TOTAL Passing: 78 Failing: 194

Implemenation

RFC

Section

Feature

Passes

CMSExample

Senders

Receivers

Microsoft

VanDyke (V)

Deming

Baltimore

VDA Comments

2630

Passing: 45 Failing: 51

Note1: "N/A" signifies that crypto library used by SFL or application that calls SFL is responsible for implementing N/A-designated feature.

3. General Syntax

Note 2: VDA developed sample objects that illustrate each SFL-supported feature. The file name for the test object is included in this column.

Generate ContentInfo w/ data content

FAIL

5.1

2

YY

Y

Y

Generate ContentInfo w/ signed-data content

PASS

5.4

3

2

VDMMV

VD

M

MV

Generate ContentInfo w/ enveloped-data content

PASS

6.1

3

2

VDMMV

VD

M

MV

Generate ContentInfo w/ digested-data content

FAIL

1

Y

Y

SFL does not support

Generate ContentInfo w/ encrypted-data content

FAIL

2

YY

Y

Y

dataRfc2630.d/3_CIEncryptedData.bin

Generate ContentInfo w/ authenticated-data content

FAIL

1

Y

Y

SFL does not support

SignedAttributes are internally DER encoded on emission

PASS

5.4

1

YY

Y

Y

BOOLEAN

Authenticated Attributes are internally DER encoded on emission

FAIL

BOOLEAN

SFL does not support

4. Data Content Type

5. Signed-Data Content Type

5.1 SignedData Type

Generate id-data content - Verify version=1

PASS

5.1

3

2

DVMMV

DV

M

MV

Generate non-id-data content - Verify version=3

PASS

11.2.signedReceipt

2

2

VM

V

M

Generate w/ certs

PASS

5.1

3

2

VDMMV

VD

M

MV

SignedData w/ CRLs

FAIL

4.5

1

1

M

M

Generate w/ attribute certificate

FAIL

2

YY

Y

Y

SFL supports, but not yet tested

5.2 EncapsulatedContentInfo

Generate w/ encapsulated content

PASS

5.4

3

2

DVMM

DV

M

M

Generate w/ detached content

PASS

5.3

3

2

DVMM

DV

M

M

Generate w/ data content

PASS

5.4

3

2

DVMM

DV

M

M

Generate w/ non-data content

PASS

11.2.signedReceipt

2

2

VM

V

M

Degenerate message w/ data content type and no content

FAIL

2

YY

Y

Y

SFL supports

5.3 Signed Data

Generate Issuer/Serial SID

PASS

5.3

3

2

DVMMV

DV

M

MV

Generate SKI SID

PASS

5.7

2

2

VM

V

M

Generate w/o AuthAttrs

PASS

5.1

2

2

VM

V

M

Generate w/ AuthAttrs

PASS

5.4.CSSD

3

2

DVMMV

DV

M

MV

Message Digest algorithm(s) in the digestAlgorithm field

PASS

5.1

3

2

DVMMV

DV

M

MV

signedAttributes present for non id-data content

PASS

11.2.signedReceipt

2

YY

Y

Y

BOOLEAN

SignedAttribute is DER encoded

PASS

5.4.CSSD

3

2

DVMMV

DV

M

MV

signedAttributes includes content-type and message-digest

PASS

5.4.CSSD

3

2

DVMMV

DV

M

MV

Unsigned Attributes present

PASS

5.4.CSSD

2

2

VM

V

M

5.4 Message Digest Calculation

id-data, no Attrs

PASS

5.1

2

2

VM

V

M

id-data, auth attrs

PASS

5.4.CSSD

3

2

DVM

DV

M

non-id-data

PASS

11.2.signedReceipt

2

2

VM

V

M

5.5 Message Signature Generation Process

5.6 Message Siganture Verification process

Verify Signature on message (3 flavors)

