tests in RFC4134.
#define SMIME_DIGEST_CREATE (10 | SMIME_OP)
#define SMIME_UNCOMPRESS (11 | SMIME_IP)
#define SMIME_COMPRESS (12 | SMIME_OP)
+#define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
int MAIN(int, char **);
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
+ unsigned char *secret_key = NULL;
+ size_t secret_keylen;
X509_VERIFY_PARAM *vpm = NULL;
operation = SMIME_COMPRESS;
else if (!strcmp (*args, "-uncompress"))
operation = SMIME_UNCOMPRESS;
+ else if (!strcmp (*args, "-EncrypedData_decrypt"))
+ operation = SMIME_ENCRYPTED_DECRYPT;
#ifndef OPENSSL_NO_DES
else if (!strcmp (*args, "-des3"))
cipher = EVP_des_ede3_cbc();
flags |= CMS_NOOLDMIMETYPE;
else if (!strcmp (*args, "-crlfeol"))
flags |= CMS_CRLFEOL;
+ else if (!strcmp(*args,"-secretkey"))
+ {
+ long ltmp;
+ if (!args[1])
+ goto argerr;
+ args++;
+ secret_key = string_to_hex(*args, <mp);
+ if (!secret_key)
+ {
+ BIO_printf(bio_err, "Invalid key %s\n", *args);
+ goto argerr;
+ }
+ secret_keylen = (size_t)ltmp;
+ }
else if (!strcmp(*args,"-rand"))
{
if (!args[1])
goto end;
}
}
+ else if (operation == SMIME_ENCRYPTED_DECRYPT)
+ {
+ if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
+ indata, out, flags))
+ goto end;
+ }
else if (operation == SMIME_VERIFY)
{
if (CMS_verify(cms, other, store, indata, out, flags) > 0)
sk_free(sksigners);
if (skkeys)
sk_free(skkeys);
+ if (secret_key)
+ OPENSSL_free(secret_key);
X509_STORE_free(store);
X509_free(cert);
X509_free(recip);
CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
unsigned int flags);
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
+ const unsigned char *key, size_t keylen,
+ BIO *dcont, BIO *out, unsigned int flags);
+
+int CMS_EncryptedData_set1_key(BIO *b, CMS_ContentInfo *cms,
+ const unsigned char *key, size_t keylen);
+
int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 112
#define CMS_F_CMS_DIGEST_VERIFY 113
#define CMS_F_CMS_ENCRYPTEDCONTENT_TO_BIO 138
+#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 140
+#define CMS_F_CMS_ENCRYPTED_DATA_DECRYPT 139
#define CMS_F_CMS_ENVELOPED_DATA_INIT 114
#define CMS_F_CMS_FINAL 115
#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 116
#define CMS_R_TYPE_NOT_COMPRESSED_DATA 128
#define CMS_R_TYPE_NOT_DATA 129
#define CMS_R_TYPE_NOT_DIGESTED_DATA 130
+#define CMS_R_TYPE_NOT_ENCRYPTED_DATA 142
#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 131
#define CMS_R_UNKNOWN_CIPHER 141
#define CMS_R_UNKNOWN_DIGEST_ALGORIHM 132
/* Return BIO based on EncryptedContentInfo and key */
-BIO *cms_EncryptedContent_to_bio(CMS_EncryptedContentInfo *ec,
+int cms_EncryptedContent_to_bio(BIO *b, CMS_EncryptedContentInfo *ec,
const unsigned char *key, int keylen)
{
- BIO *b;
EVP_CIPHER_CTX *ctx;
const EVP_CIPHER *ciph;
- b = BIO_new(BIO_f_cipher());
- if (!b)
- {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_TO_BIO, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
BIO_get_cipher_ctx(b, &ctx);
ciph = EVP_get_cipherbyobj(ec->contentEncryptionAlgorithm->algorithm);
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
}
- return b;
+ return 1;
err:
- BIO_free(b);
- return NULL;
+ return 0;
}
+int CMS_EncryptedData_set1_key(BIO *b, CMS_ContentInfo *cms,
+ const unsigned char *key, size_t keylen)
+ {
+ CMS_EncryptedContentInfo *ec;
+ if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted)
+ return 0;
+ ec = cms->d.encryptedData->encryptedContentInfo;
+ return cms_EncryptedContent_to_bio(b, ec, key, keylen);
+ }
{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "CMS_DIGESTEDDATA_DO_FINAL"},
