[openssl-dev] EC based certificates not supported in CMS - why?

Paweł Kaźmierczak koraboros at gmail.com
Thu Apr 9 13:56:02 UTC 2015 

I am affraid EC certs do not work in CMS openSSL 1.0.2. I just wrote a
simple test procedure:

void cmsTest()
{
  //this RSA works
  //auto certFileBio = BIO_new_file("c:\\a\\simplersa_noPem.cer", "rb");
  //auto prvKeyFileBio = BIO_new_file("c:\\a\\simplersa_pkey.openssl",
"rb");

  //this EC not
  auto certFileBio = BIO_new_file("c:\\a\\advancedbr256r1_noPem.cer", "rb");
  auto prvKeyFileBio = BIO_new_file("c:\\a\\advancedbr256r1_pkey.pkcs8",
"rb");

  auto evpPkey = d2i_PrivateKey_bio(prvKeyFileBio, 0);
  auto cert = d2i_X509_bio(certFileBio, 0);
  stack_st_X509* certStack = sk_X509_new_null();
  sk_X509_push(certStack, cert);
  X509_STORE* store = X509_STORE_new();
  X509_STORE_add_cert(store, cert);

  //sign
  auto inFileBio = BIO_new_file("c:\\tmp\\0_inContent.txt", "rb");
  CMS_ContentInfo *cms = CMS_sign(cert, evpPkey, 0, inFileBio, 0);
  auto cmsOutFileBio = BIO_new_file("c:\\tmp\\1_signedCms.txt", "wb");
  auto res = PEM_write_bio_CMS_stream(cmsOutFileBio, cms, 0, 0);
  BIO_free(inFileBio);
  BIO_free(cmsOutFileBio);

  //encrypt
  inFileBio = BIO_new_file("c:\\tmp\\1_signedCms.txt", "rb");
  cms = CMS_encrypt(certStack, inFileBio, EVP_aes_128_cbc(), 0);
  auto ecnryptedCmsOutFileBio =
BIO_new_file("c:\\tmp\\2_encryptedSignedCmsOut.txt", "wb");
  res = PEM_write_bio_CMS_stream(ecnryptedCmsOutFileBio, cms, 0, 0);
  BIO_free(inFileBio);
  BIO_free(ecnryptedCmsOutFileBio);

  //decrypt
  inFileBio = BIO_new_file("c:\\tmp\\2_encryptedSignedCmsOut.txt", "rb");
  cms = PEM_read_bio_CMS(inFileBio, 0, 0, 0);
  auto decryptedCmsOutFileBio =
BIO_new_file("c:\\tmp\\3_decryptedSignedCmsOut.txt", "wb");
  res = CMS_decrypt(cms, evpPkey, cert, 0, decryptedCmsOutFileBio, 0); //
ERROR HERE **************************************************************
  BIO_free(decryptedCmsOutFileBio);
  BIO_free(inFileBio);

  //verify/read content CMS
  inFileBio = BIO_new_file("c:\\tmp\\3_decryptedSignedCmsOut.txt", "rb");
  cms = PEM_read_bio_CMS(inFileBio, 0, 0, 0);
  auto decodedCmsOutFileBio = BIO_new_file("c:\\tmp\\4_inContext.txt",
"wb");
  res = CMS_verify(cms, certStack, store, 0, decodedCmsOutFileBio, 0);
  auto signers = CMS_get0_signers(cms);
  BIO_free(inFileBio);
  BIO_free(decodedCmsOutFileBio);

  //deinit
  EVP_PKEY_free(evpPkey);
  sk_X509_free(certStack);
  X509_STORE_free(store);
  BIO_free(certFileBio);
  BIO_free(prvKeyFileBio);
}

and it works perfectly if RSA certificate is used but It fails during
decrypt if I use the brainpool based certificates.
The error occurs in cms_env.c, cms_env_asn1_ctrl function

int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
{
    EVP_PKEY *pkey;
    int i;
    if (ri->type == CMS_RECIPINFO_TRANS)
        pkey = ri->d.ktri->pkey;
    else if (ri->type == CMS_RECIPINFO_AGREE) {
        EVP_PKEY_CTX *pctx = ri->d.kari->pctx;
        if (!pctx)
            return 0;
        pkey = EVP_PKEY_CTX_get0_pkey(pctx);
        if (!pkey)
            return 0;
    } else
        return 0;
    if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
        return 1;
    i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
// this returns 0 *********************
    if (i == -2) {
        CMSerr(CMS_F_CMS_ENV_ASN1_CTRL,
               CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
        return 0;
    }
    if (i <= 0) {
        CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE);
        return 0;
    }
    return 1;
}

the i = pkey->ameth->pkey_ctrl call returns 0 and error
CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE is set.

2015-04-09 15:20 GMT+02:00 Dr. Stephen Henson <steve at openssl.org>:

> On Thu, Apr 09, 2015, Pawe?? Ka??mierczak wrote:
>
> > Hi,
> >
> > currently openssl in CMS supports only RSA based certificates but EC
> based
> > certificates are supported in openssl TLS... so I assume that there is
> > already a code that can sing/verify and perform key agreement (ECKA-EG
> > ECKA-DH) using eliptic curves.
> >
> > Can someone please tell me if this will be a lot of work to use that code
> > in CMS in a way that CMS could work with EC based certificates?
> >
>
> OpenSSL 1.0.0 and later should support ECDSA in CMS. The use of ECDH is
> quite
> rare: most implementations just use RSA key exchange. OpenSSL 1.0.2 does
> support ECDH though.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150409/881ad4f6/attachment.html>

More information about the openssl-dev mailing list