Partial support for KEKRecipientInfo type.
authorDr. Stephen Henson <steve@openssl.org>
Mon, 17 Mar 2008 18:11:27 +0000 (18:11 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 17 Mar 2008 18:11:27 +0000 (18:11 +0000)
crypto/cms/cms.h
crypto/cms/cms_env.c
crypto/cms/cms_err.c
crypto/objects/obj_dat.h
crypto/objects/obj_mac.h
crypto/objects/obj_mac.num
crypto/objects/objects.txt

index d316db5..b6c9792 100644 (file)
@@ -273,6 +273,7 @@ void ERR_load_CMS_strings(void);
 
 /* Function codes. */
 #define CMS_F_CHECK_CONTENT                             151
+#define CMS_F_CMS_ADD0_RECIPIENT_KEY                    157
 #define CMS_F_CMS_ADD1_RECIPIENT_CERT                   99
 #define CMS_F_CMS_ADD1_SIGNER                           100
 #define CMS_F_CMS_ADD1_SIGNINGTIME                      101
@@ -314,6 +315,7 @@ void ERR_load_CMS_strings(void);
 #define CMS_F_CMS_GET0_REVOCATION_CHOICES               120
 #define CMS_F_CMS_GET0_SIGNED                           121
 #define CMS_F_CMS_RECIPIENTINFO_DECRYPT                         150
+#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID           158
 #define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP           122
 #define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT            155
 #define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS          123
@@ -353,6 +355,7 @@ void ERR_load_CMS_strings(void);
 #define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH      112
 #define CMS_R_MESSAGEDIGEST_WRONG_LENGTH                113
 #define CMS_R_NOT_ENCRYPTED_DATA                        143
+#define CMS_R_NOT_KEK                                   152
 #define CMS_R_NOT_KEY_TRANSPORT                                 114
 #define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE           115
 #define CMS_R_NO_CIPHER                                         144
@@ -382,6 +385,7 @@ void ERR_load_CMS_strings(void);
 #define CMS_R_UNKNOWN_ID                                133
 #define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM                 134
 #define CMS_R_UNSUPPORTED_CONTENT_TYPE                  135
+#define CMS_R_UNSUPPORTED_KEK_ALGORITHM                         153
 #define CMS_R_UNSUPPORTED_RECIPIENT_TYPE                151
 #define CMS_R_UNSUPPORTED_TYPE                          136
 #define CMS_R_VERIFICATION_FAILURE                      137
index c2cf669..5ac3e12 100644 (file)
@@ -66,6 +66,8 @@
 DECLARE_ASN1_ITEM(CMS_EnvelopedData)
 DECLARE_ASN1_ITEM(CMS_RecipientInfo)
 DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
 
 DECLARE_STACK_OF(CMS_RecipientInfo)
 
