OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Dr.
Stephen Henson
Root: /v/openssl/cvs Email: steve openssl.org
Module: openssl Date:
14-Mar-2008 14:21:49
Branch: HEAD Handle:
2008031413214701
Modified files:
openssl/apps cms.c
openssl/crypto/cms cms.h cms_enc.c cms_err.c
cms_lcl.h cms_lib.c
cms_smime.c
openssl/test runex.pl
Log:
Encrypted Data type processing. Add options to cms
utility and run section 7
tests in RFC4134.
Summary:
Revision Changes Path
1.2 +27 -0 openssl/apps/cms.c
1.3 +10 -0 openssl/crypto/cms/cms.h
1.2 +12 -11 openssl/crypto/cms/cms_enc.c
1.3 +3 -0 openssl/crypto/cms/cms_err.c
1.3 +6 -0 openssl/crypto/cms/cms_lcl.h
1.2 +5 -1 openssl/crypto/cms/cms_lib.c
1.2 +34 -0 openssl/crypto/cms/cms_smime.c
1.3 +34 -2 openssl/test/runex.pl
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/apps/cms.c
============================================================
================
$ cvs diff -u -r1.1 -r1.2 cms.c
--- openssl/apps/cms.c 12 Mar 2008 21:14:17 -0000 1.1
+++ openssl/apps/cms.c 14 Mar 2008 13:21:47 -0000 1.2
-86,6 +86,7
#define SMIME_DIGEST_CREATE (10 | SMIME_OP)
#define SMIME_UNCOMPRESS (11 | SMIME_IP)
#define SMIME_COMPRESS (12 | SMIME_OP)
+#define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
int MAIN(int, char **);
-121,6 +122,8
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
+ unsigned char *secret_key = NULL;
+ size_t secret_keylen;
X509_VERIFY_PARAM *vpm = NULL;
-164,6 +167,8
operation = SMIME_COMPRESS;
else if (!strcmp (*args, "-uncompress"))
operation = SMIME_UNCOMPRESS;
+ else if (!strcmp (*args,
"-EncrypedData_decrypt"))
+ operation = SMIME_ENCRYPTED_DECRYPT;
#ifndef OPENSSL_NO_DES
else if (!strcmp (*args, "-des3"))
cipher = EVP_des_ede3_cbc();
-233,6 +238,20
flags |= CMS_NOOLDMIMETYPE;
else if (!strcmp (*args, "-crlfeol"))
flags |= CMS_CRLFEOL;
+ else if (!strcmp(*args,"-secretkey"))
+ {
+ long ltmp;
+ if (!args[1])
+ goto argerr;
+ args++;
+ secret_key = string_to_hex(*args, <mp);
+ if (!secret_key)
+ {
+ BIO_printf(bio_err, "Invalid key %sn",
*args);
+ goto argerr;
+ }
+ secret_keylen = (size_t)ltmp;
+ }
else if (!strcmp(*args,"-rand"))
{
if (!args[1])
-810,6 +829,12
goto end;
}
}
+ else if (operation == SMIME_ENCRYPTED_DECRYPT)
+ {
+ if (!CMS_EncryptedData_decrypt(cms, secret_key,
secret_keylen,
+ indata, out, flags))
+ goto end;
+ }
else if (operation == SMIME_VERIFY)
{
if (CMS_verify(cms, other, store, indata, out, flags)
> 0)
-878,6 +903,8
sk_free(sksigners);
if (skkeys)
sk_free(skkeys);
+ if (secret_key)
+ OPENSSL_free(secret_key);
X509_STORE_free(store);
X509_free(cert);
X509_free(recip);
.
patch -p0 <<' .'
Index: openssl/crypto/cms/cms.h
============================================================
================
$ cvs diff -u -r1.2 -r1.3 cms.h
--- openssl/crypto/cms/cms.h 14 Mar 2008 00:58:42
-0000 1.2
+++ openssl/crypto/cms/cms.h 14 Mar 2008 13:21:47
-0000 1.3
-138,6 +138,13
CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD
*md,
unsigned int flags);
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
+ const unsigned char *key, size_t keylen,
+ BIO *dcont, BIO *out, unsigned int flags);
+
+int CMS_EncryptedData_set1_key(BIO *b, CMS_ContentInfo
*cms,
+ const unsigned char *key, size_t keylen);
+
int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509)
*certs,
X509_STORE *store, BIO *dcont, BIO *out, unsigned int
flags);
-255,6 +262,8
#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 112
#define CMS_F_CMS_DIGEST_VERIFY 113
#define CMS_F_CMS_ENCRYPTEDCONTENT_TO_BIO 138
+#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 140
+#define CMS_F_CMS_ENCRYPTED_DATA_DECRYPT 139
#define CMS_F_CMS_ENVELOPED_DATA_INIT 114
#define CMS_F_CMS_FINAL 115
#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 116
-315,6 +324,7
#define CMS_R_TYPE_NOT_COMPRESSED_DATA 128
#define CMS_R_TYPE_NOT_DATA 129
#define CMS_R_TYPE_NOT_DIGESTED_DATA 130
+#define CMS_R_TYPE_NOT_ENCRYPTED_DATA 142
#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 131
#define CMS_R_UNKNOWN_CIPHER 141
#define CMS_R_UNKNOWN_DIGEST_ALGORIHM 132
.
