OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Dr.
Stephen Henson
Root: /v/openssl/cvs Email: steve openssl.org
Module: openssl Date:
17-Mar-2008 19:11:27
Branch: HEAD Handle:
2008031718112601
Modified files:
openssl/crypto/cms cms.h cms_env.c cms_err.c
openssl/crypto/objects obj_dat.h obj_mac.h obj_mac.num
objects.txt
Log:
Partial support for KEKRecipientInfo type.
Summary:
Revision Changes Path
1.11 +4 -0 openssl/crypto/cms/cms.h
1.6 +133 -0 openssl/crypto/cms/cms_env.c
1.9 +4 -0 openssl/crypto/cms/cms_err.c
1.111 +29 -10
openssl/crypto/objects/obj_dat.h
1.76 +13 -1
openssl/crypto/objects/obj_mac.h
1.66 +5 -1
openssl/crypto/objects/obj_mac.num
1.76 +4 -0
openssl/crypto/objects/objects.txt
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/crypto/cms/cms.h
============================================================
================
$ cvs diff -u -r1.10 -r1.11 cms.h
--- openssl/crypto/cms/cms.h 17 Mar 2008 13:38:51
-0000 1.10
+++ openssl/crypto/cms/cms.h 17 Mar 2008 18:11:26
-0000 1.11
-273,6 +273,7
/* Function codes. */
#define CMS_F_CHECK_CONTENT 151
+#define CMS_F_CMS_ADD0_RECIPIENT_KEY 157
#define CMS_F_CMS_ADD1_RECIPIENT_CERT 99
#define CMS_F_CMS_ADD1_SIGNER 100
#define CMS_F_CMS_ADD1_SIGNINGTIME 101
-314,6 +315,7
#define CMS_F_CMS_GET0_REVOCATION_CHOICES 120
#define CMS_F_CMS_GET0_SIGNED 121
#define CMS_F_CMS_RECIPIENTINFO_DECRYPT 150
+#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 158
#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 122
#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 155
#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 123
-353,6 +355,7
#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 112
#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 113
#define CMS_R_NOT_ENCRYPTED_DATA 143
+#define CMS_R_NOT_KEK 152
#define CMS_R_NOT_KEY_TRANSPORT 114
#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 115
#define CMS_R_NO_CIPHER 144
-382,6 +385,7
#define CMS_R_UNKNOWN_ID 133
#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 134
#define CMS_R_UNSUPPORTED_CONTENT_TYPE 135
+#define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153
#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 151
#define CMS_R_UNSUPPORTED_TYPE 136
#define CMS_R_VERIFICATION_FAILURE 137
.
patch -p0 <<' .'
Index: openssl/crypto/cms/cms_env.c
============================================================
================
$ cvs diff -u -r1.5 -r1.6 cms_env.c
--- openssl/crypto/cms/cms_env.c 17 Mar 2008 13:38:51
-0000 1.5
+++ openssl/crypto/cms/cms_env.c 17 Mar 2008 18:11:26
-0000 1.6
-66,6 +66,8
DECLARE_ASN1_ITEM(CMS_EnvelopedData)
DECLARE_ASN1_ITEM(CMS_RecipientInfo)
DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
DECLARE_STACK_OF(CMS_RecipientInfo)
-227,6 +229,137
}
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo
*ri,
+ X509_ALGOR **palg,
+ ASN1_OCTET_STRING **pid,
+ ASN1_GENERALIZEDTIME **pdate,
+ ASN1_OBJECT **potherid,
+ ASN1_TYPE **pothertype)
+ {
+ CMS_KEKIdentifier *rkid;
+ if (ri->type != CMS_RECIPINFO_KEK)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID,
CMS_R_NOT_KEK);
+ return 0;
+ }
+ rkid = ri->d.kekri->kekid;
+ if (palg)
+ *palg = ri->d.kekri->keyEncryptionAlgorithm;
+ if (pid)
+ *pid = rkid->keyIdentifier;
+ if (pdate)
+ *pdate = rkid->date;
+ if (potherid)
+ {
+ if (rkid->other)
+ *potherid = rkid->other->keyAttrId;
+ else
+ *potherid = NULL;
+ }
+ if (pothertype)
+ {
+ if (rkid->other)
+ *pothertype = rkid->other->keyAttr;
+ else
+ *pothertype = NULL;
+ }
+ return 1;
+ }
+
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo
*cms, int nid,
+ unsigned char *key, size_t keylen,
+ unsigned char *id, size_t idlen,
+ ASN1_GENERALIZEDTIME *date,
+ ASN1_OBJECT *otherTypeId,
+ ASN1_TYPE *otherType)
+ {
+ CMS_RecipientInfo *ri = NULL;
+ CMS_EnvelopedData *env;
+ CMS_KEKRecipientInfo *kekri;
+ size_t exp_keylen = 0;
+ env = cms_get0_enveloped(cms);
+ if (!env)
+ goto err;
+
+ /* For now hard code checks on nids */
+ switch (nid)
+ {
