[openssl-users] RSA_PKCS1_OAEP_PADDING
Dr. Stephen Henson
steve at openssl.org
Thu May 11 15:10:32 UTC 2017
On Thu, May 11, 2017, RudyAC wrote:
> Hello,
>
> I have the requirement to encrypt e-mails using RSA-OAEP padding. I use the
> library openssl-1.0.2k and encrypt with CMS container. The following
> function describes my method. My problem is that I'm not sure if this method
> really uses the RSA-OAEP padding.
>
> bool
> smime_encrypt_cms(const std::string& infile, const std::string& outfile)
> {
> bool bResult = false;
> const char* inmode = "r";
> const char* outmode = "w";
> const EVP_CIPHER* cipher = NULL;
>
>
> STACK_OF(X509)* encerts = NULL;
> BIO* in = NULL;
> BIO* out = NULL;
> BIO* bio_err = NULL;
> int flags = 0;
>
> X509 *recip;
> int i = 0;
> unsigned char *oaep_label = NULL;
> int oaep_label_l = 0;
> int nflags = CMS_PARTIAL | CMS_KEY_PARAM;
> CMS_ContentInfo* cms = CMS_encrypt(NULL, NULL, cipher, nflags);
> EVP_PKEY_CTX* wrap_ctx = NULL;
>
> KWlog ( EV_D_APPL_14 , "smime_encrypt_cms () started" );
>
> cipher = get_cipher();
> SMTPD_RAND_load_file ( NULL , bio_err , 0 );
>
> encerts = sk_X509_new_null();
>
> FOR_CONST_IT(EmailAndCertList, itRecip, _m_recipCertsList)
> {
> SMIME_key_list recip_encerts = (*itRecip)->smime_enc();
>
> FOR_CONST_IT(SMIME_key_list, iter, recip_encerts)
> {
> sk_X509_push( encerts, (*iter).dup_cert());
> }
> }
>
>
> if ( ! ( in = BIO_new_file ( infile.c_str() , inmode ))) {
> KWlog_appl ( EV_E_APPL_INFO , "Can't open input file %s",
> infile.c_str() );
> _error_messages.push_back("Internal Error");
> goto exit;
> }
>
> if ( ! ( out = BIO_new_file ( outfile.c_str() , outmode ))) {
> KWlog_appl ( EV_E_APPL_INFO , "Can't open output file %s",
> outfile.c_str() );
> _error_messages.push_back("Internal Error");
> goto exit;
> }
>
> for (i = 0; i < sk_X509_num(encerts); i++) {
>
> CMS_RecipientInfo* r_info;
>
> recip = sk_X509_value(encerts, i);
> r_info = CMS_add1_recipient_cert(cms, recip, nflags);
> if (!r_info) {
> KWlog_appl(EV_E_APPL_INFO,
> "smime_encrypt_cms(): Error while adding recipient certs to CMS info
> structure");
> return false;
> }
> wrap_ctx = CMS_RecipientInfo_get0_pkey_ctx(r_info);
> KWlog ( EV_D_APPL_14 , "smime_encrypt_cms () Set OAEP Padding");
> EVP_PKEY_CTX_set_rsa_padding(wrap_ctx, RSA_PKCS1_OAEP_PADDING);
> EVP_PKEY_CTX_set_rsa_oaep_md(wrap_ctx, EVP_sha256());
> EVP_PKEY_CTX_set_rsa_mgf1_md(wrap_ctx, EVP_sha256());
> EVP_PKEY_CTX_set0_rsa_oaep_label(wrap_ctx, oaep_label, oaep_label_l);
> }
>
> CMS_final(cms, in, NULL, nflags);
>
> /* encrypt content */
> cms = CMS_encrypt(encerts, in, cipher, flags);
>
>
> if( ! cms ) {
> KWlog ( EV_E_APPL_INFO , "Error creating CMS structure");
> KWlog_SSL ;
> _error_messages.push_back("Internal Error");
> goto exit;
> }
>
> flags |= SMIME_OLDMIME;
>
> /* Write out S/MIME message */
> if (!SMIME_write_CMS(out, cms, in, flags))
> goto exit;
>
> bResult = true;
>
> exit:
> SMTPD_RAND_write_file (NULL, bio_err);
> sk_X509_pop_free(encerts, X509_free);
> if (cms)
> CMS_ContentInfo_free(cms);
> BIO_free(in);
> BIO_free_all(out);
>
> KWlog ( EV_D_APPL_14 , "smime_encrypt_cms () finished" );
> return ( bResult );
> }
>
> When using this function to encrypt an e-mail Thunderbird can decrypt the
> message. But is RSA-OAEP padding really used or is the default padding still
> used? How can I check this?
>
> For comments I would be very grateful
>
You can try printing out all the fields of the message with:
openssl cms -cmsout -noout -print
Near the top you should see:
keyEncryptionAlgorithm:
algorithm: rsaesOaep (1.2.840.113549.1.1.7)
while the default padding give:
keyEncryptionAlgorithm:
algorithm: rsaEncryption (1.2.840.113549.1.1.1)
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list