patch -p0 <<' .'
Index: openssl/crypto/cms/cms_enc.c
============================================================
================
$ cvs diff -u -r1.1 -r1.2 cms_enc.c
--- openssl/crypto/cms/cms_enc.c 14 Mar 2008 00:58:42
-0000 1.1
+++ openssl/crypto/cms/cms_enc.c 14 Mar 2008 13:21:47
-0000 1.2
-132,18 +132,11
/* Return BIO based on EncryptedContentInfo and key */
-BIO *cms_EncryptedContent_to_bio(CMS_EncryptedContentInfo
*ec,
+int cms_EncryptedContent_to_bio(BIO *b,
CMS_EncryptedContentInfo *ec,
const unsigned char *key, int keylen)
{
- BIO *b;
EVP_CIPHER_CTX *ctx;
const EVP_CIPHER *ciph;
- b = BIO_new(BIO_f_cipher());
- if (!b)
- {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_TO_BIO,
ERR_R_MALLOC_FAILURE);
- return NULL;
- }
BIO_get_cipher_ctx(b, &ctx);
ciph =
EVP_get_cipherbyobj(ec->contentEncryptionAlgorithm->al
gorithm);
-187,10 +180,18
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
}
- return b;
+ return 1;
err:
- BIO_free(b);
- return NULL;
+ return 0;
}
+int CMS_EncryptedData_set1_key(BIO *b, CMS_ContentInfo
*cms,
+ const unsigned char *key, size_t keylen)
+ {
+ CMS_EncryptedContentInfo *ec;
+ if (OBJ_obj2nid(cms->contentType) !=
NID_pkcs7_encrypted)
+ return 0;
+ ec = cms->d.encryptedData->encryptedContentInfo;
+ return cms_EncryptedContent_to_bio(b, ec, key, keylen);
+ }
.
patch -p0 <<' .'
Index: openssl/crypto/cms/cms_err.c
============================================================
================
$ cvs diff -u -r1.2 -r1.3 cms_err.c
--- openssl/crypto/cms/cms_err.c 14 Mar 2008 00:58:42
-0000 1.2
+++ openssl/crypto/cms/cms_err.c 14 Mar 2008 13:21:47
-0000 1.3
-87,6 +87,8
{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "CMS_DIGEST
EDDATA_DO_FINAL"},
{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify&
quot;},
{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_TO_BIO), "CMS_ENCR
YPTEDCONTENT_TO_BIO"},
+{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_Encry
ptedData_decrypt"},
+{ERR_FUNC(CMS_F_CMS_ENCRYPTED_DATA_DECRYPT), "CMS_ENCR
YPTED_DATA_DECRYPT"},
{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPE
D_DATA_INIT"},
{ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"},
{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET
0_CERTIFICATE_CHOICES"},
-150,6 +152,7
{ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA),"type
not compressed data"},
{ERR_REASON(CMS_R_TYPE_NOT_DATA) ,"type not
data"},
{ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA),"type not
digested data"},
+{ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA),"type not
encrypted data"},
{ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),"unable
to finalize context"},
{ERR_REASON(CMS_R_UNKNOWN_CIPHER) ,"unknown
cipher"},
{ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM),"unknown
digest algorihm"},
.
patch -p0 <<' .'
Index: openssl/crypto/cms/cms_lcl.h
============================================================
================
$ cvs diff -u -r1.2 -r1.3 cms_lcl.h
--- openssl/crypto/cms/cms_lcl.h 13 Mar 2008 00:48:59
-0000 1.2
+++ openssl/crypto/cms/cms_lcl.h 14 Mar 2008 13:21:47
-0000 1.3
-411,6 +411,12
BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR
*digestAlgorithm);
int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO
*chain,
X509_ALGOR *mdalg);
+
+int cms_bio_to_EncryptedContent(CMS_EncryptedContentInfo
*ec,
+ const unsigned char *key, int keylen,
+ BIO *b);
+int cms_EncryptedContent_to_bio(BIO *b,
CMS_EncryptedContentInfo *ec,
+ const unsigned char *key, int keylen);
#ifdef __cplusplus
}
.
patch -p0 <<' .'