+ case NID_id_aes128_wrap:
+ exp_keylen = 16;
+ break;
+
+ case NID_id_aes192_wrap:
+ exp_keylen = 24;
+ break;
+
+ case NID_id_aes256_wrap:
+ exp_keylen = 32;
+ break;
+
+ default:
+ CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
+ CMS_R_UNSUPPORTED_KEK_ALGORITHM);
+ goto err;
+ }
+
+ if (exp_keylen && (keylen != exp_keylen))
+ {
+ CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
+ CMS_R_INVALID_KEY_LENGTH);
+ goto err;
+ }
+
+ /* Initialize recipient info */
+ ri = M_ASN1_new_of(CMS_RecipientInfo);
+ if (!ri)
+ goto merr;
+
+ ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
+ if (!ri->d.kekri)
+ goto merr;
+ ri->type = CMS_RECIPINFO_KEK;
+
+ kekri = ri->d.kekri;
+
+ if (otherTypeId)
+ {
+ kekri->kekid->other =
M_ASN1_new_of(CMS_OtherKeyAttribute);
+ if (kekri->kekid->other == NULL)
+ goto merr;
+ }
+
+ if (!sk_CMS_RecipientInfo_push(env->recipientInfos,
ri))
+ goto merr;
+
+ /* After this point no calls can fail */
+
+ kekri->version = 4;
+
+ kekri->key = key;
+ kekri->keylen = keylen;
+
+ ASN1_STRING_set0(kekri->kekid->keyIdentifier, id,
idlen);
+
+ kekri->kekid->date = date;
+
+ kekri->kekid->other->keyAttrId = otherTypeId;
+ kekri->kekid->other->keyAttr = otherType;
+
+ X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
+ OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
+
+ return ri;
+
+ merr:
+ CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
ERR_R_MALLOC_FAILURE);
+ err:
+ if (ri)
+ M_ASN1_free_of(ri, CMS_RecipientInfo);
+ return NULL;
+
+ }
+
int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo
*ri,
EVP_PKEY **pk, X509 **recip,
X509_ALGOR **palg)
.
patch -p0 <<' .'
Index: openssl/crypto/cms/cms_err.c
============================================================
================
$ cvs diff -u -r1.8 -r1.9 cms_err.c
--- openssl/crypto/cms/cms_err.c 17 Mar 2008 13:38:51
-0000 1.8
+++ openssl/crypto/cms/cms_err.c 17 Mar 2008 18:11:26
-0000 1.9
-71,6 +71,7
static ERR_STRING_DATA CMS_str_functs[]=
{
{ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"},
+{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_ADD0_REC
IPIENT_KEY"},
{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_rec
ipient_cert"},
{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"
;},
{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNIN
GTIME"},
-112,6 +113,7
{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), "CMS_GET0
_REVOCATION_CHOICES"},
{ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"
;},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_Recipi
entInfo_decrypt"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID), "CMS
_RECIPIENTINFO_KEKRI_GET0_ID"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), "CMS_
RecipientInfo_ktri_cert_cmp"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), "CMS_R
ECIPIENTINFO_KTRI_ENCRYPT"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS
_RecipientInfo_ktri_get0_algs"},
-154,6 +156,7
{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),&quo
t;messagedigest attribute wrong length"},
{ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),"messaged
igest wrong length"},
{ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA) ,"not
encrypted data"},
+{ERR_REASON(CMS_R_NOT_KEK) ,"not
kek"},
{ERR_REASON(CMS_R_NOT_KEY_TRANSPORT) ,"not key
transport"},
{ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not
supported for this key type"},
{ERR_REASON(CMS_R_NO_CIPHER) ,"no
cipher"},
-183,6 +186,7
{ERR_REASON(CMS_R_UNKNOWN_ID) ,"unknown
id"},
{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"u
nsupported compression algorithm"},
{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupporte
d content type"},
+{ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),"unsuppor
ted kek algorithm"},
{ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsuppor
ted recipient type"},
{ERR_REASON(CMS_R_UNSUPPORTED_TYPE)
,"unsupported type"},
{ERR_REASON(CMS_R_VERIFICATION_FAILURE)
,"verification failure"},
.
patch -p0 <<' .'
