[openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

Viktor Dukhovni openssl-users at dukhovni.org
Tue Mar 15 19:29:04 UTC 2016 

On Tue, Mar 15, 2016 at 07:09:36PM +0000, Blumenthal, Uri - 0553 - MITLL wrote:

> First of all - thank you! It is great to see useful capabilities added (I
> consider stream ciphers and AEAD modes very useful :). I fully agree that
> unsigned CMS is an invitation to trouble. If I understand correctly, the
> intended openssl use is “openssl cms -encrypt … | openssl cms -sign …” (or
> the other way around :).

These days, most people recommend encrypt then sign.  CMS and S/MIME
natively support sign-then-encrypt, but encapsulating encrypted
content as signed content as above also works.

> The only problem - now I have one test failing:
> 
> ../test/recipes/80-test_ca.t .............. ok
> ../test/recipes/80-test_cms.t ............. 2/4

The CMS tests pass when I run them:

$ HARNESS_VERBOSE=yes make TESTS=test_cms test
( cd test;  SRCTOP=../.  BLDTOP=../.  EXE_EXT=  /usr/pkg/bin/perl .././test/run_tests.pl test_cms )
../test/recipes/80-test_cms.t ..
1..4
    # Subtest: CMS => PKCS#7 compatibility tests
    1..15
Verification successful
    ok 1 - signed content DER format, RSA key
Verification successful
    ok 2 - signed detached content DER format, RSA key
Verification successful
    ok 3 - signed content test streaming BER format, RSA
Verification successful
    ok 4 - signed content DER format, DSA key
Verification successful
    ok 5 - signed detached content DER format, DSA key
Verification successful
    ok 6 - signed detached content DER format, add RSA signer
Verification successful
    ok 7 - signed content test streaming BER format, DSA key
Verification successful
    ok 8 - signed content test streaming BER format, 2 DSA and 2 RSA keys
Verification successful
    ok 9 - signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes
Verification successful
    ok 10 - signed content test streaming S/MIME format, 2 DSA and 2 RSA keys
Verification successful
    ok 11 - signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys
    ok 12 - enveloped content test streaming S/MIME format, 3 recipients
    ok 13 - enveloped content test streaming S/MIME format, 3 recipients, 3rd used
    ok 14 - enveloped content test streaming S/MIME format, 3 recipients, key only used
    ok 15 - enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients
ok 1 - CMS => PKCS\#7 compatibility tests
#
    # Subtest: CMS <= PKCS#7 compatibility tests
    1..15
Verification successful
    ok 1 - signed content DER format, RSA key
Verification successful
    ok 2 - signed detached content DER format, RSA key
Verification successful
    ok 3 - signed content test streaming BER format, RSA
Verification successful
    ok 4 - signed content DER format, DSA key
Verification successful
    ok 5 - signed detached content DER format, DSA key
Verification successful
    ok 6 - signed detached content DER format, add RSA signer
Verification successful
    ok 7 - signed content test streaming BER format, DSA key
Verification successful
    ok 8 - signed content test streaming BER format, 2 DSA and 2 RSA keys
Verification successful
    ok 9 - signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes
Verification successful
    ok 10 - signed content test streaming S/MIME format, 2 DSA and 2 RSA keys
Verification successful
    ok 11 - signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys
    ok 12 - enveloped content test streaming S/MIME format, 3 recipients
    ok 13 - enveloped content test streaming S/MIME format, 3 recipients, 3rd used
    ok 14 - enveloped content test streaming S/MIME format, 3 recipients, key only used
    ok 15 - enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients
ok 2 - CMS <= PKCS\#7 compatibility tests
#
    # Subtest: CMS <=> CMS consistency tests
    1..27
Verification successful
    ok 1 - signed content DER format, RSA key
Verification successful
    ok 2 - signed detached content DER format, RSA key
Verification successful
    ok 3 - signed content test streaming BER format, RSA
Verification successful
    ok 4 - signed content DER format, DSA key
Verification successful
    ok 5 - signed detached content DER format, DSA key
Verification successful
    ok 6 - signed detached content DER format, add RSA signer
Verification successful
    ok 7 - signed content test streaming BER format, DSA key
Verification successful
    ok 8 - signed content test streaming BER format, 2 DSA and 2 RSA keys
Verification successful
    ok 9 - signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes
Verification successful
    ok 10 - signed content test streaming S/MIME format, 2 DSA and 2 RSA keys
Verification successful
    ok 11 - signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys
    ok 12 - enveloped content test streaming S/MIME format, 3 recipients
    ok 13 - enveloped content test streaming S/MIME format, 3 recipients, 3rd used
    ok 14 - enveloped content test streaming S/MIME format, 3 recipients, key only used
    ok 15 - enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients
Verification successful
    ok 16 - signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid
Verification successful
    ok 17 - signed content test streaming PEM format, 2 DSA and 2 RSA keys
Verification successful
    ok 18 - signed content MIME format, RSA key, signed receipt request
Verification successful
    ok 19 - signed receipt MIME format, RSA key
    ok 20 - enveloped content test streaming S/MIME format, 3 recipients, keyid
    ok 21 - enveloped content test streaming PEM format, KEK
    ok 22 - enveloped content test streaming PEM format, KEK, key only
    ok 23 - data content test streaming PEM format
    ok 24 - encrypted content test streaming PEM format, 128 bit RC2 key
    ok 25 - encrypted content test streaming PEM format, 40 bit RC2 key
    ok 26 - encrypted content test streaming PEM format, triple DES key
    ok 27 - encrypted content test streaming PEM format, 128 bit AES key
ok 3 - CMS <=> CMS consistency tests
#
    # Subtest: CMS <=> CMS consistency tests, modified key parameters
    1..11
Verification successful
    ok 1 - signed content test streaming PEM format, RSA keys, PSS signature
Verification successful
    ok 2 - signed content test streaming PEM format, RSA keys, PSS signature, no attributes
Verification successful
    ok 3 - signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1
    ok 4 - enveloped content test streaming S/MIME format, OAEP default parameters
    ok 5 - enveloped content test streaming S/MIME format, OAEP SHA256
    ok 6 - enveloped content test streaming S/MIME format, ECDH
    ok 7 - enveloped content test streaming S/MIME format, ECDH, key identifier
    ok 8 - enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF
    ok 9 - enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH
    ok 10 - enveloped content test streaming S/MIME format, X9.42 DH
    ok 11 # skip Zlib not supported: compression tests skipped
ok 4 - CMS <=> CMS consistency tests, modified key parameters
#
ok
All tests successful.
Files=1, Tests=4,  6 wallclock secs ( 0.05 usr  0.01 sys +  2.68 cusr  4.76 csys =  7.50 CPU)
Result: PASS

> I wonder how difficult would it be to add AEAD support, considering that
> they (usually) can take 96-bit nonce (treated as IV), and the
> authentication tag often is just appended to the ciphertext (and expected
> at the end of the ciphertext during decryption).

Take a look at the RFC and the code...

-- 
	Viktor.

More information about the openssl-dev mailing list