@@ -227,6 +229,137 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
 
        }
 
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
+                                       X509_ALGOR **palg,
+                                       ASN1_OCTET_STRING **pid,
+                                       ASN1_GENERALIZEDTIME **pdate,
+                                       ASN1_OBJECT **potherid,
+                                       ASN1_TYPE **pothertype)
+       {
+       CMS_KEKIdentifier *rkid;
+       if (ri->type != CMS_RECIPINFO_KEK)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
+               return 0;
+               }
+       rkid =  ri->d.kekri->kekid;
+       if (palg)
+               *palg = ri->d.kekri->keyEncryptionAlgorithm;
+       if (pid)
+               *pid = rkid->keyIdentifier;
+       if (pdate)
+               *pdate = rkid->date;
+       if (potherid)
+               {
+               if (rkid->other)
+                       *potherid = rkid->other->keyAttrId;
+               else
+                       *potherid = NULL;
+               }
+       if (pothertype)
+               {
+               if (rkid->other)
+                       *pothertype = rkid->other->keyAttr;
+               else
+                       *pothertype = NULL;
+               }
+       return 1;
+       }
+
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+                                       unsigned char *key, size_t keylen,
+                                       unsigned char *id, size_t idlen,
+                                       ASN1_GENERALIZEDTIME *date,
+                                       ASN1_OBJECT *otherTypeId,
+                                       ASN1_TYPE *otherType)
+       {
+       CMS_RecipientInfo *ri = NULL;
+       CMS_EnvelopedData *env;
+       CMS_KEKRecipientInfo *kekri;
+       size_t exp_keylen = 0;
+       env = cms_get0_enveloped(cms);
+       if (!env)
+               goto err;
+
+       /* For now hard code checks on nids */
+       switch (nid)
+               {
+               case NID_id_aes128_wrap:
+               exp_keylen = 16;
+               break;
+
+               case NID_id_aes192_wrap:
+               exp_keylen = 24;
+               break;
+
+               case NID_id_aes256_wrap:
+               exp_keylen = 32;
+               break;
+
+               default:
+               CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
+                               CMS_R_UNSUPPORTED_KEK_ALGORITHM);
+               goto err;
+               }
+
+       if (exp_keylen && (keylen != exp_keylen))
+               {
+               CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
+                               CMS_R_INVALID_KEY_LENGTH);
+               goto err;
+               }
+
+       /* Initialize recipient info */
+       ri = M_ASN1_new_of(CMS_RecipientInfo);
+       if (!ri)
+               goto merr;
+
+       ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
+       if (!ri->d.kekri)
+               goto merr;
+       ri->type = CMS_RECIPINFO_KEK;
+
+       kekri = ri->d.kekri;
+
+       if (otherTypeId)
+               {
+               kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
+               if (kekri->kekid->other == NULL)
+                       goto merr;
+               }
+
+       if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+               goto merr;
+
+       /* After this point no calls can fail */
+
+       kekri->version = 4;
+
+       kekri->key = key;
+       kekri->keylen = keylen;
+
+       ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
+
+       kekri->kekid->date = date;
+
+       kekri->kekid->other->keyAttrId = otherTypeId;
+       kekri->kekid->other->keyAttr = otherType;
+
+       X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
+                               OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
+
+       return ri;
+
+       merr:
+       CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
+       err:
+       if (ri)
+               M_ASN1_free_of(ri, CMS_RecipientInfo);
+       return NULL;
+
+       }
+
 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
                                        EVP_PKEY **pk, X509 **recip,
                                        X509_ALGOR **palg)
index 0e13f39..acc756a 100644 (file)
@@ -71,6 +71,7 @@
 static ERR_STRING_DATA CMS_str_functs[]=
        {
 {ERR_FUNC(CMS_F_CHECK_CONTENT),        "CHECK_CONTENT"},
+{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY),       "CMS_ADD0_RECIPIENT_KEY"},
 {ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT),      "CMS_add1_recipient_cert"},
 {ERR_FUNC(CMS_F_CMS_ADD1_SIGNER),      "CMS_add1_signer"},
 {ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"},
@@ -112,6 +113,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
 {ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES),  "CMS_GET0_REVOCATION_CHOICES"},
 {ERR_FUNC(CMS_F_CMS_GET0_SIGNED),      "CMS_GET0_SIGNED"},
 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT),    "CMS_RecipientInfo_decrypt"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID),      "CMS_RECIPIENTINFO_KEKRI_GET0_ID"},
 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP),      "CMS_RecipientInfo_ktri_cert_cmp"},
 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT),       "CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS),     "CMS_RecipientInfo_ktri_get0_algs"},
@@ -154,6 +156,7 @@ static ERR_STRING_DATA CMS_str_reasons[]=
 {ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),"messagedigest attribute wrong length"},
 {ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),"messagedigest wrong length"},
 {ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA)    ,"not encrypted data"},
+{ERR_REASON(CMS_R_NOT_KEK)               ,"not kek"},
 {ERR_REASON(CMS_R_NOT_KEY_TRANSPORT)     ,"not key transport"},
 {ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not supported for this key type"},
 {ERR_REASON(CMS_R_NO_CIPHER)             ,"no cipher"},
@@ -183,6 +186,7 @@ static ERR_STRING_DATA CMS_str_reasons[]=
 {ERR_REASON(CMS_R_UNKNOWN_ID)            ,"unknown id"},
 {ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
 {ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
+{ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),"unsupported kek algorithm"},
 {ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsupported recipient type"},
 {ERR_REASON(CMS_R_UNSUPPORTED_TYPE)      ,"unsupported type"},
 {ERR_REASON(CMS_R_VERIFICATION_FAILURE)  ,"verification failure"},
index 2065a2c..7d68704 100644 (file)
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 853
-#define NUM_SN 845
-#define NUM_LN 845
-#define NUM_OBJ 799
+#define NUM_NID 857
+#define NUM_SN 848
+#define NUM_LN 848
+#define NUM_OBJ 802
 