Index: openssl/crypto/objects/obj_dat.h
============================================================
================
$ cvs diff -u -r1.110 -r1.111 obj_dat.h
--- openssl/crypto/objects/obj_dat.h 29 Feb 2008 14:24:52
-0000 1.110
+++ openssl/crypto/objects/obj_dat.h 17 Mar 2008 18:11:26
-0000 1.111
-62,12 +62,12
* [including the GNU Public Licence.]
*/
-#define NUM_NID 853
-#define NUM_SN 845
-#define NUM_LN 845
-#define NUM_OBJ 799
+#define NUM_NID 857
+#define NUM_SN 848
+#define NUM_LN 848
+#define NUM_OBJ 802
-static const unsigned char lvalues[5664]={
+static const unsigned char lvalues[5691]={
0x00, /* [ 0]
OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1]
OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7]
OBJ_pkcs */
-866,7 +866,10
0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5630]
OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5638]
OBJ_id_GostR3410_2001_ParamSet_cc */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/*
[5646] OBJ_id_smime_ct_compressedData */
-0x2A,0x85,0x03,0x02,0x02,0x16, /* [5657]
OBJ_id_Gost28147_89_MAC */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5657]
OBJ_id_aes128_wrap */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5666]
OBJ_id_aes192_wrap */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5675]
OBJ_id_aes256_wrap */
+0x2A,0x85,0x03,0x02,0x02,0x16, /* [5684]
OBJ_id_Gost28147_89_MAC */
};
static const ASN1_OBJECT nid_objs[NUM_NID]={
-2240,8 +2243,15
{"HMAC","hmac",NID_hmac,0,NULL,0},
{"id-smime-ct-compressedData","id-smime-ct-co
mpressedData",
NID_id_smime_ct_compressedData,11,&(lvalues[5646]),0},
-{"gost-mac","GOST 28147-89
MAC",NID_id_Gost28147_89_MAC,6,
+{NULL,NULL,NID_undef,0,NULL,0},
+{"id-aes128-wrap","id-aes128-wrap",NID_
id_aes128_wrap,9,
&(lvalues[5657]),0},
+{"id-aes192-wrap","id-aes192-wrap",NID_
id_aes192_wrap,9,
+ &(lvalues[5666]),0},
+{"id-aes256-wrap","id-aes256-wrap",NID_
id_aes256_wrap,9,
+ &(lvalues[5675]),0},
+{"gost-mac","GOST 28147-89
MAC",NID_id_Gost28147_89_MAC,6,
+ &(lvalues[5684]),0},
};
static const unsigned int sn_objs[NUM_SN]={
-2523,7 +2533,7
490, /* "friendlyCountryName" */
156, /* "friendlyName" */
509, /* "generationQualifier" */
-852, /* "gost-mac" */
+856, /* "gost-mac" */
806, /* "gost2001" */
846, /* "gost2001cc" */
808, /* "gost89" */
-2593,6 +2603,9
357, /* "id-aca-group" */
358, /* "id-aca-role" */
176, /* "id-ad" */
+853, /* "id-aes128-wrap" */
+854, /* "id-aes192-wrap" */
+855, /* "id-aes256-wrap" */
262, /* "id-alg" */
323, /* "id-alg-des40" */
326, /* "id-alg-dh-pop" */
-3113,7 +3126,7
172, /* "Extension Request" */
808, /* "GOST 28147-89" */
844, /* "GOST 28147-89 Cryptocom ParamSet" */
-852, /* "GOST 28147-89 MAC" */
+856, /* "GOST 28147-89 MAC" */
846, /* "GOST 34.10-2001 Cryptocom" */
845, /* "GOST 34.10-94 Cryptocom" */
806, /* "GOST R 34.10-2001" */
-3436,6 +3449,9
357, /* "id-aca-group" */
358, /* "id-aca-role" */
176, /* "id-ad" */
+853, /* "id-aes128-wrap" */
+854, /* "id-aes192-wrap" */
+855, /* "id-aes256-wrap" */
262, /* "id-alg" */
323, /* "id-alg-des40" */
326, /* "id-alg-dh-pop" */
-4221,7 +4237,7
806, /* OBJ_id_GostR3410_2001 1 2 643 2 2 19
*/
807, /* OBJ_id_GostR3410_94 1 2 643 2 2 20
*/
808, /* OBJ_id_Gost28147_89 1 2 643 2 2 21
*/
-852, /* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22
*/
+856, /* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22
*/
