
id-data, auth attrs |
PASS |
5.4.CSSD |
3
|
2 |
DVM |
DV |
M |
|
|
|
|
|
|
|
non-id-data |
PASS |
11.2.signedReceipt |
2
|
2 |
VM |
V |
M |
|
|
|
|
|
|
5.5 Message Signature Generation Process |
|
|
|
|
|
|
|
|
|
|
|
|
|
5.6 Message Siganture Verification process |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Verify Signature on message (3 flavors) |
FAIL |
CMS_Examples.d/5.1.bin,
5.3.bin, 5.4.CSSD.bin |
1
|
1 |
M |
|
M |
|
|
BOOLEAN |
|
|
|
Check Message digest againist Auth Attr |
PASS |
CMS_Examples.d/5.1.bin,
5.3.bin, 5.4.CSSD.bin |
|
2 |
YY |
Y |
Y |
|
|
BOOLEAN |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6 Enveloped-data ContentType |
|
|
|
|
|
|
|
|
|
|
|
|
|
6.1 EnvelopedData Type |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
EnvelopedData w/ unprotected attributes |
FAIL |
|
|
1 |
Y |
|
Y |
|
|
|
|
SFL supports, but not yet tested |
|
|
EnvelopedData w/ CRLs in originator info |
FAIL |
6.2 |
|
1 |
Y |
|
Y |
|
|
|
|
|
|
|
EnvelopedData w/ X509 certs in orginator info |
FAIL |
6.2 |
1
|
1 |
M |
|
M |
|
|
|
|
|
|
|
EnvelopedData w/ Attribute certs in orginator info |
FAIL |
|
|
1 |
Y |
|
Y |
|
|
|
|
SFL supports, but not yet tested |
|
|
EnvelopedData w/ all recipInfos of a version 0 |
PASS |
6.2 |
3
|
2 |
DVM |
DV |
M |
|
|
|
|
|
|
|
EnvelopedData w/o all recipInfos of a version 0 |
PASS |
6.1 |
2
|
2 |
VM |
V |
M |
|
|
|
|
|
|
|
EnvelopedData w/ encryptedContent |
PASS |
6.1 |
3
|
2 |
DVM |
DV |
M |
|
|
|
|
|
|
|
EnvelopedData w/o encryptedContent |
FAIL |
|
|
|
|
|
|
|
|
|
|
SFL supports, but not yet tested |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6.2 RecipientInfo Type |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
An example of each RecipientInfo in a single message |
FAIL |
ExInterop6.2.bin |
|
1 |
Y |
|
Y |
|
|
|
|
|
|
6.2.1 KeyTransRecipientInfo Type |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Generate Issuer/Serial RID |
PASS |
6.2 |
3
|
2 |
DVM |
DV |
M |
|
|
|
|
|
|
|
Generate SKI RID |
FAIL |
|
1
|
2 |
VY |
V |
Y |
|
|
|
|
SFL supports, but yet tested |
|
6.2.2 KeyAgreeRecipientInfo Type |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Generate Issuer/Serial RID |
FAIL |
|
1
|
1 |
M |
|
M |
|
|
|
|
CMS_Examples.d/6.1.bin |
|
|
Generate SKI RID |
PASS |
|
2
|
2 |
VM |
V |
M |
|
|
|
|
SFL supports, but not yet tested |
|
|
Generate SKI RID w/Date & other |
FAIL |
|
|
2 |
YY |
Y |
Y |
|
|
|
|
SFL supports, but not yet tested |
|
|
Generate w/o UKM |
PASS |
|
2
|
2 |
VM |
V |
M |
|
|
|
|
SFL supports decrypting; adding ability to generate. |
|
|
Generate w/UKM |
PASS |
|
2
|
2 |
VM |
V |
M |
|
|
|
|
CMS_Examples.d/6.1.bin |
|
|
Generate 2 recipients w/ common UKM & params |
FAIL |
|
1
|
1 |
M |
|
M |
|
|
|
|
CMS_Examples.d/ExInterop6.4.bin |
|
|
Generate 2 recipients w/o common UKM |
PASS |
|
2
|
2 |
VM |
V |
M |
|
|
|
|
CMS_Examples.d/ExInterop6.4.bin |
|
|
ID Originator key by Issuer/serial |
FAIL |
|
|
2 |
YY |
Y |
Y |
|
|
|
|
CMS_Examples.d/6.1.bin |
|
|
ID Originator key by SKI |
FAIL |
|
1
|
2 |
VY |
V |
Y |
|
|
|
|
SFL supports, but not yet tested. |
|
|
ID Originator key by PublicKey |
FAIL |
|
1
|
2 |
VY |
V |
Y |
|
|
|
|
CMS_Examples.d/ExInterop6.4.bin (ESDH) |
|
6.2.3 KEKRecipientInfo Type |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Generate KEK w/o date & other |
PASS |
|
2
|
2 |
VM |
V |
M |
|
|
|
|
CMS_Examples.d/6.7_NOKEKDate.bin |
|
|
Generate KEK w/date & other |
FAIL |
|
|
2 |
YY |
Y |
Y |
|
|
|
|
CMS_Examples.d/6.7.bin |
|
6.3 Content-encrpytion Process |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Generate w/correct padding |