-static const unsigned char lvalues[5664]={
+static const unsigned char lvalues[5691]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -866,7 +866,10 @@ static const unsigned char lvalues[5664]={
 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,     /* [5630] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
 0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,     /* [5638] OBJ_id_GostR3410_2001_ParamSet_cc */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5646] OBJ_id_smime_ct_compressedData */
-0x2A,0x85,0x03,0x02,0x02,0x16,               /* [5657] OBJ_id_Gost28147_89_MAC */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5657] OBJ_id_aes128_wrap */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5666] OBJ_id_aes192_wrap */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5675] OBJ_id_aes256_wrap */
+0x2A,0x85,0x03,0x02,0x02,0x16,               /* [5684] OBJ_id_Gost28147_89_MAC */
 };
 
 static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2240,8 +2243,15 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 {"HMAC","hmac",NID_hmac,0,NULL,0},
 {"id-smime-ct-compressedData","id-smime-ct-compressedData",
        NID_id_smime_ct_compressedData,11,&(lvalues[5646]),0},
-{"gost-mac","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6,
+{NULL,NULL,NID_undef,0,NULL,0},
+{"id-aes128-wrap","id-aes128-wrap",NID_id_aes128_wrap,9,
        &(lvalues[5657]),0},
+{"id-aes192-wrap","id-aes192-wrap",NID_id_aes192_wrap,9,
+       &(lvalues[5666]),0},
+{"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9,
+       &(lvalues[5675]),0},
+{"gost-mac","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6,
+       &(lvalues[5684]),0},
 };
 
 static const unsigned int sn_objs[NUM_SN]={
@@ -2523,7 +2533,7 @@ static const unsigned int sn_objs[NUM_SN]={
 490,   /* "friendlyCountryName" */
 156,   /* "friendlyName" */
 509,   /* "generationQualifier" */
-852,   /* "gost-mac" */
+856,   /* "gost-mac" */
 806,   /* "gost2001" */
 846,   /* "gost2001cc" */
 808,   /* "gost89" */
@@ -2593,6 +2603,9 @@ static const unsigned int sn_objs[NUM_SN]={
 357,   /* "id-aca-group" */
 358,   /* "id-aca-role" */
 176,   /* "id-ad" */
+853,   /* "id-aes128-wrap" */
+854,   /* "id-aes192-wrap" */
+855,   /* "id-aes256-wrap" */
 262,   /* "id-alg" */
 323,   /* "id-alg-des40" */
 326,   /* "id-alg-dh-pop" */
@@ -3113,7 +3126,7 @@ static const unsigned int ln_objs[NUM_LN]={
 172,   /* "Extension Request" */
 808,   /* "GOST 28147-89" */
 844,   /* "GOST 28147-89 Cryptocom ParamSet" */
-852,   /* "GOST 28147-89 MAC" */
+856,   /* "GOST 28147-89 MAC" */
 846,   /* "GOST 34.10-2001 Cryptocom" */
 845,   /* "GOST 34.10-94 Cryptocom" */
 806,   /* "GOST R 34.10-2001" */
@@ -3436,6 +3449,9 @@ static const unsigned int ln_objs[NUM_LN]={
 357,   /* "id-aca-group" */
 358,   /* "id-aca-role" */
 176,   /* "id-ad" */
+853,   /* "id-aes128-wrap" */
+854,   /* "id-aes192-wrap" */
+855,   /* "id-aes256-wrap" */
 262,   /* "id-alg" */
 323,   /* "id-alg-des40" */
 326,   /* "id-alg-dh-pop" */
@@ -4221,7 +4237,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 806,   /* OBJ_id_GostR3410_2001            1 2 643 2 2 19 */
 807,   /* OBJ_id_GostR3410_94              1 2 643 2 2 20 */
 808,   /* OBJ_id_Gost28147_89              1 2 643 2 2 21 */
-852,   /* OBJ_id_Gost28147_89_MAC          1 2 643 2 2 22 */
+856,   /* OBJ_id_Gost28147_89_MAC          1 2 643 2 2 22 */
 811,   /* OBJ_id_GostR3411_94_prf          1 2 643 2 2 23 */
 812,   /* OBJ_id_GostR3410_2001DH          1 2 643 2 2 98 */
 813,   /* OBJ_id_GostR3410_94DH            1 2 643 2 2 99 */
@@ -4556,14 +4572,17 @@ static const unsigned int obj_objs[NUM_OBJ]={
 419,   /* OBJ_aes_128_cbc                  2 16 840 1 101 3 4 1 2 */
 420,   /* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */
 421,   /* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */
+853,   /* OBJ_id_aes128_wrap               2 16 840 1 101 3 4 1 5 */
 422,   /* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */
 423,   /* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */
 424,   /* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */
 425,   /* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */
+854,   /* OBJ_id_aes192_wrap               2 16 840 1 101 3 4 1 25 */
 426,   /* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */
 427,   /* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
 428,   /* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
 429,   /* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
+855,   /* OBJ_id_aes256_wrap               2 16 840 1 101 3 4 1 45 */
 672,   /* OBJ_sha256                       2 16 840 1 101 3 4 2 1 */
 673,   /* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */
 674,   /* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */
index 6b2157f..d3abeef 100644 (file)
 #define LN_des_ede3_cfb8               "des-ede3-cfb8"
 #define NID_des_ede3_cfb8              659
 