{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"},
{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_TO_BIO), "CMS_ENCRYPTEDCONTENT_TO_BIO"},
+{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"},
+{ERR_FUNC(CMS_F_CMS_ENCRYPTED_DATA_DECRYPT), "CMS_ENCRYPTED_DATA_DECRYPT"},
{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"},
{ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"},
{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"},
{ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA),"type not compressed data"},
{ERR_REASON(CMS_R_TYPE_NOT_DATA) ,"type not data"},
{ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA),"type not digested data"},
+{ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA),"type not encrypted data"},
{ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),"unable to finalize context"},
{ERR_REASON(CMS_R_UNKNOWN_CIPHER) ,"unknown cipher"},
{ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM),"unknown digest algorihm"},
BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
X509_ALGOR *mdalg);
+
+int cms_bio_to_EncryptedContent(CMS_EncryptedContentInfo *ec,
+ const unsigned char *key, int keylen,
+ BIO *b);
+int cms_EncryptedContent_to_bio(BIO *b, CMS_EncryptedContentInfo *ec,
+ const unsigned char *key, int keylen);
#ifdef __cplusplus
}
break;
#endif
+ case NID_pkcs7_encrypted:
+ cmsbio = BIO_new(BIO_f_cipher());
+ break;
+
default:
CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
return NULL;
return NULL;
}
-
+
int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
{
ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
return NULL;
}
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
+ const unsigned char *key, size_t keylen,
+ BIO *dcont, BIO *out, unsigned int flags)
+ {
+ BIO *cont;
+ int r;
+ if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
+ CMS_R_TYPE_NOT_ENCRYPTED_DATA);
+ return 0;
+ }
+
+ if (!dcont)
+ {
+ ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+ if (!pos || !*pos)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
+ CMS_R_NO_CONTENT);
+ return 0;
+ }
+ }
+
+ cont = CMS_dataInit(cms, dcont);
+ if (!cont)
+ return 0;
+ r = CMS_EncryptedData_set1_key(cont, cms, key, keylen);
+ if (r)
+ r = cms_copy_content(out, cont, flags);
+ BIO_free_all(cont);
+ return r;
+ }
+
static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
X509_STORE *store,
STACK_OF(X509) *certs,
["5.1.bin" => "encode"],
["5.2.bin" => "encode"],
["6.0.bin" => "encode, digest, cont"],
-["7.1.bin" => "encode"],
-["7.2.bin" => "encode"]
+["7.1.bin" => "encode, encrypted, cont"],
+["7.2.bin" => "encode, encrypted, cont"]
);
+my $secretkey = "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32";
+
if (!-d $exdir)
{
print STDERR "FATAL ERROR: examples directory missing!!\n";
{
run_digest_test($exdir, $tlist, $file);
}
+ if ($tlist =~ /encrypted/)
+ {
+ run_encrypted_test($exdir, $tlist, $file, $secretkey);
+ }
}
}
}
+sub run_encrypted_test
+ {
+ my ($cmsdir, $tlist, $tfile, $key) = @_;
+ unlink "tmp.txt";
+
+ system ("$cmscmd -EncrypedData_decrypt -inform DER" .
+ " -secretkey $key" .
+ " -in $cmsdir/$tfile -out tmp.txt");
+
+ if ($?)
+ {
+ print "\tEncrypted Data command FAILED!!\n";
+ $badtest++;
+ }
+ elsif ($tlist =~ /cont/ &&
+ !cmp_files("$cmsdir/ExContent.bin", "tmp.txt"))
+ {
+ print "\tEncrypted Data content compare FAILED!!\n";
+ $badtest++;
+ }
+ else
+ {
+ print "\tEncryptedData verify passed\n" if $verbose;
+ }
+ }
+
sub cmp_files
{
my ($f1, $f2) = @_;