FAIL

CMS_Examples.d/5.1.bin, 5.3.bin, 5.4.CSSD.bin

1

1

M

M

BOOLEAN

Check Message digest againist Auth Attr

PASS

CMS_Examples.d/5.1.bin, 5.3.bin, 5.4.CSSD.bin

2

YY

Y

Y

BOOLEAN

6 Enveloped-data ContentType

6.1 EnvelopedData Type

EnvelopedData w/ unprotected attributes

FAIL

1

Y

Y

SFL supports, but not yet tested

EnvelopedData w/ CRLs in originator info

FAIL

6.2

1

Y

Y

EnvelopedData w/ X509 certs in orginator info

FAIL

6.2

1

1

M

M

EnvelopedData w/ Attribute certs in orginator info

FAIL

1

Y

Y

SFL supports, but not yet tested

EnvelopedData w/ all recipInfos of a version 0

PASS

6.2

3

2

DVM

DV

M

EnvelopedData w/o all recipInfos of a version 0

PASS

6.1

2

2

VM

V

M

EnvelopedData w/ encryptedContent

PASS

6.1

3

2

DVM

DV

M

EnvelopedData w/o encryptedContent

FAIL

SFL supports, but not yet tested

6.2 RecipientInfo Type

An example of each RecipientInfo in a single message

FAIL

ExInterop6.2.bin

1

Y

Y

6.2.1 KeyTransRecipientInfo Type

Generate Issuer/Serial RID

PASS

6.2

3

2

DVM

DV

M

Generate SKI RID

FAIL

1

2

VY

V

Y

SFL supports, but yet tested

6.2.2 KeyAgreeRecipientInfo Type

Generate Issuer/Serial RID

FAIL

1

1

M

M

CMS_Examples.d/6.1.bin

Generate SKI RID

PASS

2

2

VM

V

M

SFL supports, but not yet tested

Generate SKI RID w/Date & other

FAIL

2

YY

Y

Y

SFL supports, but not yet tested

Generate w/o UKM

PASS

2

2

VM

V

M

SFL supports decrypting; adding ability to generate.

Generate w/UKM

PASS

2

2

VM

V

M

CMS_Examples.d/6.1.bin

Generate 2 recipients w/ common UKM & params

FAIL

1

1

M

M

CMS_Examples.d/ExInterop6.4.bin

Generate 2 recipients w/o common UKM

PASS

2

2

VM

V

M

CMS_Examples.d/ExInterop6.4.bin

ID Originator key by Issuer/serial

FAIL

2

YY

Y

Y

CMS_Examples.d/6.1.bin

ID Originator key by SKI

FAIL

1

2

VY

V

Y

SFL supports, but not yet tested.

ID Originator key by PublicKey

FAIL

1

2

VY

V

Y

CMS_Examples.d/ExInterop6.4.bin (ESDH)

6.2.3 KEKRecipientInfo Type

Generate KEK w/o date & other

PASS

2

2

VM

V

M

CMS_Examples.d/6.7_NOKEKDate.bin

Generate KEK w/date & other

FAIL

2

YY

Y

Y

CMS_Examples.d/6.7.bin

6.3 Content-encrpytion Process

Generate w/correct padding

PASS

3

2

DVM

DV

M

CMS_Examples.d/6.1.bin

Fail read w/incorrect padding

PASS

2

YY

Y

Y

BOOLEAN

SFL supports

6.4 Key-encryption Process

7 Digested-data

SFL does not support

Generate id-data

FAIL

" " " "

Generate non-id-data

FAIL

" " " "

Generate w/ encapsulated content

FAIL

" " " "

Generate w/o encapulated content

FAIL

" " " "

8 Encrypted-data Content Type

Generate w/o Unprotected Attrs

FAIL

1

Y

Y

ExInteropEncryptedData.bin

Generate w/ Unprotected Attrs

FAIL

1

Y

Y

ExInteropEncryptedDataAttrs.bin

Generate w/ encapsulated content

FAIL

1

Y

Y

SFL supports

Generate w/o encapsulated content

FAIL

1

Y

Y

SFL supports, but not yet tested

9 Authenticated-data Content Type

SFL does not support

9.1AuthenticatedDataType

" " " "

Generate Key Transport recipient

FAIL

" " " "

Generate Key Agree recipient

FAIL

" " " "

Generate KEK recipient

FAIL

" " " "

OriginatorInfo w/ Certificates

FAIL

" " " "

OriginatorInfo w/ CRLs

FAIL

" " " "

OriginatorInfo w/ Attr Certs

FAIL

" " " "

AuthenticatedData w/ encapsulated content

FAIL

" " " "

AuthenticatedData w/o encapsulated content

FAIL

" " " "

authenticatedAttributes requires content-type and message-digest

FAIL

" " " "

authenticatedAttribute is DER encoded

FAIL

" " " "

AuthenticatedData w/ unauthenticated attributes

FAIL

" " " "

9.2 MAC Generation

" " " "

Data w/o Auth Attrs

FAIL

" " " "

Data w/ Auth Attrs

FAIL

" " " "

Non-Data

FAIL

" " " "

9.3 MAC Verification

" " " "

Read w/ bad digest value

FAIL

" " " "

11 Useful Attributes

11.1 Content Type

Message w/Content type attribute

PASS

3

2

DVMMV

DV

M

MV

CMS_Examples.d/5.4.CSSD.bin

11.2 Message Digest Attribute

Message w/message digest attr

PASS

3

2

DVMMV

DV

M

MV

CMS_Examples.d/5.4.CSSD.bin

11.3 Signing Time

Message w/ signing time - YY > 50

PASS

3

2

DVMMV

DV

M

MV

ExInterop_SigningTime2.bin

Signing time YY < 50

FAIL

1

Y

Y

ExInterop_SigningTime1.bin