PASS |
|
3
|
2 |
DVM |
DV |
M |
|
|
|
|
CMS_Examples.d/6.1.bin |
|
|
Fail read w/incorrect padding |
PASS |
|
|
2 |
YY |
Y |
Y |
|
|
BOOLEAN |
SFL supports |
|
6.4 Key-encryption Process |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7 Digested-data |
|
|
|
|
|
|
|
|
|
|
|
SFL does not support |
|
|
Generate id-data |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
Generate non-id-data |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
Generate w/ encapsulated content |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
Generate w/o encapulated content |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8 Encrypted-data Content Type |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Generate w/o Unprotected Attrs |
FAIL |
|
|
1 |
Y |
|
Y |
|
|
|
|
ExInteropEncryptedData.bin |
|
|
Generate w/ Unprotected Attrs |
FAIL |
|
|
1 |
Y |
|
Y |
|
|
|
|
ExInteropEncryptedDataAttrs.bin |
|
|
Generate w/ encapsulated content |
FAIL |
|
|
1 |
Y |
|
Y |
|
|
|
|
SFL supports |
|
|
Generate w/o encapsulated content |
FAIL |
|
|
1 |
Y |
|
Y |
|
|
|
|
SFL supports, but not yet tested |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9 Authenticated-data Content Type |
|
|
|
|
|
|
|
|
|
|
|
SFL does not support |
|
9.1AuthenticatedDataType |
|
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
Generate Key Transport recipient |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
Generate Key Agree recipient |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
Generate KEK recipient |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
OriginatorInfo w/ Certificates |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
OriginatorInfo w/ CRLs |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
OriginatorInfo w/ Attr Certs |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
AuthenticatedData w/ encapsulated content |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
AuthenticatedData w/o encapsulated content |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
authenticatedAttributes requires content-type and
message-digest |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
authenticatedAttribute is DER encoded |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
AuthenticatedData w/ unauthenticated attributes |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
9.2 MAC Generation |
|
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
Data w/o Auth Attrs |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
Data w/ Auth Attrs |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
Non-Data |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
9.3 MAC Verification |
|
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
Read w/ bad digest value |
FAIL |
|
|
|
|
|
|
|
|
|
|
" " "
" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
11 Useful Attributes |
|
|
|
|
|
|
|
|
|
|
|
|
|
11.1 Content Type |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Message w/Content type attribute |
PASS |
|
3
|
2 |
DVMMV |
DV |
M |
MV |
|
|
|
CMS_Examples.d/5.4.CSSD.bin |
|
11.2 Message Digest Attribute |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Message w/message digest attr |
PASS |
|
3
|
2 |
DVMMV |
DV |
M |
MV |
|
|
|
CMS_Examples.d/5.4.CSSD.bin |
|
11.3 Signing Time |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Message w/ signing time - YY > 50 |
PASS |
|
3
|
2 |
DVMMV |
DV |
M |
MV |
|
|
|
ExInterop_SigningTime2.bin |
|
|
Signing time YY < 50 |
FAIL |
|
|
1 |
Y |
|
Y |
|
|
|
|
ExInterop_SigningTime1.bin |