+#define SN_id_aes128_wrap              "id-aes128-wrap"
+#define NID_id_aes128_wrap             853
+#define OBJ_id_aes128_wrap             OBJ_aes,5L
+
+#define SN_id_aes192_wrap              "id-aes192-wrap"
+#define NID_id_aes192_wrap             854
+#define OBJ_id_aes192_wrap             OBJ_aes,25L
+
+#define SN_id_aes256_wrap              "id-aes256-wrap"
+#define NID_id_aes256_wrap             855
+#define OBJ_id_aes256_wrap             OBJ_aes,45L
+
 #define OBJ_nist_hashalgs              OBJ_nistAlgorithms,2L
 
 #define SN_sha256              "SHA256"
 
 #define SN_id_Gost28147_89_MAC                                 "gost-mac"
 #define LN_id_Gost28147_89_MAC                                 "GOST 28147-89 MAC"
-#define NID_id_Gost28147_89_MAC                                        852
+#define NID_id_Gost28147_89_MAC                                        856
 #define OBJ_id_Gost28147_89_MAC                                        OBJ_cryptopro,22L
 
 #define SN_id_GostR3411_94_prf         "prf-gostr3411-94"
index a51dcba..a065a82 100644 (file)
@@ -849,4 +849,8 @@ id_GostR3411_94_with_GostR3410_2001_cc              848
 id_GostR3410_2001_ParamSet_cc          849
 hmac           850
 id_smime_ct_compressedData             851
-id_Gost28147_89_MAC                                    852
+id_Gost28147_89_MAC            852
+id_aes128_wrap         853
+id_aes192_wrap         854
+id_aes256_wrap         855
+id_Gost28147_89_MAC                                    856
index dc10278..2d88c82 100644 (file)
@@ -835,6 +835,10 @@ aes 44                     : AES-256-CFB           : aes-256-cfb
                        : DES-EDE3-CFB1         : des-ede3-cfb1
                        : DES-EDE3-CFB8         : des-ede3-cfb8
 
+aes 5                  : id-aes128-wrap 
+aes 25                 : id-aes192-wrap 
+aes 45                 : id-aes256-wrap 
+
 # OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
 !Alias nist_hashalgs nistAlgorithms 2
 nist_hashalgs 1                : SHA256                : sha256