Index: openssl/crypto/cms/cms_lib.c
============================================================
================
$ cvs diff -u -r1.1 -r1.2 cms_lib.c
--- openssl/crypto/cms/cms_lib.c 12 Mar 2008 21:14:21
-0000 1.1
+++ openssl/crypto/cms/cms_lib.c 14 Mar 2008 13:21:47
-0000 1.2
-139,6 +139,10
break;
#endif
+ case NID_pkcs7_encrypted:
+ cmsbio = BIO_new(BIO_f_cipher());
+ break;
+
default:
CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
return NULL;
-152,7 +156,7
return NULL;
}
-
+
int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
{
ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
.
patch -p0 <<' .'
Index: openssl/crypto/cms/cms_smime.c
============================================================
================
$ cvs diff -u -r1.1 -r1.2 cms_smime.c
--- openssl/crypto/cms/cms_smime.c 12 Mar 2008 21:14:21
-0000 1.1
+++ openssl/crypto/cms/cms_smime.c 14 Mar 2008 13:21:48
-0000 1.2
-188,6 +188,40
return NULL;
}
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
+ const unsigned char *key, size_t keylen,
+ BIO *dcont, BIO *out, unsigned int flags)
+ {
+ BIO *cont;
+ int r;
+ if (OBJ_obj2nid(CMS_get0_type(cms)) !=
NID_pkcs7_encrypted)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
+ CMS_R_TYPE_NOT_ENCRYPTED_DATA);
+ return 0;
+ }
+
+ if (!dcont)
+ {
+ ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+ if (!pos || !*pos)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
+ CMS_R_NO_CONTENT);
+ return 0;
+ }
+ }
+
+ cont = CMS_dataInit(cms, dcont);
+ if (!cont)
+ return 0;
+ r = CMS_EncryptedData_set1_key(cont, cms, key, keylen);
+ if (r)
+ r = cms_copy_content(out, cont, flags);
+ BIO_free_all(cont);
+ return r;
+ }
+
static int cms_signerinfo_verify_cert(CMS_SignerInfo
*si,
X509_STORE *store,
STACK_OF(X509) *certs,
.
patch -p0 <<' .'
Index: openssl/test/runex.pl
============================================================
================
$ cvs diff -u -r1.2 -r1.3 runex.pl
--- openssl/test/runex.pl 14 Mar 2008 00:58:43 -0000 1.2
+++ openssl/test/runex.pl 14 Mar 2008 13:21:48 -0000 1.3
-77,10 +77,12
["5.1.bin" => "encode"],
["5.2.bin" => "encode"],
["6.0.bin" => "encode, digest,
cont"],
-["7.1.bin" => "encode"],
-["7.2.bin" => "encode"]
+["7.1.bin" => "encode, encrypted,
cont"],
+["7.2.bin" => "encode, encrypted,
cont"]
);
+my $secretkey =
"73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:
cb:26:91:7a:da:32";
+
if (!-d $exdir)
{
print STDERR "FATAL ERROR: examples directory
missing!!n";
-111,6 +113,10
{
run_digest_test($exdir, $tlist, $file);
}
+ if ($tlist =~ /encrypted/)
+ {
+ run_encrypted_test($exdir, $tlist, $file, $secretkey);
+ }
}
-234,6 +240,32
}
}
+sub run_encrypted_test
+ {
+ my ($cmsdir, $tlist, $tfile, $key) = _;
+ unlink "tmp.txt";
+
+ system ("$cmscmd -EncrypedData_decrypt -inform
DER" .
+ " -secretkey $key" .
+ " -in $cmsdir/$tfile -out tmp.txt");
+
+ if ($?)
+ {
+ print "tEncrypted Data command FAILED!!n";
+ $badtest++;
+ }
+ elsif ($tlist =~ /cont/ &&
+ !cmp_files("$cmsdir/ExContent.bin",
"tmp.txt"))
+ {
+ print "tEncrypted Data content compare
FAILED!!n";
+ $badtest++;
+ }
+ else
+ {
+ print "tEncryptedData verify passedn" if
$verbose;
+ }
+ }
+
sub cmp_files
{
my ($f1, $f2) = _;
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|
