[openssl-dev] CMS: is there a support for authenticated encryption (aes-gcm, aes-cbc-cmac etc.) in CMS?
Paweł Kaźmierczak
koraboros at gmail.com
Mon Apr 13 12:56:02 UTC 2015
Hello,
is there a support for aes-gcm in openSSL CMS implementaion?
Following code works when EVP_aes_128_cbc is used as CMS_encrypt param but
fails with EVP_aes_128_gcm. Am I missing something (like setting the gcm
header/tag) or authenticated encryption is not supported in CMS?
void cmsTest()
{
OPENSSL_init();
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
auto certFileBio = BIO_new_file("c:\\a\\advancedbr256r1_noPem.cer", "rb");
auto prvKeyFileBio = BIO_new_file("c:\\a\\advancedbr256r1_pkey.pkcs8",
"rb");
auto evpPkey = d2i_PrivateKey_bio(prvKeyFileBio, 0);
auto cert = d2i_X509_bio(certFileBio, 0);
stack_st_X509* certStack = sk_X509_new_null();
sk_X509_push(certStack, cert);
X509_STORE* store = X509_STORE_new();
X509_STORE_add_cert(store, cert);
//sign
auto inFileBio = BIO_new_file("c:\\tmp2\\0_inContent.txt", "rb");
CMS_ContentInfo *cms = CMS_sign(cert, evpPkey, 0, inFileBio, 0);
auto cmsOutFileBio = BIO_new_file("c:\\tmp2\\1_signedCms.txt", "wb");
auto res = PEM_write_bio_CMS(cmsOutFileBio, cms);
BIO_free(inFileBio);
BIO_free(cmsOutFileBio);
//encrypt
inFileBio = BIO_new_file("c:\\tmp2\\1_signedCms.txt", "rb");
//cms = CMS_encrypt(certStack, inFileBio, EVP_aes_128_cbc(), 0); this
would work**********************
cms = CMS_encrypt(certStack, inFileBio, EVP_aes_128_gcm(), 0);
auto ecnryptedCmsOutFileBio =
BIO_new_file("c:\\tmp2\\2_encryptedSignedCmsOut.txt", "wb");
res = PEM_write_bio_CMS(ecnryptedCmsOutFileBio, cms);
BIO_free(inFileBio);
BIO_free(ecnryptedCmsOutFileBio);
//decrypt
inFileBio = BIO_new_file("c:\\tmp2\\2_encryptedSignedCmsOut.txt", "rb");
cms = PEM_read_bio_CMS(inFileBio, 0, 0, 0);
auto decryptedCmsOutFileBio =
BIO_new_file("c:\\tmp2\\3_decryptedSignedCmsOut.txt", "wb");
res = CMS_decrypt(cms, evpPkey, cert, 0, decryptedCmsOutFileBio, 0);
BIO_free(decryptedCmsOutFileBio);
BIO_free(inFileBio);
//verify/read content CMS
inFileBio = BIO_new_file("c:\\tmp2\\3_decryptedSignedCmsOut.txt", "rb");
cms = PEM_read_bio_CMS(inFileBio, 0, 0, 0);
auto decodedCmsOutFileBio = BIO_new_file("c:\\tmp2\\4_inContext.txt",
"wb");
res = CMS_verify(cms, certStack, store, 0, decodedCmsOutFileBio, 0);
auto signers = CMS_get0_signers(cms);
BIO_free(inFileBio);
BIO_free(decodedCmsOutFileBio);
//deinit
EVP_PKEY_free(evpPkey);
sk_X509_free(certStack);
X509_STORE_free(store);
BIO_free(certFileBio);
BIO_free(prvKeyFileBio);
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150413/435c4d8f/attachment.html>
More information about the openssl-dev
mailing list