811, /* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23
*/
812, /* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98
*/
813, /* OBJ_id_GostR3410_94DH 1 2 643 2 2 99
*/
-4556,14 +4572,17
419, /* OBJ_aes_128_cbc 2 16 840 1 101 3
4 1 2 */
420, /* OBJ_aes_128_ofb128 2 16 840 1 101 3
4 1 3 */
421, /* OBJ_aes_128_cfb128 2 16 840 1 101 3
4 1 4 */
+853, /* OBJ_id_aes128_wrap 2 16 840 1 101 3
4 1 5 */
422, /* OBJ_aes_192_ecb 2 16 840 1 101 3
4 1 21 */
423, /* OBJ_aes_192_cbc 2 16 840 1 101 3
4 1 22 */
424, /* OBJ_aes_192_ofb128 2 16 840 1 101 3
4 1 23 */
425, /* OBJ_aes_192_cfb128 2 16 840 1 101 3
4 1 24 */
+854, /* OBJ_id_aes192_wrap 2 16 840 1 101 3
4 1 25 */
426, /* OBJ_aes_256_ecb 2 16 840 1 101 3
4 1 41 */
427, /* OBJ_aes_256_cbc 2 16 840 1 101 3
4 1 42 */
428, /* OBJ_aes_256_ofb128 2 16 840 1 101 3
4 1 43 */
429, /* OBJ_aes_256_cfb128 2 16 840 1 101 3
4 1 44 */
+855, /* OBJ_id_aes256_wrap 2 16 840 1 101 3
4 1 45 */
672, /* OBJ_sha256 2 16 840 1 101 3
4 2 1 */
673, /* OBJ_sha384 2 16 840 1 101 3
4 2 2 */
674, /* OBJ_sha512 2 16 840 1 101 3
4 2 3 */
.
patch -p0 <<' .'
Index: openssl/crypto/objects/obj_mac.h
============================================================
================
$ cvs diff -u -r1.75 -r1.76 obj_mac.h
--- openssl/crypto/objects/obj_mac.h 29 Feb 2008 14:24:52
-0000 1.75
+++ openssl/crypto/objects/obj_mac.h 17 Mar 2008 18:11:27
-0000 1.76
-2508,6 +2508,18
#define LN_des_ede3_cfb8 "des-ede3-cfb8"
#define NID_des_ede3_cfb8 659
+#define SN_id_aes128_wrap "id-aes128-wrap"
+#define NID_id_aes128_wrap 853
+#define OBJ_id_aes128_wrap OBJ_aes,5L
+
+#define SN_id_aes192_wrap "id-aes192-wrap"
+#define NID_id_aes192_wrap 854
+#define OBJ_id_aes192_wrap OBJ_aes,25L
+
+#define SN_id_aes256_wrap "id-aes256-wrap"
+#define NID_id_aes256_wrap 855
+#define OBJ_id_aes256_wrap OBJ_aes,45L
+
#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L
#define SN_sha256 "SHA256"
-3457,7 +3469,7
#define SN_id_Gost28147_89_MAC "gost-mac"
#define LN_id_Gost28147_89_MAC "GOST 28147-89
MAC"
-#define NID_id_Gost28147_89_MAC 852
+#define NID_id_Gost28147_89_MAC 856
#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L
#define
SN_id_GostR3411_94_prf "prf-gostr3411-94"
.
patch -p0 <<' .'
Index: openssl/crypto/objects/obj_mac.num
============================================================
================
$ cvs diff -u -r1.65 -r1.66 obj_mac.num
--- openssl/crypto/objects/obj_mac.num 29 Feb 2008
14:24:52 -0000 1.65
+++ openssl/crypto/objects/obj_mac.num 17 Mar 2008
18:11:27 -0000 1.66
-849,4 +849,8
id_GostR3410_2001_ParamSet_cc 849
hmac 850
id_smime_ct_compressedData 851
-id_Gost28147_89_MAC 852
+id_Gost28147_89_MAC 852
+id_aes128_wrap 853
+id_aes192_wrap 854
+id_aes256_wrap 855
+id_Gost28147_89_MAC 856
.
patch -p0 <<' .'
Index: openssl/crypto/objects/objects.txt
============================================================
================
$ cvs diff -u -r1.75 -r1.76 objects.txt
--- openssl/crypto/objects/objects.txt 29 Feb 2008
14:24:52 -0000 1.75
+++ openssl/crypto/objects/objects.txt 17 Mar 2008
18:11:27 -0000 1.76
-835,6 +835,10
: DES-EDE3-CFB1 : des-ede3-cfb1
: DES-EDE3-CFB8 : des-ede3-cfb8
+aes 5 : id-aes128-wrap
+aes 25 : id-aes192-wrap
+aes 45 : id-aes256-wrap
+
# OIDs for SHA224, SHA256, SHA385 and SHA512, according
to x9.84.
!Alias nist_hashalgs nistAlgorithms 2
nist_hashalgs 1 : SHA256 : sha256
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|
